com class
parent
9771a4c124
commit
6649ae734d
@ -1,350 +1,350 @@
|
||||
## Ignore Visual Studio temporary files, build results, and
|
||||
## files generated by popular Visual Studio add-ons.
|
||||
##
|
||||
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
|
||||
|
||||
# User-specific files
|
||||
*.rsuser
|
||||
*.suo
|
||||
*.user
|
||||
*.userosscache
|
||||
*.sln.docstates
|
||||
|
||||
# User-specific files (MonoDevelop/Xamarin Studio)
|
||||
*.userprefs
|
||||
|
||||
# Mono auto generated files
|
||||
mono_crash.*
|
||||
|
||||
# Build results
|
||||
[Dd]ebug/
|
||||
[Dd]ebugPublic/
|
||||
[Rr]elease/
|
||||
[Rr]eleases/
|
||||
x64/
|
||||
x86/
|
||||
[Aa][Rr][Mm]/
|
||||
[Aa][Rr][Mm]64/
|
||||
bld/
|
||||
[Bb]in/
|
||||
[Oo]bj/
|
||||
[Ll]og/
|
||||
[Ll]ogs/
|
||||
|
||||
# Visual Studio 2015/2017 cache/options directory
|
||||
.vs/
|
||||
# Uncomment if you have tasks that create the project's static files in wwwroot
|
||||
#wwwroot/
|
||||
|
||||
# Visual Studio 2017 auto generated files
|
||||
Generated\ Files/
|
||||
|
||||
# MSTest test Results
|
||||
[Tt]est[Rr]esult*/
|
||||
[Bb]uild[Ll]og.*
|
||||
|
||||
# NUnit
|
||||
*.VisualState.xml
|
||||
TestResult.xml
|
||||
nunit-*.xml
|
||||
|
||||
# Build Results of an ATL Project
|
||||
[Dd]ebugPS/
|
||||
[Rr]eleasePS/
|
||||
dlldata.c
|
||||
|
||||
# Benchmark Results
|
||||
BenchmarkDotNet.Artifacts/
|
||||
|
||||
# .NET Core
|
||||
project.lock.json
|
||||
project.fragment.lock.json
|
||||
artifacts/
|
||||
|
||||
# StyleCop
|
||||
StyleCopReport.xml
|
||||
|
||||
# Files built by Visual Studio
|
||||
*_i.c
|
||||
*_p.c
|
||||
*_h.h
|
||||
*.ilk
|
||||
*.meta
|
||||
*.obj
|
||||
*.iobj
|
||||
*.pch
|
||||
*.pdb
|
||||
*.ipdb
|
||||
*.pgc
|
||||
*.pgd
|
||||
*.rsp
|
||||
*.sbr
|
||||
*.tlb
|
||||
*.tli
|
||||
*.tlh
|
||||
*.tmp
|
||||
*.tmp_proj
|
||||
*_wpftmp.csproj
|
||||
*.log
|
||||
*.vspscc
|
||||
*.vssscc
|
||||
.builds
|
||||
*.pidb
|
||||
*.svclog
|
||||
*.scc
|
||||
|
||||
# Chutzpah Test files
|
||||
_Chutzpah*
|
||||
|
||||
# Visual C++ cache files
|
||||
ipch/
|
||||
*.aps
|
||||
*.ncb
|
||||
*.opendb
|
||||
*.opensdf
|
||||
*.sdf
|
||||
*.cachefile
|
||||
*.VC.db
|
||||
*.VC.VC.opendb
|
||||
|
||||
# Visual Studio profiler
|
||||
*.psess
|
||||
*.vsp
|
||||
*.vspx
|
||||
*.sap
|
||||
|
||||
# Visual Studio Trace Files
|
||||
*.e2e
|
||||
|
||||
# TFS 2012 Local Workspace
|
||||
$tf/
|
||||
|
||||
# Guidance Automation Toolkit
|
||||
*.gpState
|
||||
|
||||
# ReSharper is a .NET coding add-in
|
||||
_ReSharper*/
|
||||
*.[Rr]e[Ss]harper
|
||||
*.DotSettings.user
|
||||
|
||||
# TeamCity is a build add-in
|
||||
_TeamCity*
|
||||
|
||||
# DotCover is a Code Coverage Tool
|
||||
*.dotCover
|
||||
|
||||
# AxoCover is a Code Coverage Tool
|
||||
.axoCover/*
|
||||
!.axoCover/settings.json
|
||||
|
||||
# Visual Studio code coverage results
|
||||
*.coverage
|
||||
*.coveragexml
|
||||
|
||||
# NCrunch
|
||||
_NCrunch_*
|
||||
.*crunch*.local.xml
|
||||
nCrunchTemp_*
|
||||
|
||||
# MightyMoose
|
||||
*.mm.*
|
||||
AutoTest.Net/
|
||||
|
||||
# Web workbench (sass)
|
||||
.sass-cache/
|
||||
|
||||
# Installshield output folder
|
||||
[Ee]xpress/
|
||||
|
||||
# DocProject is a documentation generator add-in
|
||||
DocProject/buildhelp/
|
||||
DocProject/Help/*.HxT
|
||||
DocProject/Help/*.HxC
|
||||
DocProject/Help/*.hhc
|
||||
DocProject/Help/*.hhk
|
||||
DocProject/Help/*.hhp
|
||||
DocProject/Help/Html2
|
||||
DocProject/Help/html
|
||||
|
||||
# Click-Once directory
|
||||
publish/
|
||||
|
||||
# Publish Web Output
|
||||
*.[Pp]ublish.xml
|
||||
*.azurePubxml
|
||||
# Note: Comment the next line if you want to checkin your web deploy settings,
|
||||
# but database connection strings (with potential passwords) will be unencrypted
|
||||
*.pubxml
|
||||
*.publishproj
|
||||
|
||||
# Microsoft Azure Web App publish settings. Comment the next line if you want to
|
||||
# checkin your Azure Web App publish settings, but sensitive information contained
|
||||
# in these scripts will be unencrypted
|
||||
PublishScripts/
|
||||
|
||||
# NuGet Packages
|
||||
*.nupkg
|
||||
# NuGet Symbol Packages
|
||||
*.snupkg
|
||||
# The packages folder can be ignored because of Package Restore
|
||||
**/[Pp]ackages/*
|
||||
# except build/, which is used as an MSBuild target.
|
||||
!**/[Pp]ackages/build/
|
||||
# Uncomment if necessary however generally it will be regenerated when needed
|
||||
#!**/[Pp]ackages/repositories.config
|
||||
# NuGet v3's project.json files produces more ignorable files
|
||||
*.nuget.props
|
||||
*.nuget.targets
|
||||
|
||||
# Microsoft Azure Build Output
|
||||
csx/
|
||||
*.build.csdef
|
||||
|
||||
# Microsoft Azure Emulator
|
||||
ecf/
|
||||
rcf/
|
||||
|
||||
# Windows Store app package directories and files
|
||||
AppPackages/
|
||||
BundleArtifacts/
|
||||
Package.StoreAssociation.xml
|
||||
_pkginfo.txt
|
||||
*.appx
|
||||
*.appxbundle
|
||||
*.appxupload
|
||||
|
||||
# Visual Studio cache files
|
||||
# files ending in .cache can be ignored
|
||||
*.[Cc]ache
|
||||
# but keep track of directories ending in .cache
|
||||
!?*.[Cc]ache/
|
||||
|
||||
# Others
|
||||
ClientBin/
|
||||
~$*
|
||||
*~
|
||||
*.dbmdl
|
||||
*.dbproj.schemaview
|
||||
*.jfm
|
||||
*.pfx
|
||||
*.publishsettings
|
||||
orleans.codegen.cs
|
||||
|
||||
# Including strong name files can present a security risk
|
||||
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
|
||||
#*.snk
|
||||
|
||||
# Since there are multiple workflows, uncomment next line to ignore bower_components
|
||||
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
|
||||
#bower_components/
|
||||
|
||||
# RIA/Silverlight projects
|
||||
Generated_Code/
|
||||
|
||||
# Backup & report files from converting an old project file
|
||||
# to a newer Visual Studio version. Backup files are not needed,
|
||||
# because we have git ;-)
|
||||
_UpgradeReport_Files/
|
||||
Backup*/
|
||||
UpgradeLog*.XML
|
||||
UpgradeLog*.htm
|
||||
ServiceFabricBackup/
|
||||
*.rptproj.bak
|
||||
|
||||
# SQL Server files
|
||||
*.mdf
|
||||
*.ldf
|
||||
*.ndf
|
||||
|
||||
# Business Intelligence projects
|
||||
*.rdl.data
|
||||
*.bim.layout
|
||||
*.bim_*.settings
|
||||
*.rptproj.rsuser
|
||||
*- [Bb]ackup.rdl
|
||||
*- [Bb]ackup ([0-9]).rdl
|
||||
*- [Bb]ackup ([0-9][0-9]).rdl
|
||||
|
||||
# Microsoft Fakes
|
||||
FakesAssemblies/
|
||||
|
||||
# GhostDoc plugin setting file
|
||||
*.GhostDoc.xml
|
||||
|
||||
# Node.js Tools for Visual Studio
|
||||
.ntvs_analysis.dat
|
||||
node_modules/
|
||||
|
||||
# Visual Studio 6 build log
|
||||
*.plg
|
||||
|
||||
# Visual Studio 6 workspace options file
|
||||
*.opt
|
||||
|
||||
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
|
||||
*.vbw
|
||||
|
||||
# Visual Studio LightSwitch build output
|
||||
**/*.HTMLClient/GeneratedArtifacts
|
||||
**/*.DesktopClient/GeneratedArtifacts
|
||||
**/*.DesktopClient/ModelManifest.xml
|
||||
**/*.Server/GeneratedArtifacts
|
||||
**/*.Server/ModelManifest.xml
|
