|
|
|
@ -6,11 +6,20 @@
|
|
|
|
|
|
|
|
|
|
namespace wmic
|
|
|
|
|
{
|
|
|
|
|
// function to test getting executing a command
|
|
|
|
|
//
|
|
|
|
|
bool test_exec(BOOL toggle)
|
|
|
|
|
helper::helper(std::string wnamespace, std::string wclass, std::string wmethod)
|
|
|
|
|
{
|
|
|
|
|
HRESULT hres;
|
|
|
|
|
// Initialize
|
|
|
|
|
//
|
|
|
|
|
last_error = 0;
|
|
|
|
|
hres = 0;
|
|
|
|
|
loc_ptr = nullptr;
|
|
|
|
|
service_ptr = nullptr;
|
|
|
|
|
class_ptr = nullptr;
|
|
|
|
|
param_def_ptr = nullptr;
|
|
|
|
|
class_inst_ptr = nullptr;
|
|
|
|
|
|
|
|
|
|
method_name = SysAllocString(util::string_to_wide(wmethod).c_str());
|
|
|
|
|
class_name = SysAllocString(util::string_to_wide(wclass).c_str());
|
|
|
|
|
|
|
|
|
|
// Setup COM library
|
|
|
|
|
//
|
|
|
|
@ -18,12 +27,10 @@ namespace wmic
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Failed to initialize COM. Error code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
last_error = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Setup general security levels
|
|
|
|
|
//
|
|
|
|
|
hres = CoInitializeSecurity(
|
|
|
|
@ -40,49 +47,39 @@ namespace wmic
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Failed to initialize security. Error code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
last_error = 2;
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Obtain locator for wmi
|
|
|
|
|
//
|
|
|
|
|
IWbemLocator* loc_ptr = nullptr;
|
|
|
|
|
|
|
|
|
|
hres = CoCreateInstance(CLSID_WbemLocator, 0,
|
|
|
|
|
CLSCTX_INPROC_SERVER,
|
|
|
|
|
IID_IWbemLocator, (LPVOID*)&loc_ptr);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Failed to create IWbemLocator object."
|
|
|
|
|
<< " Err code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
last_error = 3;
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Connect to wmi with IbwemLocator::ConnectServer
|
|
|
|
|
//
|
|
|
|
|
IWbemServices* service_ptr = nullptr;
|
|
|
|
|
|
|
|
|
|
hres = loc_ptr->ConnectServer(
|
|
|
|
|
_bstr_t("root\\Microsoft\\Windows\\Defender"),
|
|
|
|
|
_bstr_t(wnamespace.c_str()),
|
|
|
|
|
0, 0, 0, 0, 0, 0, &service_ptr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Could not connect. Error code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
last_error = 4;
|
|
|
|
|
loc_ptr->Release();
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
std::cout << "Connected to root/Microsoft/Windows/Defender namespace" << std::endl;
|
|
|
|
|
|
|
|
|
|
// Set security levels for the proxy
|
|
|
|
|
//
|
|
|
|
|
hres = CoSetProxyBlanket(
|
|
|
|
@ -98,67 +95,22 @@ namespace wmic
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Could not set proxy blanket. Error code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
last_error = 5;
|
|
|
|
|
service_ptr->Release();
|
|
|
|
|
loc_ptr->Release();
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return false;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Make requests to the WMI
|
|
|
|
|
// Setup WMI request
|
|
|
|
|
//
|
|
|
|
|
BSTR method_name = SysAllocString(L"Set");
|
|
|
|
|
BSTR class_name = SysAllocString(L"MSFT_MpPreference");
|
|
|
|
|
|
|
|
|
|
IWbemClassObject* class_ptr = nullptr;
|
|
|
|
|
hres = service_ptr->GetObjectA(class_name, 0, 0, &class_ptr, 0);
|
|
|
|
|
|
|
|
|
|
IWbemClassObject* param_def_ptr = nullptr;
|
|
|
|
|
hres = class_ptr->GetMethod(method_name, 0, ¶m_def_ptr, 0);
|
|
|
|
|
|
|
|
|
|
IWbemClassObject* class_inst_ptr = nullptr;
|
|
|
|
|
hres = param_def_ptr->SpawnInstance(0, &class_inst_ptr);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Create values for in parameter
|
|
|
|
|
//
|
|
|
|
|
VARIANT var_cmd;
|
|
|
|
|
var_cmd.vt = VT_BOOL;
|
|
|
|
|
var_cmd.boolVal = toggle;
|
|
|
|
|
|
|
|
|
|
// Store the value for the parameters
|
|
|
|
|
//
|
|
|
|
|
hres = class_inst_ptr->Put(L"DisableRealtimeMonitoring", 0,
