com class
parent
9771a4c124
commit
6649ae734d
@ -1,350 +1,350 @@
|
|||||||
## Ignore Visual Studio temporary files, build results, and
|
## Ignore Visual Studio temporary files, build results, and
|
||||||
## files generated by popular Visual Studio add-ons.
|
## files generated by popular Visual Studio add-ons.
|
||||||
##
|
##
|
||||||
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
|
## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
|
||||||
|
|
||||||
# User-specific files
|
# User-specific files
|
||||||
*.rsuser
|
*.rsuser
|
||||||
*.suo
|
*.suo
|
||||||
*.user
|
*.user
|
||||||
*.userosscache
|
*.userosscache
|
||||||
*.sln.docstates
|
*.sln.docstates
|
||||||
|
|
||||||
# User-specific files (MonoDevelop/Xamarin Studio)
|
# User-specific files (MonoDevelop/Xamarin Studio)
|
||||||
*.userprefs
|
*.userprefs
|
||||||
|
|
||||||
# Mono auto generated files
|
# Mono auto generated files
|
||||||
mono_crash.*
|
mono_crash.*
|
||||||
|
|
||||||
# Build results
|
# Build results
|
||||||
[Dd]ebug/
|
[Dd]ebug/
|
||||||
[Dd]ebugPublic/
|
[Dd]ebugPublic/
|
||||||
[Rr]elease/
|
[Rr]elease/
|
||||||
[Rr]eleases/
|
[Rr]eleases/
|
||||||
x64/
|
x64/
|
||||||
x86/
|
x86/
|
||||||
[Aa][Rr][Mm]/
|
[Aa][Rr][Mm]/
|
||||||
[Aa][Rr][Mm]64/
|
[Aa][Rr][Mm]64/
|
||||||
bld/
|
bld/
|
||||||
[Bb]in/
|
[Bb]in/
|
||||||
[Oo]bj/
|
[Oo]bj/
|
||||||
[Ll]og/
|
[Ll]og/
|
||||||
[Ll]ogs/
|
[Ll]ogs/
|
||||||
|
|
||||||
# Visual Studio 2015/2017 cache/options directory
|
# Visual Studio 2015/2017 cache/options directory
|
||||||
.vs/
|
.vs/
|
||||||
# Uncomment if you have tasks that create the project's static files in wwwroot
|
# Uncomment if you have tasks that create the project's static files in wwwroot
|
||||||
#wwwroot/
|
#wwwroot/
|
||||||
|
|
||||||
# Visual Studio 2017 auto generated files
|
# Visual Studio 2017 auto generated files
|
||||||
Generated\ Files/
|
Generated\ Files/
|
||||||
|
|
||||||
# MSTest test Results
|
# MSTest test Results
|
||||||
[Tt]est[Rr]esult*/
|
[Tt]est[Rr]esult*/
|
||||||
[Bb]uild[Ll]og.*
|
[Bb]uild[Ll]og.*
|
||||||
|
|
||||||
# NUnit
|
# NUnit
|
||||||
*.VisualState.xml
|
*.VisualState.xml
|
||||||
TestResult.xml
|
TestResult.xml
|
||||||
nunit-*.xml
|
nunit-*.xml
|
||||||
|
|
||||||
# Build Results of an ATL Project
|
# Build Results of an ATL Project
|
||||||
[Dd]ebugPS/
|
[Dd]ebugPS/
|
||||||
[Rr]eleasePS/
|
[Rr]eleasePS/
|
||||||
dlldata.c
|
dlldata.c
|
||||||
|
|
||||||
# Benchmark Results
|
# Benchmark Results
|
||||||
BenchmarkDotNet.Artifacts/
|
BenchmarkDotNet.Artifacts/
|
||||||
|
|
||||||
# .NET Core
|
# .NET Core
|
||||||
project.lock.json
|
project.lock.json
|
||||||
project.fragment.lock.json
|
project.fragment.lock.json
|
||||||
artifacts/
|
artifacts/
|
||||||
|
|
||||||
# StyleCop
|
# StyleCop
|
||||||
StyleCopReport.xml
|
StyleCopReport.xml
|
||||||
|
|
||||||
# Files built by Visual Studio
|
# Files built by Visual Studio
|
||||||
*_i.c
|
*_i.c
|
||||||
*_p.c
|
*_p.c
|
||||||
*_h.h
|
*_h.h
|
||||||
*.ilk
|
*.ilk
|
||||||
*.meta
|
*.meta
|
||||||
*.obj
|
*.obj
|
||||||
*.iobj
|
*.iobj
|
||||||
*.pch
|
*.pch
|
||||||
*.pdb
|
*.pdb
|
||||||
*.ipdb
|
*.ipdb
|
||||||
*.pgc
|
*.pgc
|
||||||
*.pgd
|
*.pgd
|
||||||
*.rsp
|
*.rsp
|
||||||
*.sbr
|
*.sbr
|
||||||
*.tlb
|
*.tlb
|
||||||
*.tli
|
*.tli
|
||||||
*.tlh
|
*.tlh
|
||||||
*.tmp
|
*.tmp
|
||||||
*.tmp_proj
|
*.tmp_proj
|
||||||
*_wpftmp.csproj
|
*_wpftmp.csproj
|
||||||
*.log
|
*.log
|
||||||
*.vspscc
|
*.vspscc
|
||||||
*.vssscc
|
*.vssscc
|
||||||
.builds
|
.builds
|
||||||
*.pidb
|
*.pidb
|
||||||
*.svclog
|
*.svclog