||||
_Pvt_Extensions
|
||||
|
||||
# Paket dependency manager
|
||||
.paket/paket.exe
|
||||
paket-files/
|
||||
|
||||
# FAKE - F# Make
|
||||
.fake/
|
||||
|
||||
# CodeRush personal settings
|
||||
.cr/personal
|
||||
|
||||
# Python Tools for Visual Studio (PTVS)
|
||||
__pycache__/
|
||||
*.pyc
|
||||
|
||||
# Cake - Uncomment if you are using it
|
||||
# tools/**
|
||||
# !tools/packages.config
|
||||
|
||||
# Tabs Studio
|
||||
*.tss
|
||||
|
||||
# Telerik's JustMock configuration file
|
||||
*.jmconfig
|
||||
|
||||
# BizTalk build output
|
||||
*.btp.cs
|
||||
*.btm.cs
|
||||
*.odx.cs
|
||||
*.xsd.cs
|
||||
|
||||
# OpenCover UI analysis results
|
||||
OpenCover/
|
||||
|
||||
# Azure Stream Analytics local run output
|
||||
ASALocalRun/
|
||||
|
||||
# MSBuild Binary and Structured Log
|
||||
*.binlog
|
||||
|
||||
# NVidia Nsight GPU debugger configuration file
|
||||
*.nvuser
|
||||
|
||||
# MFractors (Xamarin productivity tool) working folder
|
||||
.mfractor/
|
||||
|
||||
# Local History for Visual Studio
|
||||
.localhistory/
|
||||
|
||||
# BeatPulse healthcheck temp database
|
||||
healthchecksdb
|
||||
|
||||
# Backup folder for Package Reference Convert tool in Visual Studio 2017
|
||||
MigrationBackup/
|
||||
|
||||
# Ionide (cross platform F# VS Code tools) working folder
|
||||
.ionide/
|
||||
## Ignore Visual Studio temporary files, build results, and
|
||||
## files generated by popular Visual Studio add-ons.
|
||||
##
|
||||
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
|
||||
|
||||
# User-specific files
|
||||
*.rsuser
|
||||
*.suo
|
||||
*.user
|
||||
*.userosscache
|
||||
*.sln.docstates
|
||||
|
||||
# User-specific files (MonoDevelop/Xamarin Studio)
|
||||
*.userprefs
|
||||
|
||||
# Mono auto generated files
|
||||
mono_crash.*
|
||||
|
||||
# Build results
|
||||
[Dd]ebug/
|
||||
[Dd]ebugPublic/
|
||||
[Rr]elease/
|
||||
[Rr]eleases/
|
||||
x64/
|
||||
x86/
|
||||
[Aa][Rr][Mm]/
|
||||
[Aa][Rr][Mm]64/
|
||||
bld/
|
||||
[Bb]in/
|
||||
[Oo]bj/
|
||||
[Ll]og/
|
||||
[Ll]ogs/
|
||||
|
||||
# Visual Studio 2015/2017 cache/options directory
|
||||
.vs/
|
||||
# Uncomment if you have tasks that create the project's static files in wwwroot
|
||||
#wwwroot/
|
||||
|
||||
# Visual Studio 2017 auto generated files
|
||||
Generated\ Files/
|
||||
|
||||
# MSTest test Results
|
||||
[Tt]est[Rr]esult*/
|
||||
[Bb]uild[Ll]og.*
|
||||
|
||||
# NUnit
|
||||
*.VisualState.xml
|
||||
TestResult.xml
|
||||
nunit-*.xml
|
||||
|
||||
# Build Results of an ATL Project
|
||||
[Dd]ebugPS/
|
||||
[Rr]eleasePS/
|
||||
dlldata.c
|
||||
|
||||
# Benchmark Results
|
||||
BenchmarkDotNet.Artifacts/
|
||||
|
||||
# .NET Core
|
||||
project.lock.json
|
||||
project.fragment.lock.json
|
||||
artifacts/
|
||||
|
||||
# StyleCop
|
||||
StyleCopReport.xml
|
||||
|
||||
# Files built by Visual Studio
|
||||
*_i.c
|
||||
*_p.c
|
||||
*_h.h
|
||||
*.ilk
|
||||
*.meta
|
||||
*.obj
|
||||
*.iobj
|
||||
*.pch
|
||||
*.pdb
|
||||
*.ipdb
|
||||
*.pgc
|
||||
*.pgd
|
||||
*.rsp
|
||||
*.sbr
|
||||
*.tlb
|
||||
*.tli
|
||||
*.tlh
|
||||
*.tmp
|
||||
*.tmp_proj
|
||||
*_wpftmp.csproj
|
||||
*.log
|
||||
*.vspscc
|
||||
*.vssscc
|
||||
.builds
|
||||
*.pidb
|
||||
*.svclog
|
||||
*.scc
|
||||
|
||||
# Chutzpah Test files
|
||||
_Chutzpah*
|
||||
|
||||
# Visual C++ cache files
|
||||
ipch/
|
||||
*.aps
|
||||
*.ncb
|
||||
*.opendb
|
||||
*.opensdf
|
||||
*.sdf
|
||||
*.cachefile
|
||||
*.VC.db
|
||||
*.VC.VC.opendb
|
||||
|
||||
# Visual Studio profiler
|
||||
*.psess
|
||||
*.vsp
|
||||
*.vspx
|
||||
*.sap
|
||||
|
||||
# Visual Studio Trace Files
|
||||
*.e2e
|
||||
|
||||
# TFS 2012 Local Workspace
|
||||
$tf/
|
||||
|
||||
# Guidance Automation Toolkit
|
||||
*.gpState
|
||||
|
||||
# ReSharper is a .NET coding add-in
|
||||
_ReSharper*/
|
||||
*.[Rr]e[Ss]harper
|
||||
*.DotSettings.user
|
||||
|
||||
# TeamCity is a build add-in
|
||||
_TeamCity*
|
||||
|
||||
# DotCover is a Code Coverage Tool
|
||||
*.dotCover
|
||||
|
||||
# AxoCover is a Code Coverage Tool
|
||||
.axoCover/*
|
||||
!.axoCover/settings.json
|
||||
|
||||
# Visual Studio code coverage results
|
||||
*.coverage
|
||||
*.coveragexml
|
||||
|
||||
# NCrunch
|
||||
_NCrunch_*
|
||||
.*crunch*.local.xml
|
||||
nCrunchTemp_*
|
||||
|
||||
# MightyMoose
|
||||
*.mm.*
|
||||
AutoTest.Net/
|
||||
|
||||
# Web workbench (sass)
|
||||
.sass-cache/
|
||||
|
||||
# Installshield output folder
|
||||
[Ee]xpress/
|
||||
|
||||
# DocProject is a documentation generator add-in
|
||||
DocProject/buildhelp/
|
||||
DocProject/Help/*.HxT
|
||||
DocProject/Help/*.HxC
|
||||
DocProject/Help/*.hhc
|
||||
DocProject/Help/*.hhk
|
||||
DocProject/Help/*.hhp
|
||||
DocProject/Help/Html2
|
||||
DocProject/Help/html
|
||||
|
||||
# Click-Once directory
|
||||
publish/
|
||||
|
||||
# Publish Web Output
|
||||
*.[Pp]ublish.xml
|
||||
*.azurePubxml
|
||||
# Note: Comment the next line if you want to checkin your web deploy settings,
|
||||
# but database connection strings (with potential passwords) will be unencrypted
|
||||
*.pubxml
|
||||
*.publishproj
|
||||
|
||||
# Microsoft Azure Web App publish settings. Comment the next line if you want to
|
||||
# checkin your Azure Web App publish settings, but sensitive information contained
|
||||
# in these scripts will be unencrypted
|
||||
PublishScripts/
|
||||
|
||||
# NuGet Packages
|
||||
*.nupkg
|
||||
# NuGet Symbol Packages
|
||||
*.snupkg
|
||||
# The packages folder can be ignored because of Package Restore
|
||||
**/[Pp]ackages/*
|
||||
# except build/, which is used as an MSBuild target.
|
||||
!**/[Pp]ackages/build/
|
||||
# Uncomment if necessary however generally it will be regenerated when needed
|
||||
#!**/[Pp]ackages/repositories.config
|
||||
# NuGet v3's project.json files produces more ignorable files
|
||||
*.nuget.props
|
||||
*.nuget.targets
|
||||
|
||||
# Microsoft Azure Build Output
|
||||
csx/
|
||||
*.build.csdef
|
||||
|
||||
# Microsoft Azure Emulator
|
||||
ecf/
|
||||
rcf/
|
||||
|
||||
# Windows Store app package directories and files
|
||||
AppPackages/
|
||||
BundleArtifacts/
|
||||
Package.StoreAssociation.xml
|
||||
_pkginfo.txt
|
||||
*.appx
|
||||
*.appxbundle
|
||||
*.appxupload
|
||||
|
||||
# Visual Studio cache files
|
||||
# files ending in .cache can be ignored
|
||||
*.[Cc]ache
|
||||
# but keep track of directories ending in .cache
|
||||
!?*.[Cc]ache/
|
||||
|
||||
# Others
|
||||
ClientBin/
|
||||
~$*
|
||||
*~
|
||||
*.dbmdl
|
||||
*.dbproj.schemaview
|
||||
*.jfm
|
||||
*.pfx
|
||||
*.publishsettings
|
||||
orleans.codegen.cs
|
||||
|
||||
# Including strong name files can present a security risk
|
||||
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
|
||||
#*.snk
|
||||
|
||||
# Since there are multiple workflows, uncomment next line to ignore bower_components
|
||||
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
|
||||
#bower_components/
|
||||
|
||||
# RIA/Silverlight projects
|
||||
Generated_Code/
|
||||
|
||||