|
|
|
|
|
&var_cmd, 0);
|
|
|
|
|
|
|
|
|
|
std::cout << "executing DisableRealtimeMonitoring" << std::endl;
|
|
|
|
|
|
|
|
|
|
// Execute
|
|
|
|
|
//
|
|
|
|
|
IWbemClassObject* pOutParams = nullptr;
|
|
|
|
|
hres = service_ptr->ExecMethod(class_name, method_name, 0,
|
|
|
|
|
0, class_inst_ptr, &pOutParams, 0);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Could not execute method. Error code = 0x"
|
|
|
|
|
<< std::hex << hres << std::endl;
|
|
|
|
|
VariantClear(&var_cmd);
|
|
|
|
|
SysFreeString(class_name);
|
|
|
|
|
SysFreeString(method_name);
|
|
|
|
|
class_ptr->Release();
|
|
|
|
|
class_inst_ptr->Release();
|
|
|
|
|
param_def_ptr->Release();
|
|
|
|
|
pOutParams->Release();
|
|
|
|
|
service_ptr->Release();
|
|
|
|
|
loc_ptr->Release();
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Clean up
|
|
|
|
|
//
|
|
|
|
|
VariantClear(&var_cmd);
|
|
|
|
|
helper::~helper()
|
|
|
|
|
{
|
|
|
|
|
SysFreeString(class_name);
|
|
|
|
|
SysFreeString(method_name);
|
|
|
|
|
|
|
|
|
@ -177,106 +129,15 @@ namespace wmic
|
|
|
|
|
if (service_ptr)
|
|
|
|
|
service_ptr->Release();
|
|
|
|
|
|
|
|
|
|
if (pOutParams)
|
|
|
|
|
pOutParams->Release();
|
|
|
|
|
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
helper::helper(std::string wnamespace, std::string wclass)
|
|
|
|
|
// Return the last error
|
|
|
|
|
//
|
|
|
|
|
int helper::get_last_error()
|
|
|
|
|
{
|
|
|
|
|
// Initialize
|
|
|
|
|
//
|
|
|
|
|
last_error = 0;
|
|
|
|
|
hres = 0;
|
|
|
|
|
loc_ptr = nullptr;
|
|
|
|
|
service_ptr = nullptr;
|
|
|
|
|
|
|
|
|
|
// Setup COM library
|
|
|
|
|
//
|
|
|
|
|
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
last_error = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Setup general security levels
|
|
|
|
|
//
|
|
|
|
|
hres = CoInitializeSecurity(
|
|
|
|
|
NULL,
|
|
|
|
|
-1, // COM authentication
|
|
|
|
|
NULL, // Authentication services
|
|
|
|
|
NULL, // Reserved
|
|
|
|
|
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
|
|
|
|
|
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
|
|
|
|
|
NULL, // Authentication info
|
|
|
|
|
EOAC_NONE, // Additional capabilities
|
|
|
|
|
NULL // Reserved
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
last_error = 2;
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Obtain locator for wmi
|
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
hres = CoCreateInstance(CLSID_WbemLocator, 0,
|
|
|
|
|
CLSCTX_INPROC_SERVER,
|
|
|
|
|
IID_IWbemLocator, (LPVOID*)&loc_ptr);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
last_error = 3;
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Connect to wmi with IbwemLocator::ConnectServer
|
|
|
|
|
//
|
|
|
|
|
hres = loc_ptr->ConnectServer(
|
|
|
|
|
_bstr_t(wnamespace.c_str()),
|
|
|
|
|
0, 0, 0, 0, 0, 0, &service_ptr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
last_error = 4;
|
|
|
|
|
loc_ptr->Release();
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Set security levels for the proxy
|
|
|
|
|
//
|
|
|
|
|
hres = CoSetProxyBlanket(
|
|
|
|
|
service_ptr, // Indicates the proxy to set
|
|
|
|
|
RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
|
|
|
|
|
RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
|
|
|
|
|
NULL, // Server principal name
|
|
|
|
|
RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
|
|
|
|
|
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
|
|
|
|
|
NULL, // client identity
|
|
|
|
|
EOAC_NONE // proxy capabilities
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (FAILED(hres))
|
|
|
|
|
{
|
|
|
|
|
service_ptr->Release();
|
|
|
|
|
loc_ptr->Release();
|
|
|
|
|
CoUninitialize();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
return last_error;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
helper::~helper()
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|