|
||||||
*.scc
|
*.scc
|
||||||
|
|
||||||
# Chutzpah Test files
|
# Chutzpah Test files
|
||||||
_Chutzpah*
|
_Chutzpah*
|
||||||
|
|
||||||
# Visual C++ cache files
|
# Visual C++ cache files
|
||||||
ipch/
|
ipch/
|
||||||
*.aps
|
*.aps
|
||||||
*.ncb
|
*.ncb
|
||||||
*.opendb
|
*.opendb
|
||||||
*.opensdf
|
*.opensdf
|
||||||
*.sdf
|
*.sdf
|
||||||
*.cachefile
|
*.cachefile
|
||||||
*.VC.db
|
*.VC.db
|
||||||
*.VC.VC.opendb
|
*.VC.VC.opendb
|
||||||
|
|
||||||
# Visual Studio profiler
|
# Visual Studio profiler
|
||||||
*.psess
|
*.psess
|
||||||
*.vsp
|
*.vsp
|
||||||
*.vspx
|
*.vspx
|
||||||
*.sap
|
*.sap
|
||||||
|
|
||||||
# Visual Studio Trace Files
|
# Visual Studio Trace Files
|
||||||
*.e2e
|
*.e2e
|
||||||
|
|
||||||
# TFS 2012 Local Workspace
|
# TFS 2012 Local Workspace
|
||||||
$tf/
|
$tf/
|
||||||
|
|
||||||
# Guidance Automation Toolkit
|
# Guidance Automation Toolkit
|
||||||
*.gpState
|
*.gpState
|
||||||
|
|
||||||
# ReSharper is a .NET coding add-in
|
# ReSharper is a .NET coding add-in
|
||||||
_ReSharper*/
|
_ReSharper*/
|
||||||
*.[Rr]e[Ss]harper
|
*.[Rr]e[Ss]harper
|
||||||
*.DotSettings.user
|
*.DotSettings.user
|
||||||
|
|
||||||
# TeamCity is a build add-in
|
# TeamCity is a build add-in
|
||||||
_TeamCity*
|
_TeamCity*
|
||||||
|
|
||||||
# DotCover is a Code Coverage Tool
|
# DotCover is a Code Coverage Tool
|
||||||
*.dotCover
|
*.dotCover
|
||||||
|
|
||||||
# AxoCover is a Code Coverage Tool
|
# AxoCover is a Code Coverage Tool
|
||||||
.axoCover/*
|
.axoCover/*
|
||||||
!.axoCover/settings.json
|
!.axoCover/settings.json
|
||||||
|
|
||||||
# Visual Studio code coverage results
|
# Visual Studio code coverage results
|
||||||
*.coverage
|
*.coverage
|
||||||
*.coveragexml
|
*.coveragexml
|
||||||
|
|
||||||
# NCrunch
|
# NCrunch
|
||||||
_NCrunch_*
|
_NCrunch_*
|
||||||
.*crunch*.local.xml
|
.*crunch*.local.xml
|
||||||
nCrunchTemp_*
|
nCrunchTemp_*
|
||||||
|
|
||||||
# MightyMoose
|
# MightyMoose
|
||||||
*.mm.*
|
*.mm.*
|
||||||
AutoTest.Net/
|
AutoTest.Net/
|
||||||
|
|
||||||
# Web workbench (sass)
|
# Web workbench (sass)
|
||||||
.sass-cache/
|
.sass-cache/
|
||||||
|
|
||||||
# Installshield output folder
|
# Installshield output folder
|
||||||
[Ee]xpress/
|
[Ee]xpress/
|
||||||
|
|
||||||
# DocProject is a documentation generator add-in
|
# DocProject is a documentation generator add-in
|
||||||
DocProject/buildhelp/
|
DocProject/buildhelp/
|
||||||
DocProject/Help/*.HxT
|
DocProject/Help/*.HxT
|
||||||
DocProject/Help/*.HxC
|
DocProject/Help/*.HxC
|
||||||
DocProject/Help/*.hhc
|
DocProject/Help/*.hhc
|
||||||
DocProject/Help/*.hhk
|
DocProject/Help/*.hhk
|
||||||
DocProject/Help/*.hhp
|
DocProject/Help/*.hhp
|
||||||
DocProject/Help/Html2
|
DocProject/Help/Html2
|
||||||
DocProject/Help/html
|
DocProject/Help/html
|
||||||
|
|
||||||
# Click-Once directory
|
# Click-Once directory
|
||||||
publish/
|
publish/
|
||||||
|
|
||||||
# Publish Web Output
|
# Publish Web Output
|
||||||
*.[Pp]ublish.xml
|
*.[Pp]ublish.xml
|
||||||
*.azurePubxml
|
*.azurePubxml
|
||||||
# Note: Comment the next line if you want to checkin your web deploy settings,
|
# Note: Comment the next line if you want to checkin your web deploy settings,
|
||||||
# but database connection strings (with potential passwords) will be unencrypted
|
# but database connection strings (with potential passwords) will be unencrypted
|
||||||
*.pubxml
|
*.pubxml
|
||||||
*.publishproj
|
*.publishproj
|
||||||
|
|
||||||
# Microsoft Azure Web App publish settings. Comment the next line if you want to
|