# Backup & report files from converting an old project file
|
||||
# to a newer Visual Studio version. Backup files are not needed,
|
||||
# because we have git ;-)
|
||||
_UpgradeReport_Files/
|
||||
Backup*/
|
||||
UpgradeLog*.XML
|
||||
UpgradeLog*.htm
|
||||
ServiceFabricBackup/
|
||||
*.rptproj.bak
|
||||
|
||||
# SQL Server files
|
||||
*.mdf
|
||||
*.ldf
|
||||
*.ndf
|
||||
|
||||
# Business Intelligence projects
|
||||
*.rdl.data
|
||||
*.bim.layout
|
||||
*.bim_*.settings
|
||||
*.rptproj.rsuser
|
||||
*- [Bb]ackup.rdl
|
||||
*- [Bb]ackup ([0-9]).rdl
|
||||
*- [Bb]ackup ([0-9][0-9]).rdl
|
||||
|
||||
# Microsoft Fakes
|
||||
FakesAssemblies/
|
||||
|
||||
# GhostDoc plugin setting file
|
||||
*.GhostDoc.xml
|
||||
|
||||
# Node.js Tools for Visual Studio
|
||||
.ntvs_analysis.dat
|
||||
node_modules/
|
||||
|
||||
# Visual Studio 6 build log
|
||||
*.plg
|
||||
|
||||
# Visual Studio 6 workspace options file
|
||||
*.opt
|
||||
|
||||
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
|
||||
*.vbw
|
||||
|
||||
# Visual Studio LightSwitch build output
|
||||
**/*.HTMLClient/GeneratedArtifacts
|
||||
**/*.DesktopClient/GeneratedArtifacts
|
||||
**/*.DesktopClient/ModelManifest.xml
|
||||
**/*.Server/GeneratedArtifacts
|
||||
**/*.Server/ModelManifest.xml
|
||||
_Pvt_Extensions
|
||||
|
||||
# Paket dependency manager
|
||||
.paket/paket.exe
|
||||
paket-files/
|
||||
|
||||
# FAKE - F# Make
|
||||
.fake/
|
||||
|
||||
# CodeRush personal settings
|
||||
.cr/personal
|
||||
|
||||
# Python Tools for Visual Studio (PTVS)
|
||||
__pycache__/
|
||||
*.pyc
|
||||
|
||||
# Cake - Uncomment if you are using it
|
||||
# tools/**
|
||||
# !tools/packages.config
|
||||
|
||||
# Tabs Studio
|
||||
*.tss
|
||||
|
||||
# Telerik's JustMock configuration file
|
||||
*.jmconfig
|
||||
|
||||
# BizTalk build output
|
||||
*.btp.cs
|
||||
*.btm.cs
|
||||
*.odx.cs
|
||||
*.xsd.cs
|
||||
|
||||
# OpenCover UI analysis results
|
||||
OpenCover/
|
||||
|
||||
# Azure Stream Analytics local run output
|
||||
ASALocalRun/
|
||||
|
||||
# MSBuild Binary and Structured Log
|
||||
*.binlog
|
||||
|
||||
# NVidia Nsight GPU debugger configuration file
|
||||
*.nvuser
|
||||
|
||||
# MFractors (Xamarin productivity tool) working folder
|
||||
.mfractor/
|
||||
|
||||
# Local History for Visual Studio
|
||||
.localhistory/
|
||||
|
||||
# BeatPulse healthcheck temp database
|
||||
healthchecksdb
|
||||
|
||||
# Backup folder for Package Reference Convert tool in Visual Studio 2017
|
||||
MigrationBackup/
|
||||
|
||||
# Ionide (cross platform F# VS Code tools) working folder
|
||||
.ionide/
|
||||
|
@ -1,21 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2021 qtKite
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2021 qtKite
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
@ -1,386 +1,416 @@
|
||||
# defender-control
|
||||
currently a work in progress - feel free to come back to check on any updates
|
||||
|
||||
## what is this project?
|
||||
We all know that disabling windefender is a pain going through countless registries.
|
||||
The next easiest solution is to use freeware and currently the most popular one is by sordum. (i won't link here - you can find it on the first google result)
|
||||
however, i was first wary of this program and the virus total detections; althought they are claimed to be false positive.
|
||||
but i know that this program has worked well for me and friends in the past.
|
||||
|
||||
but for those who like open source, i took apart this program and did the research to disable windows defender in an easy open source manner without having to worry about running malware.
|
||||
|
||||
## reversal
|
||||
Our tool of choice will be IDA & x64 debugger for this task
|
||||
firstly we are going to inspect the strings and look for anything interesting.
|
||||
Strings seems to be hidden in this one, so I will do 2 different PoC of attack.
|
||||
The first one, is to hook the registry functions and output their arguments. Since I know
|
||||
for a fact after looking at the imports - this program works by writing into relevant registries.
|
||||
|
||||
The second method is to breakpoint each function with x64 debugger and take a look at the strings on runtime.
|
||||
|
||||
I did eventually come up with a third method, and it was to let procmon do its thing while you debug the program - but ill leave that as an exercise for another day.
|
||||
|
||||
## x64 Debug
|
||||
|
||||
### disabling defender
|
||||
|
||||
If we breakpoint onto RegSetKeyValue it writes into "DisableAntiSpyware" which we can research on the internet
|
||||
There is a lot of occurance with the following registry directory: "Software\\Policies\\Microsoft\\Windows Defender"
|
||||
It is found under the parent directory of HKLM64.
|
||||
|
||||
```asm
|
||||
008CE9E8 043DCA88 L"HKLM64"
|
||||
...
|
||||
008CEA08 043DCBC0 L"SOFTWARE\\Policies\\Microsoft\\Windows Defender"
|
||||
```
|
||||
|
||||
The second breakpoint leads us here:
|
||||
|
||||
```asm
|
||||
008CE8F0 043DCFE8 L"HKLM64"
|
||||
...
|
||||
008CE910 043DD120 L"SYSTEM\\CurrentControlSet\\Services\\WinDefend"
|
||||
```
|
||||
|
||||
So taking a look into the registry: SYSTEM\\CurrentControlSet\\Services\\WinDefend
|
||||
and cross referencing back to x64 dbg: we notice this:
|
||||
|
||||
`76122F7F | 397D 0C | cmp dword ptr ss:[ebp+C],edi | [ebp+C]:L"Start"`
|
||||
|
||||
It appears that 0x03 disables windefender, while 0x02 means to enable.
|
||||
A quick google search brings us here: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start-windows_10/how-to-disable-windows-defender-in-windows-10/b834d36e-6da8-42a8-85f6-da9a520f05f2
|
||||
|
||||
The next one is also in HKLM:
|
||||
|
||||
```asm
|
||||
76122FF0 | 8945 CC | mov dword ptr ss:[ebp-34],eax | [ebp-34]:L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||
76122FF3 | 66:8B01 | mov ax,word ptr ds:[ecx] | ecx:&L"SecurityHealth"
|
||||
```
|
||||
|
||||
Seems to be set to 3 or off
|
||||
|
||||
Now we will look at RegCreateKey
|
||||
There seems to be a regisatry opened at
|
||||
|
||||
```asm
|
||||
EDX : 043DCD78 L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection"
|
||||
EIP : 7591E420 <advapi32.RegCreateKeyExW>
|
||||
```
|
||||
|
||||
However, there doesnt seem to be anymore functions breakpointed. So lets inspect the directory
|
||||
|
||||
We have 2 flags set:
|
||||
DisableRealtimeMonitoring as a REG_DWORD set to 0x01
|
||||
DpaDisabled as REG_DWORD set to 0x0
|
||||
|
||||
Another one opened here:
|
||||
|
||||
```asm
|
||||
008CEFF8 043EB4C8 L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||
```
|
||||
|
||||
### enabling defender
|
||||
|
||||
there seems to be a reference with "Policy Manager" using RegEnumKeyExW
|
||||
|
||||
It seems to call RegDeleteValueW on security health (see above)
|
||||
|
||||
|
||||
## reversing w hooks
|
||||
We are going to write a simple dll to inject into defender control to dump out the parameters of the functions we are interested in.
|
||||
|
||||
Here are the logs:
|
||||
```
|
||||
obtained RegDeleteKeyW from 75A60000
|
||||
obtained RegDeleteValueW from 75A60000
|
||||
obtained RegEnumValueW from 75A60000
|
||||
obtained RegSetValueExW from 75A60000
|
||||
obtained RegCreateKeyExW from 75A60000
|
||||
obtained RegConnectRegistryW from 75A60000
|
||||
obtained RegEnumKeyExW from 75A60000
|
||||
obtained RegQueryValueExW from 75A60000
|
||||
obtained RegOpenKeyExW from 75A60000
|
||||
imports resolved
|
||||
preparing to hook
|
||||
|
||||
Registry Routine to check if defender activated:
|
||||
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
|
||||
Routine to disable defender
|
||||
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegSetValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||
[RegSetValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegSetValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
|
||||
Routine to enable defender
|
||||
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SYSTEM\CurrentControlSet\Services\SecLogon
|
||||
[RegQueryValueExW]
|
||||
lpValueName: Start
|
||||
[RegQueryValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegDeleteValueW]
|
||||
lpValueNameSecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
<also redacted a bunch of stuff from policy manager stuff>
|
||||
```
|
||||
|
||||
So by analyzing these logs, it seems that we check if defender is enabled by reading these two registries:
|
||||
```
|
||||
SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
DisableRealtimeMonitoring
|
||||
```
|
||||
|
||||
When it disables the AV it modifies these registries:
|
||||
```
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegSetValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||
[RegSetValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegSetValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
```
|
||||
|
||||
### Dumping VTable Calls
|
||||
```
|
||||
[Control Table] 0x495b78
|
||||
[Control Table] 0x493658
|
||||
[Control Table] 0x4932f8
|
||||
[Control Table] 0x494e1c
|
||||
[Control Table] 0x4949e4
|
||||
[Control Table] 0x4965e0
|
||||
[Control Table] 0x496088
|
||||
[Control Table] 0x4951c4
|
||||
[Control Table] 0x4960d0
|
||||
[Control Table] 0x49463c
|
||||
[Control Table] 0x493808
|
||||
[Control Table] 0x493850
|
||||
[Control Table] 0x494ed0
|
||||
[Control Table] 0x49382c
|
||||
[Control Table] 0x49532c
|
||||
[Control Table] 0x493874
|
||||
[Control Table] 0x493898
|
||||
[Control Table] 0x4931fc
|
||||
[Control Table] 0x4931b4
|
||||
[Control Table] 0x495500
|
||||
[Control Table] 0x495cbc
|
||||
[Control Table] 0x495ce0
|
||||
[Control Table] 0x4958cc
|
||||
[Control Table] 0x494a74
|
||||
[Control Table] 0x495c08
|
||||
[Control Table] 0x494cfc
|
||||
[Control Table] 0x493c40
|
||||
[Control Table] 0x493e5c
|
||||
[Control Table] 0x493ea4
|
||||
[Control Table] 0x493b8c
|
||||
[Control Table] 0x495b0c
|
||||
[Control Table] 0x495c2c
|
||||
[Control Table] 0x493f7c
|
||||
[Control Table] 0x4930dc
|
||||
[Control Table] 0x493fe8
|
||||
[Control Table] 0x494c00
|
||||
[Control Table] 0x495644
|
||||
[Control Table] 0x495428
|
||||
[Control Table] 0x496430
|
||||
[Control Table] 0x4963e8
|
||||
[Control Table] 0x4954b8
|
||||
[Control Table] 0x4945d0
|
||||
[Control Table] 0x496040
|
||||
[Control Table] 0x4960ac
|
||||
[Control Table] 0x494a50
|
||||
[Control Table] 0x495be4
|
||||
```
|
||||
|
||||
To enable the AV, we just do the opposite of what we needed to disable the AV.
|
||||
|
||||
Upon starting the AV, the program calls CreateProcessW on C:\Windows\System32\SecurityHealthSystray.exe
|
||||
|
||||
## Windows Tamper Protection
|
||||
|
||||
But theres, a catch. In a newer recent windows update - you can no longer disable the defender via registries. Well, our program runs completely in usermode, so there must be another way its making these registry changes - most likely through the powershell command Set-MpPreference if we do some research into changing the registry. So we will need to take a peek into the wmic api it accesses.
|
||||
Luckily for us, all this stuff is documented. Check out these two links:
|
||||
- https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps
|
||||
- https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-c---application-examples
|
||||
|
||||
So, since its kind of difficult to debug the values DefenderControl accesses and this stuff is pretty well documented - we are going to base our work off research.
|
||||
|
||||
I first wanted to see how powershell called the command, so i looked through the powershell github since its open sourced and found that the command was in a cmdlet that was not documented in the repository. So after reading up on some powershell commands I dumped the powershell informating using this:
|
||||
|
||||
```
|
||||
Get-Command Set-MpPreference | fl
|
||||
```
|
||||
|
||||
If we wanted to read the MSFT_MpPreference class, it is documented here:
|
||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)#requirements
|
||||
We can access via powershell like so:
|
||||
```
|
||||
Get-WmiObject -ClassName MSFT_MpPreference -Namespace root/microsoft/windows/defender
|
||||
```
|
||||
If we look further we can write to this using the WMI as i suspected, it is documented here:
|
||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal
|
||||
|
||||
|
||||
|
||||
# defender-control
|
||||
currently a work in progress - feel free to come back to check on any updates
|
||||
|
||||
## what is this project?
|
||||
We all know that disabling windefender is a pain going through countless registries.
|
||||
The next easiest solution is to use freeware and currently the most popular one is by sordum. (i won't link here - you can find it on the first google result)
|
||||
however, i was first wary of this program and the virus total detections; althought they are claimed to be false positive.
|
||||
but i know that this program has worked well for me and friends in the past.
|
||||
|
||||
but for those who like open source, i took apart this program and did the research to disable windows defender in an easy open source manner without having to worry about running malware.
|
||||
|
||||
## reversal
|
||||
Our tool of choice will be IDA & x64 debugger for this task
|
||||
firstly we are going to inspect the strings and look for anything interesting.
|
||||
Strings seems to be hidden in this one, so I will do 2 different PoC of attack.
|
||||
The first one, is to hook the registry functions and output their arguments. Since I know
|
||||
for a fact after looking at the imports - this program works by writing into relevant registries.
|
||||
|
||||
The second method is to breakpoint each function with x64 debugger and take a look at the strings on runtime.
|
||||
|
||||
I did eventually come up with a third method, and it was to let procmon do its thing while you debug the program - but ill leave that as an exercise for another day.
|
||||
|
||||
## x64 Debug
|
||||
|
||||
### disabling defender
|
||||
|
||||
If we breakpoint onto RegSetKeyValue it writes into "DisableAntiSpyware" which we can research on the internet
|
||||
There is a lot of occurance with the following registry directory: "Software\\Policies\\Microsoft\\Windows Defender"
|
||||
It is found under the parent directory of HKLM64.
|
||||
|
||||
```asm
|
||||
008CE9E8 043DCA88 L"HKLM64"
|
||||
...
|
||||
008CEA08 043DCBC0 L"SOFTWARE\\Policies\\Microsoft\\Windows Defender"
|
||||
```
|
||||
|
||||
The second breakpoint leads us here:
|
||||
|
||||
```asm
|
||||
008CE8F0 043DCFE8 L"HKLM64"
|
||||
...
|
||||
008CE910 043DD120 L"SYSTEM\\CurrentControlSet\\Services\\WinDefend"
|
||||
```
|
||||
|
||||
So taking a look into the registry: SYSTEM\\CurrentControlSet\\Services\\WinDefend
|
||||
and cross referencing back to x64 dbg: we notice this:
|
||||
|
||||
`76122F7F | 397D 0C | cmp dword ptr ss:[ebp+C],edi | [ebp+C]:L"Start"`
|
||||
|
||||
It appears that 0x03 disables windefender, while 0x02 means to enable.
|
||||
A quick google search brings us here: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start-windows_10/how-to-disable-windows-defender-in-windows-10/b834d36e-6da8-42a8-85f6-da9a520f05f2
|
||||
|
||||
The next one is also in HKLM:
|
||||
|
||||
```asm
|
||||
76122FF0 | 8945 CC | mov dword ptr ss:[ebp-34],eax | [ebp-34]:L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||
76122FF3 | 66:8B01 | mov ax,word ptr ds:[ecx] | ecx:&L"SecurityHealth"
|
||||
```
|
||||
|
||||
Seems to be set to 3 or off
|
||||
|
||||
Now we will look at RegCreateKey
|
||||
There seems to be a regisatry opened at
|
||||
|
||||
```asm
|
||||
EDX : 043DCD78 L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection"
|
||||
EIP : 7591E420 <advapi32.RegCreateKeyExW>
|
||||
```
|
||||
|
||||
However, there doesnt seem to be anymore functions breakpointed. So lets inspect the directory
|
||||
|
||||
We have 2 flags set:
|
||||
DisableRealtimeMonitoring as a REG_DWORD set to 0x01
|
||||
DpaDisabled as REG_DWORD set to 0x0
|
||||
|
||||
Another one opened here:
|
||||
|
||||
```asm
|
||||
008CEFF8 043EB4C8 L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||
```
|
||||
|
||||
### enabling defender
|
||||
|
||||
there seems to be a reference with "Policy Manager" using RegEnumKeyExW
|
||||
|
||||
It seems to call RegDeleteValueW on security health (see above)
|
||||
|
||||
|
||||
## reversing w hooks
|
||||
We are going to write a simple dll to inject into defender control to dump out the parameters of the functions we are interested in.
|
||||
|
||||
Here are the logs:
|
||||
```
|
||||
obtained RegDeleteKeyW from 75A60000
|
||||
obtained RegDeleteValueW from 75A60000
|
||||
obtained RegEnumValueW from 75A60000
|
||||
obtained RegSetValueExW from 75A60000
|
||||
obtained RegCreateKeyExW from 75A60000
|
||||
obtained RegConnectRegistryW from 75A60000
|
||||
obtained RegEnumKeyExW from 75A60000
|
||||
obtained RegQueryValueExW from 75A60000
|
||||
obtained RegOpenKeyExW from 75A60000
|
||||
imports resolved
|
||||
preparing to hook
|
||||
|
||||
Registry Routine to check if defender activated:
|
||||
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
|
||||
Routine to disable defender
|
||||
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegSetValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||
[RegSetValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegSetValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
|
||||
Routine to enable defender
|
||||
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SYSTEM\CurrentControlSet\Services\SecLogon
|
||||
[RegQueryValueExW]
|
||||
lpValueName: Start
|
||||
[RegQueryValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: Policy Manager
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegDeleteValueW]
|
||||
lpValueNameSecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegQueryValueExW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: WindowsDefender
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||
[RegQueryValueExW]
|
||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||
<also redacted a bunch of stuff from policy manager stuff>
|
||||
```
|
||||
|
||||
So by analyzing these logs, it seems that we check if defender is enabled by reading these two registries:
|
||||
```
|
||||
SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
DisableRealtimeMonitoring
|
||||
```
|
||||
|
||||
When it disables the AV it modifies these registries:
|
||||
```
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||
[RegSetValueExW]
|
||||
lpValueName: DisableAntiSpyware
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||
[RegSetValueExW]
|
||||
lpValueName: Start
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegQueryValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegCreateKeyExW]
|
||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||
[RegSetValueExW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||
[RegEnumValueW]
|
||||
lpValueName: SecurityHealth
|
||||
[RegOpenKeyExW]
|
||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||
[RegQueryValueExW]
|
||||
lpValueName: DisableRealtimeMonitoring
|
||||
```
|
||||
|
||||
### Dumping VTable Calls
|
||||
```
|
||||
[Control Table] 0x495b78
|
||||
[Control Table] 0x493658
|
||||
[Control Table] 0x4932f8
|
||||
[Control Table] 0x494e1c
|
||||
[Control Table] 0x4949e4
|
||||
[Control Table] 0x4965e0
|
||||
[Control Table] 0x496088
|
||||
[Control Table] 0x4951c4
|
||||
[Control Table] 0x4960d0
|
||||
[Control Table] 0x49463c
|
||||
[Control Table] 0x493808
|
||||
[Control Table] 0x493850
|
||||
[Control Table] 0x494ed0
|
||||
[Control Table] 0x49382c
|
||||
[Control Table] 0x49532c
|
||||
[Control Table] 0x493874
|
||||
[Control Table] 0x493898
|
||||
[Control Table] 0x4931fc
|
||||
[Control Table] 0x4931b4
|
||||
[Control Table] 0x495500
|
||||
[Control Table] 0x495cbc
|
||||
[Control Table] 0x495ce0
|
||||
[Control Table] 0x4958cc
|
||||
[Control Table] 0x494a74
|
||||
[Control Table] 0x495c08
|
||||
[Control Table] 0x494cfc
|
||||
[Control Table] 0x493c40
|
||||
[Control Table] 0x493e5c
|
||||
[Control Table] 0x493ea4
|
||||
[Control Table] 0x493b8c
|
||||
[Control Table] 0x495b0c
|
||||
[Control Table] 0x495c2c
|
||||
[Control Table] 0x493f7c
|
||||
[Control Table] 0x4930dc
|
||||
[Control Table] 0x493fe8
|
||||
[Control Table] 0x494c00
|
||||
[Control Table] 0x495644
|
||||
[Control Table] 0x495428
|
||||
[Control Table] 0x496430
|
||||
[Control Table] 0x4963e8
|
||||
[Control Table] 0x4954b8
|
||||
[Control Table] 0x4945d0
|
||||
[Control Table] 0x496040
|
||||
[Control Table] 0x4960ac
|
||||
[Control Table] 0x494a50
|
||||
[Control Table] 0x495be4
|
||||
```
|
||||
|
||||
To enable the AV, we just do the opposite of what we needed to disable the AV.
|
||||
|
||||
Upon starting the AV, the program calls CreateProcessW on C:\Windows\System32\SecurityHealthSystray.exe
|
||||
|
||||
## Windows Tamper Protection
|
||||
|
||||
But theres, a catch. In a newer recent windows update - you can no longer disable the defender via registries. Well, our program runs completely in usermode, so there must be another way its making these registry changes - most likely through the powershell command Set-MpPreference if we do some research into changing the registry. So we will need to take a peek into the wmic api it accesses.
|
||||
Luckily for us, all this stuff is documented. Check out these two links:
|
||||
- https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps
|
||||
- https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-c---application-examples
|
||||
|
||||
So, since its kind of difficult to debug the values DefenderControl accesses and this stuff is pretty well documented - we are going to base our work off research.
|
||||
|
||||
I first wanted to see how powershell called the command, so i looked through the powershell github since its open sourced and found that the command was in a cmdlet that was not documented in the repository. So after reading up on some powershell commands I dumped the powershell informating using this:
|
||||
|
||||
```
|
||||
Get-Command Set-MpPreference | fl
|
||||
e``
|
||||
|
||||
If we wanted to read the MSFT_MpPreference class, it is documented here:
|
||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)#requirements
|
||||
We can access via powershell like so:
|
||||
```
|
||||
Get-WmiObject -ClassName MSFT_MpPreference -Namespace root/microsoft/windows/defender
|
||||
```
|
||||
If we look further we can write to this using the WMI as i suspected, it is documented here:
|
||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal
|
||||
|
||||
We can find the specific wmi com classes if we do the following command:
|
||||
|
||||
```
|
||||
MpPreference |fl *
|
||||
```
|
||||
|
||||
We get an output and we are intrested in this:
|
||||
```
|
||||
CimClass : root/Microsoft/Windows/Defender:MSFT_MpPreference
|
||||
CimInstanceProperties : {AllowDatagramProcessingOnWinServer, AllowNetworkProtectionDownLevel,
|
||||
AllowNetworkProtectionOnWinServer,
|
||||
AttackSurfaceReductionOnlyExclusions...}
|
||||
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties
|
||||
```
|
||||
|
||||
We can find the class here: https://docs.microsoft.com/en-us/dotnet/api/microsoft.management.infrastructure.cimsystemproperties?view=powershellsdk-7.0.0
|
||||
|
||||
It is also located in windows binaries in the following path: C:\Program Files (x86)\Reference Assemblies\Microsoft\WMI\v1.0
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -1,287 +1,287 @@
|
||||
#include "dcontrol.h"
|
||||
|
||||
namespace REG
|
||||
{
|
||||
// reads a key from HKEY_LOCAL_MACHINE
|
||||
//
|
||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
|
||||
{
|
||||
LSTATUS status;
|
||||
HKEY hkey;
|
||||
DWORD result{};
|
||||
DWORD buff_sz = sizeof(DWORD);
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
|
||||
|
||||
status = RegOpenKeyExW(
|
||||
HKEY_LOCAL_MACHINE,
|
||||
root_name,
|
||||
0,
|
||||
KEY_READ | KEY_WOW64_64KEY,
|
||||
&hkey
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
if (flags & DBG_MSG)
|
||||
std::cout << "Error opening " << root_name << " key" << std::endl;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = RegQueryValueExW(
|
||||
hkey,
|
||||
value_name,
|
||||
0, NULL,
|
||||
reinterpret_cast<LPBYTE>(&result),
|
||||
&buff_sz
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
if (flags & DBG_MSG)
|
||||
std::cout << "Failed to read " << result << std::endl;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
RegCloseKey(hkey);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
|
||||
//
|
||||
bool create_registry(const wchar_t* root_name, HKEY& hkey)
|
||||
{
|
||||
LSTATUS status;
|
||||
|
||||
DWORD dwDisposition;
|
||||
|
||||
status = RegCreateKeyExW(
|
||||
HKEY_LOCAL_MACHINE,
|
||||
root_name,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
131334,
|
||||
0,
|
||||
&hkey,
|
||||
&dwDisposition
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||
{
|
||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
||||
reinterpret_cast<LPBYTE>(&value), 4);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
std::cout << "Set error: " << ret << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||
{
|
||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
||||
reinterpret_cast<LPBYTE>(&value), 12);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
std::cout << "Set error: " << ret << std::endl;
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
namespace WMIC
|
||||
{
|
||||
}
|
||||
|
||||
namespace DCONTROL
|
||||
{
|
||||
// Sets the programs debug priviliges
|
||||
bool set_privilege(LPCSTR privilege, BOOL enable)
|
||||
{
|
||||
TOKEN_PRIVILEGES priv = { 0,0,0,0 };
|
||||
HANDLE token = nullptr;
|
||||
LUID luid = { 0,0 };
|
||||
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!LookupPrivilegeValueA(nullptr, SE_DEBUG_NAME, &luid))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
priv.PrivilegeCount = 1;
|
||||
priv.Privileges[0].Luid = luid;
|
||||
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!AdjustTokenPrivileges(token, false, &priv, 0, nullptr, nullptr))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
char sub_43604B()
|
||||
{
|
||||
char v0; // bl
|
||||
SC_HANDLE v1; // eax
|
||||
SC_HANDLE v2; // esi
|
||||
void* v3; // eax
|
||||
|
||||
v0 = 0;
|
||||
v1 = OpenSCManagerW(0, 0, 8u);
|
||||
v2 = v1;
|
||||
if (v1)
|
||||
{
|
||||
v3 = LockServiceDatabase(v1);
|
||||
if (v3)
|
||||
{
|
||||
UnlockServiceDatabase(v3);
|
||||
CloseServiceHandle(v2);
|
||||
return 1;
|
||||
}
|
||||
if (GetLastError() == 1055)
|
||||
v0 = 1;
|
||||
CloseServiceHandle(v2);
|
||||
}
|
||||
return v0;
|
||||
}
|
||||
|
||||
// disables window defender
|
||||
//
|
||||
bool disable_defender()
|
||||
{
|
||||
if (!sub_43604B())
|
||||
{
|
||||
std::cout << "permission error" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
set_privilege(SE_DEBUG_NAME, TRUE);
|
||||
|
||||
HKEY hkey;
|
||||
|
||||
// DisableAntiSpyware
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
||||
{
|
||||
std::cout << "failed to access Policies" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||
{
|
||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
#if 0
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
||||
{
|
||||
std::cout << "failed to access Windows Defender" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||
{
|
||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
// Start (3 off) (2 on)
|
||||
{
|
||||
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
||||
{
|
||||
std::cout << "failed to access CurrentControlSet" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"Start", 3))
|
||||
{
|
||||
std::cout << "failed to write to Start" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
std::cout << "Wrote to Start" << std::endl;
|
||||
|
||||
|
||||
// SecurityHealth
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
||||
{
|
||||
std::cout << "failed to access CurrentVersion" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
||||
{
|
||||
std::cout << "failed to write to SecurityHealth" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
std::cout << "Wrote to SecurityHealth" << std::endl;
|
||||
|
||||
|
||||
#if 0
|
||||
// DisableRealtimeMonitoring
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
||||
{
|
||||
std::cout << "failed to access registry" << std::endl;
|
||||
return false;
|
||||
}
|
||||
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
|
||||
{
|
||||
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Checks whether Real-Time Protection is activated on windows
|
||||
//
|
||||
bool check_defender(uint32_t flags)
|
||||
{
|
||||
return REG::read_key(
|
||||
L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
|
||||
L"DisableRealtimeMonitoring") == 0;
|
||||
}
|
||||
#include "dcontrol.h"
|
||||
|
||||
namespace REG
|
||||
{
|
||||
// reads a key from HKEY_LOCAL_MACHINE
|
||||
//
|
||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
|
||||
{
|
||||
LSTATUS status;
|
||||
HKEY hkey;
|
||||
DWORD result{};
|
||||
DWORD buff_sz = sizeof(DWORD);
|
||||
|
||||
// https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
|
||||
|
||||
status = RegOpenKeyExW(
|
||||
HKEY_LOCAL_MACHINE,
|
||||
root_name,
|
||||
0,
|
||||
KEY_READ | KEY_WOW64_64KEY,
|
||||
&hkey
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
if (flags & DBG_MSG)
|
||||
std::cout << "Error opening " << root_name << " key" << std::endl;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
status = RegQueryValueExW(
|
||||
hkey,
|
||||
value_name,
|
||||
0, NULL,
|
||||
reinterpret_cast<LPBYTE>(&result),
|
||||
&buff_sz
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
if (flags & DBG_MSG)
|
||||
std::cout << "Failed to read " << result << std::endl;
|
||||
|
||||
return -1;
|
||||
}
|
||||
|
||||
RegCloseKey(hkey);
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
|
||||
//
|
||||
bool create_registry(const wchar_t* root_name, HKEY& hkey)
|
||||
{
|
||||
LSTATUS status;
|
||||
|
||||
DWORD dwDisposition;
|
||||
|
||||
status = RegCreateKeyExW(
|
||||
HKEY_LOCAL_MACHINE,
|
||||
root_name,
|
||||
0,
|
||||
0,
|
||||
0,
|
||||
131334,
|
||||
0,
|
||||
&hkey,
|
||||
&dwDisposition
|
||||
);
|
||||
|
||||
if (status)
|
||||
{
|
||||
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||
{
|
||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
||||
reinterpret_cast<LPBYTE>(&value), 4);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
std::cout << "Set error: " << ret << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||
{
|
||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
||||
reinterpret_cast<LPBYTE>(&value), 12);
|
||||
|
||||
if (ret)
|
||||
{
|
||||
std::cout << "Set error: " << ret << std::endl;
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
namespace WMIC
|
||||
{
|
||||
}
|
||||
|
||||
namespace DCONTROL
|
||||
{
|
||||
// Sets the programs debug priviliges
|
||||
bool set_privilege(LPCSTR privilege, BOOL enable)
|
||||
{
|
||||
TOKEN_PRIVILEGES priv = { 0,0,0,0 };
|
||||
HANDLE token = nullptr;
|
||||
LUID luid = { 0,0 };
|
||||
|
||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!LookupPrivilegeValueA(nullptr, SE_DEBUG_NAME, &luid))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
priv.PrivilegeCount = 1;
|
||||
priv.Privileges[0].Luid = luid;
|
||||
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||
|
||||
if (!AdjustTokenPrivileges(token, false, &priv, 0, nullptr, nullptr))
|
||||
{
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return false;
|
||||
}
|
||||
if (token)
|
||||
CloseHandle(token);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
char sub_43604B()
|
||||
{
|
||||
char v0; // bl
|
||||
SC_HANDLE v1; // eax
|
||||
SC_HANDLE v2; // esi
|
||||
void* v3; // eax
|
||||
|
||||
v0 = 0;
|
||||
v1 = OpenSCManagerW(0, 0, 8u);
|
||||
v2 = v1;
|
||||
if (v1)
|
||||
{
|
||||
v3 = LockServiceDatabase(v1);
|
||||
if (v3)
|
||||
{
|
||||
UnlockServiceDatabase(v3);
|
||||
CloseServiceHandle(v2);
|
||||
return 1;
|
||||
}
|
||||
if (GetLastError() == 1055)
|
||||
v0 = 1;
|
||||
CloseServiceHandle(v2);
|
||||
}
|
||||
return v0;
|
||||
}
|
||||
|
||||
// disables window defender
|
||||
//
|
||||
bool disable_defender()
|
||||
{
|
||||
if (!sub_43604B())
|
||||
{
|
||||
std::cout << "permission error" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
set_privilege(SE_DEBUG_NAME, TRUE);
|
||||
|
||||
HKEY hkey;
|
||||
|
||||
// DisableAntiSpyware
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
||||
{
|
||||
std::cout << "failed to access Policies" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||
{
|
||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
#if 0
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
||||
{
|
||||
std::cout << "failed to access Windows Defender" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||
{
|
||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
// Start (3 off) (2 on)
|
||||
{
|
||||
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
||||
{
|
||||
std::cout << "failed to access CurrentControlSet" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval(hkey, L"Start", 3))
|
||||
{
|
||||
std::cout << "failed to write to Start" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
std::cout << "Wrote to Start" << std::endl;
|
||||
|
||||
|
||||
// SecurityHealth
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
||||
{
|
||||
std::cout << "failed to access CurrentVersion" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
||||
{
|
||||
std::cout << "failed to write to SecurityHealth" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
std::cout << "Wrote to SecurityHealth" << std::endl;
|
||||
|
||||
|
||||
#if 0
|
||||
// DisableRealtimeMonitoring
|
||||
{
|
||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
||||
{
|
||||
std::cout << "failed to access registry" << std::endl;
|
||||
return false;
|
||||
}
|
||||
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
|
||||
{
|
||||
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Checks whether Real-Time Protection is activated on windows
|
||||
//
|
||||
bool check_defender(uint32_t flags)
|
||||
{
|
||||
return REG::read_key(
|
||||
L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
|
||||
L"DisableRealtimeMonitoring") == 0;
|
||||
}
|
||||
}
|
@ -1,20 +1,20 @@
|
||||
#pragma once
|
||||
|
||||
#include <Windows.h>
|
||||
#include <iostream>
|
||||
|
||||
#define DBG_MSG (1 << 0)
|
||||
|
||||
namespace REG
|
||||
{
|
||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags = 0);
|
||||
bool create_registry(const wchar_t* root_name, HKEY& hkey);
|
||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||
}
|
||||
|
||||
namespace DCONTROL
|
||||
{
|
||||
bool disable_defender();
|
||||
bool check_defender(uint32_t flags = 0);
|
||||
#pragma once
|
||||
|
||||
#include <Windows.h>
|
||||
#include <iostream>
|
||||
|
||||
#define DBG_MSG (1 << 0)
|
||||
|
||||
namespace REG
|
||||
{
|
||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags = 0);
|
||||
bool create_registry(const wchar_t* root_name, HKEY& hkey);
|
||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||
}
|
||||
|
||||
namespace DCONTROL
|
||||
{
|
||||
bool disable_defender();
|
||||
bool check_defender(uint32_t flags = 0);
|
||||
}
|
@ -1,153 +1,153 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<ProjectGuid>{7c2c0aec-7b9d-4104-99fa-1844d609452c}</ProjectGuid>
|
||||
<RootNamespace>defendercontrol</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="dcontrol.cpp" />
|
||||
<ClCompile Include="main.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="dcontrol.h" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<ProjectGuid>{7c2c0aec-7b9d-4104-99fa-1844d609452c}</ProjectGuid>
|
||||
<RootNamespace>defendercontrol</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>MultiByte</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>Application</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Console</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="dcontrol.cpp" />
|
||||
<ClCompile Include="main.cpp" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="dcontrol.h" />
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
@ -1,33 +1,33 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Source Files\defender-control">
|
||||
<UniqueIdentifier>{8a88e18b-d3f3-447e-a3b0-9867c153c3c1}</UniqueIdentifier>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dcontrol.cpp">
|
||||
<Filter>Source Files\defender-control</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="dcontrol.h">
|
||||
<Filter>Source Files\defender-control</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Source Files\defender-control">
|
||||
<UniqueIdentifier>{8a88e18b-d3f3-447e-a3b0-9867c153c3c1}</UniqueIdentifier>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="main.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dcontrol.cpp">
|
||||
<Filter>Source Files\defender-control</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="dcontrol.h">
|
||||
<Filter>Source Files\defender-control</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
</Project>
|
@ -1,23 +1,23 @@
|
||||
#include "dcontrol.h"
|
||||
|
||||
// to-do:
|
||||
// write argument parser
|
||||
// create cli program
|
||||
// maybe make a ui for this
|
||||
|
||||
// entrypoint
|
||||
//
|
||||
int main()
|
||||
{
|
||||
printf(DCONTROL::check_defender() ?
|
||||
"Windows defender is ACTIVE\n" :
|
||||
"Windows defender is OFF\n");
|
||||
|
||||
printf(DCONTROL::disable_defender() ?
|
||||
"Defender disabled\n" :
|
||||
"Failed to disable\n");
|
||||
|
||||
system("pause");
|
||||
|
||||
return 0;
|
||||
}
|
||||
#include "dcontrol.h"
|
||||
|
||||
// to-do:
|
||||
// write argument parser
|
||||
// create cli program
|
||||
// maybe make a ui for this
|
||||
|
||||
// entrypoint
|
||||
//
|
||||
int main()
|
||||
{
|
||||
printf(DCONTROL::check_defender() ?
|
||||
"Windows defender is ACTIVE\n" :
|
||||
"Windows defender is OFF\n");
|
||||
|
||||
printf(DCONTROL::disable_defender() ?
|
||||
"Defender disabled\n" :
|
||||
"Failed to disable\n");
|
||||
|
||||
system("pause");
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,27 +1,27 @@
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Common version parameters.
|
||||
//
|
||||
// Microsoft Research Detours Package, Version 4.0.1
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
|
||||
#define _USING_V110_SDK71_ 1
|
||||
#include "winver.h"
|
||||
#if 0
|
||||
#include <windows.h>
|
||||
#include <detours.h>
|
||||
#else
|
||||
#ifndef DETOURS_STRINGIFY
|
||||
#define DETOURS_STRINGIFY_(x) #x
|
||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||
#endif
|
||||
|
||||
#define VER_FILEFLAGSMASK 0x3fL
|
||||
#define VER_FILEFLAGS 0x0L
|
||||
#define VER_FILEOS 0x00040004L
|
||||
#define VER_FILETYPE 0x00000002L
|
||||
#define VER_FILESUBTYPE 0x00000000L
|
||||
#endif
|
||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Common version parameters.
|
||||
//
|
||||
// Microsoft Research Detours Package, Version 4.0.1
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
|
||||
#define _USING_V110_SDK71_ 1
|
||||
#include "winver.h"
|
||||
#if 0
|
||||
#include <windows.h>
|
||||
#include <detours.h>
|
||||
#else
|
||||
#ifndef DETOURS_STRINGIFY
|
||||
#define DETOURS_STRINGIFY_(x) #x
|
||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||
#endif
|
||||
|
||||
#define VER_FILEFLAGSMASK 0x3fL
|
||||
#define VER_FILEFLAGS 0x0L
|
||||
#define VER_FILEOS 0x00040004L
|
||||
#define VER_FILETYPE 0x00000002L
|
||||
#define VER_FILESUBTYPE 0x00000000L
|
||||
#endif
|
||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||
|
@ -1,89 +1,89 @@
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Detours Test Program (syelog.h of syelog.lib)
|
||||
//
|
||||
// Microsoft Research Detours Package
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
#pragma once
|
||||
#ifndef _SYELOGD_H_
|
||||
#define _SYELOGD_H_
|
||||
#include <stdarg.h>
|
||||
|
||||
#pragma pack(push, 1)
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 4200)
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
//
|
||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||
#ifdef UNICODE
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||
#else
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||
#endif
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||
|
||||
typedef struct _SYELOG_MESSAGE
|
||||
{
|
||||
USHORT nBytes;
|
||||
BYTE nFacility;
|
||||
BYTE nSeverity;
|
||||
DWORD nProcessId;
|
||||
FILETIME ftOccurance;
|
||||
BOOL fTerminate;
|
||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||
|
||||
|
||||
// Facility Codes.
|
||||
//
|
||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||
|
||||
// Severity Codes.
|
||||
//
|
||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||
|
||||
// Logging Functions.
|
||||
//
|
||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||
VOID SyelogClose(BOOL fTerminate);
|
||||
|
||||
#pragma warning(pop)
|
||||
#pragma pack(pop)
|
||||
|
||||
#endif // _SYELOGD_H_
|
||||
//
|
||||
///////////////////////////////////////////////////////////////// End of File.
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Detours Test Program (syelog.h of syelog.lib)
|
||||
//
|
||||
// Microsoft Research Detours Package
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
#pragma once
|
||||
#ifndef _SYELOGD_H_
|
||||
#define _SYELOGD_H_
|
||||
#include <stdarg.h>
|
||||
|
||||
#pragma pack(push, 1)
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 4200)
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
//
|
||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||
#ifdef UNICODE
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||
#else
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||
#endif
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||
|
||||
typedef struct _SYELOG_MESSAGE
|
||||
{
|
||||
USHORT nBytes;
|
||||
BYTE nFacility;
|
||||
BYTE nSeverity;
|
||||
DWORD nProcessId;
|
||||
FILETIME ftOccurance;
|
||||
BOOL fTerminate;
|
||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||
|
||||
|
||||
// Facility Codes.
|
||||
//
|
||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||
|
||||
// Severity Codes.
|
||||
//
|
||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||
|
||||
// Logging Functions.
|
||||
//
|
||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||
VOID SyelogClose(BOOL fTerminate);
|
||||
|
||||
#pragma warning(pop)
|
||||
#pragma pack(pop)
|
||||
|
||||
#endif // _SYELOGD_H_
|
||||
//
|
||||
///////////////////////////////////////////////////////////////// End of File.
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,27 +1,27 @@
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Common version parameters.
|
||||
//
|
||||
// Microsoft Research Detours Package, Version 4.0.1
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
|
||||
#define _USING_V110_SDK71_ 1
|
||||
#include "winver.h"
|
||||
#if 0
|
||||
#include <windows.h>
|
||||
#include <detours.h>
|
||||
#else
|
||||
#ifndef DETOURS_STRINGIFY
|
||||
#define DETOURS_STRINGIFY_(x) #x
|
||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||
#endif
|
||||
|
||||
#define VER_FILEFLAGSMASK 0x3fL
|
||||
#define VER_FILEFLAGS 0x0L
|
||||
#define VER_FILEOS 0x00040004L
|
||||
#define VER_FILETYPE 0x00000002L
|
||||
#define VER_FILESUBTYPE 0x00000000L
|
||||
#endif
|
||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Common version parameters.
|
||||
//
|
||||
// Microsoft Research Detours Package, Version 4.0.1
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
|
||||
#define _USING_V110_SDK71_ 1
|
||||
#include "winver.h"
|
||||
#if 0
|
||||
#include <windows.h>
|
||||
#include <detours.h>
|
||||
#else
|
||||
#ifndef DETOURS_STRINGIFY
|
||||
#define DETOURS_STRINGIFY_(x) #x
|
||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||
#endif
|
||||
|
||||
#define VER_FILEFLAGSMASK 0x3fL
|
||||
#define VER_FILEFLAGS 0x0L
|
||||
#define VER_FILEOS 0x00040004L
|
||||
#define VER_FILETYPE 0x00000002L
|
||||
#define VER_FILESUBTYPE 0x00000000L
|
||||
#endif
|
||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||
|
@ -1,89 +1,89 @@
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Detours Test Program (syelog.h of syelog.lib)
|
||||
//
|
||||
// Microsoft Research Detours Package
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
#pragma once
|
||||
#ifndef _SYELOGD_H_
|
||||
#define _SYELOGD_H_
|
||||
#include <stdarg.h>
|
||||
|
||||
#pragma pack(push, 1)
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 4200)
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
//
|
||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||
#ifdef UNICODE
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||
#else
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||
#endif
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||
|
||||
typedef struct _SYELOG_MESSAGE
|
||||
{
|
||||
USHORT nBytes;
|
||||
BYTE nFacility;
|
||||
BYTE nSeverity;
|
||||
DWORD nProcessId;
|
||||
FILETIME ftOccurance;
|
||||
BOOL fTerminate;
|
||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||
|
||||
|
||||
// Facility Codes.
|
||||
//
|
||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||
|
||||
// Severity Codes.
|
||||
//
|
||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||
|
||||
// Logging Functions.
|
||||
//
|
||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||
VOID SyelogClose(BOOL fTerminate);
|
||||
|
||||
#pragma warning(pop)
|
||||
#pragma pack(pop)
|
||||
|
||||
#endif // _SYELOGD_H_
|
||||
//
|
||||
///////////////////////////////////////////////////////////////// End of File.
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
// Detours Test Program (syelog.h of syelog.lib)
|
||||
//
|
||||
// Microsoft Research Detours Package
|
||||
//
|
||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||
//
|
||||
#pragma once
|
||||
#ifndef _SYELOGD_H_
|
||||
#define _SYELOGD_H_
|
||||
#include <stdarg.h>
|
||||
|
||||
#pragma pack(push, 1)
|
||||
#pragma warning(push)
|
||||
#pragma warning(disable: 4200)
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
//
|
||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||
#ifdef UNICODE
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||
#else
|
||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||
#endif
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////
|
||||
//
|
||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||
|
||||
typedef struct _SYELOG_MESSAGE
|
||||
{
|
||||
USHORT nBytes;
|
||||
BYTE nFacility;
|
||||
BYTE nSeverity;
|
||||
DWORD nProcessId;
|
||||
FILETIME ftOccurance;
|
||||
BOOL fTerminate;
|
||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||
|
||||
|
||||
// Facility Codes.
|
||||
//
|
||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||
|
||||
// Severity Codes.
|
||||
//
|
||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||
|
||||
// Logging Functions.
|
||||
//
|
||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||
VOID SyelogClose(BOOL fTerminate);
|
||||
|
||||
#pragma warning(pop)
|
||||
#pragma pack(pop)
|
||||
|
||||
#endif // _SYELOGD_H_
|
||||
//
|
||||
///////////////////////////////////////////////////////////////// End of File.
|
||||
|
@ -1,3 +1,3 @@
|
||||
Please include microsoft detour binaries here.
|
||||
|
||||
https://github.com/Microsoft/Detours/blob/master/samples/README.TXT
|
||||
Please include microsoft detour binaries here.
|
||||
|
||||
https://github.com/Microsoft/Detours/blob/master/samples/README.TXT
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,174 +1,174 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<ProjectGuid>{089CA7D6-3277-4998-86AF-F6413290A442}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>dumper</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IncludePath>$(SolutionDir)\detour\86\include;$(IncludePath)</IncludePath>
|
||||
<LibraryPath>$(SolutionDir)\detour\86\lib;$(LibraryPath)</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||
<IncludePath>$(SolutionDir)\detour\64\include;$(IncludePath)</IncludePath>
|
||||
<LibraryPath>$(SolutionDir)\detour\64\lib;$(LibraryPath)</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="framework.h" />
|
||||
<ClInclude Include="pch.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="dumper.cpp" />
|
||||
<ClCompile Include="pch.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup Label="ProjectConfigurations">
|
||||
<ProjectConfiguration Include="Debug|Win32">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|Win32">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>Win32</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Debug|x64">
|
||||
<Configuration>Debug</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
<ProjectConfiguration Include="Release|x64">
|
||||
<Configuration>Release</Configuration>
|
||||
<Platform>x64</Platform>
|
||||
</ProjectConfiguration>
|
||||
</ItemGroup>
|
||||
<PropertyGroup Label="Globals">
|
||||
<VCProjectVersion>16.0</VCProjectVersion>
|
||||
<ProjectGuid>{089CA7D6-3277-4998-86AF-F6413290A442}</ProjectGuid>
|
||||
<Keyword>Win32Proj</Keyword>
|
||||
<RootNamespace>dumper</RootNamespace>
|
||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>true</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||
<UseDebugLibraries>false</UseDebugLibraries>
|
||||
<PlatformToolset>v142</PlatformToolset>
|
||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||
<CharacterSet>Unicode</CharacterSet>
|
||||
</PropertyGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||
<ImportGroup Label="ExtensionSettings">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="Shared">
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||
</ImportGroup>
|
||||
<PropertyGroup Label="UserMacros" />
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<LinkIncremental>true</LinkIncremental>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IncludePath>$(SolutionDir)\detour\86\include;$(IncludePath)</IncludePath>
|
||||
<LibraryPath>$(SolutionDir)\detour\86\lib;$(LibraryPath)</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<LinkIncremental>false</LinkIncremental>
|
||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||
<IncludePath>$(SolutionDir)\detour\64\include;$(IncludePath)</IncludePath>
|
||||
<LibraryPath>$(SolutionDir)\detour\64\lib;$(LibraryPath)</LibraryPath>
|
||||
</PropertyGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>WIN32;NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||
<ClCompile>
|
||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||
<WarningLevel>Level3</WarningLevel>
|
||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||
<SDLCheck>true</SDLCheck>
|
||||
<PreprocessorDefinitions>NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||
<ConformanceMode>true</ConformanceMode>
|
||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||
</ClCompile>
|
||||
<Link>
|
||||
<SubSystem>Windows</SubSystem>
|
||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||
<OptimizeReferences>true</OptimizeReferences>
|
||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||
<EnableUAC>false</EnableUAC>
|
||||
</Link>
|
||||
</ItemDefinitionGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="framework.h" />
|
||||
<ClInclude Include="pch.h" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="dumper.cpp" />
|
||||
<ClCompile Include="pch.cpp">
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||
<ImportGroup Label="ExtensionTargets">
|
||||
</ImportGroup>
|
||||
</Project>
|
@ -1,33 +1,33 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="framework.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="pch.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="pch.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dumper.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<ItemGroup>
|
||||
<Filter Include="Source Files">
|
||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||
<Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Header Files">
|
||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||
</Filter>
|
||||
<Filter Include="Resource Files">
|
||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||
</Filter>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClInclude Include="framework.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
<ClInclude Include="pch.h">
|
||||
<Filter>Header Files</Filter>
|
||||
</ClInclude>
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ClCompile Include="pch.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
<ClCompile Include="dumper.cpp">
|
||||
<Filter>Source Files</Filter>
|
||||
</ClCompile>
|
||||
</ItemGroup>
|
||||
</Project>
|
@ -1,5 +1,5 @@
|
||||
#pragma once
|
||||
|
||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||
// Windows Header Files
|
||||
#include <windows.h>
|
||||
#pragma once
|
||||
|
||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||
// Windows Header Files
|
||||
#include <windows.h>
|
||||
|
@ -1,5 +1,5 @@
|
||||
// pch.cpp: source file corresponding to the pre-compiled header
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
||||
// pch.cpp: source file corresponding to the pre-compiled header
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
||||
|
@ -1,18 +1,18 @@
|
||||
// pch.h: This is a precompiled header file.
|
||||
// Files listed below are compiled only once, improving build performance for future builds.
|
||||
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
||||
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
||||
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
||||
|
||||
#ifndef PCH_H
|
||||
#define PCH_H
|
||||
|
||||
#include <iostream>
|
||||
#include <Windows.h>
|
||||
#include <Psapi.h>
|
||||
#include <string>
|
||||
#include <detours.h>
|
||||
#include <vector>
|
||||
#pragma comment(lib, "detours.lib")
|
||||
|
||||
#endif //PCH_H
|
||||
// pch.h: This is a precompiled header file.
|
||||
// Files listed below are compiled only once, improving build performance for future builds.
|
||||
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
||||
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
||||
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
||||
|
||||
#ifndef PCH_H
|
||||
#define PCH_H
|
||||
|
||||
#include <iostream>
|
||||
#include <Windows.h>
|
||||
#include <Psapi.h>
|
||||
#include <string>
|
||||
#include <detours.h>
|
||||
#include <vector>
|
||||
#pragma comment(lib, "detours.lib")
|
||||
|
||||
#endif //PCH_H
|
||||
|
Loading…
Reference in New Issue