# Microsoft Azure Web App publish settings. Comment the next line if you want to
|
||||||
# checkin your Azure Web App publish settings, but sensitive information contained
|
# checkin your Azure Web App publish settings, but sensitive information contained
|
||||||
# in these scripts will be unencrypted
|
# in these scripts will be unencrypted
|
||||||
PublishScripts/
|
PublishScripts/
|
||||||
|
|
||||||
# NuGet Packages
|
# NuGet Packages
|
||||||
*.nupkg
|
*.nupkg
|
||||||
# NuGet Symbol Packages
|
# NuGet Symbol Packages
|
||||||
*.snupkg
|
*.snupkg
|
||||||
# The packages folder can be ignored because of Package Restore
|
# The packages folder can be ignored because of Package Restore
|
||||||
**/[Pp]ackages/*
|
**/[Pp]ackages/*
|
||||||
# except build/, which is used as an MSBuild target.
|
# except build/, which is used as an MSBuild target.
|
||||||
!**/[Pp]ackages/build/
|
!**/[Pp]ackages/build/
|
||||||
# Uncomment if necessary however generally it will be regenerated when needed
|
# Uncomment if necessary however generally it will be regenerated when needed
|
||||||
#!**/[Pp]ackages/repositories.config
|
#!**/[Pp]ackages/repositories.config
|
||||||
# NuGet v3's project.json files produces more ignorable files
|
# NuGet v3's project.json files produces more ignorable files
|
||||||
*.nuget.props
|
*.nuget.props
|
||||||
*.nuget.targets
|
*.nuget.targets
|
||||||
|
|
||||||
# Microsoft Azure Build Output
|
# Microsoft Azure Build Output
|
||||||
csx/
|
csx/
|
||||||
*.build.csdef
|
*.build.csdef
|
||||||
|
|
||||||
# Microsoft Azure Emulator
|
# Microsoft Azure Emulator
|
||||||
ecf/
|
ecf/
|
||||||
rcf/
|
rcf/
|
||||||
|
|
||||||
# Windows Store app package directories and files
|
# Windows Store app package directories and files
|
||||||
AppPackages/
|
AppPackages/
|
||||||
BundleArtifacts/
|
BundleArtifacts/
|
||||||
Package.StoreAssociation.xml
|
Package.StoreAssociation.xml
|
||||||
_pkginfo.txt
|
_pkginfo.txt
|
||||||
*.appx
|
*.appx
|
||||||
*.appxbundle
|
*.appxbundle
|
||||||
*.appxupload
|
*.appxupload
|
||||||
|
|
||||||
# Visual Studio cache files
|
# Visual Studio cache files
|
||||||
# files ending in .cache can be ignored
|
# files ending in .cache can be ignored
|
||||||
*.[Cc]ache
|
*.[Cc]ache
|
||||||
# but keep track of directories ending in .cache
|
# but keep track of directories ending in .cache
|
||||||
!?*.[Cc]ache/
|
!?*.[Cc]ache/
|
||||||
|
|
||||||
# Others
|
# Others
|
||||||
ClientBin/
|
ClientBin/
|
||||||
~$*
|
~$*
|
||||||
*~
|
*~
|
||||||
*.dbmdl
|
*.dbmdl
|
||||||
*.dbproj.schemaview
|
*.dbproj.schemaview
|
||||||
*.jfm
|
*.jfm
|
||||||
*.pfx
|
*.pfx
|
||||||
*.publishsettings
|
*.publishsettings
|
||||||
orleans.codegen.cs
|
orleans.codegen.cs
|
||||||
|
|
||||||
# Including strong name files can present a security risk
|
# Including strong name files can present a security risk
|
||||||
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
|
# (https://github.com/github/gitignore/pull/2483#issue-259490424)
|
||||||
#*.snk
|
#*.snk
|
||||||
|
|
||||||
# Since there are multiple workflows, uncomment next line to ignore bower_components
|
# Since there are multiple workflows, uncomment next line to ignore bower_components
|
||||||
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
|
# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
|
||||||
#bower_components/
|
#bower_components/
|
||||||
|
|
||||||
# RIA/Silverlight projects
|
# RIA/Silverlight projects
|
||||||
Generated_Code/
|
Generated_Code/
|
||||||
|
|
||||||
# Backup & report files from converting an old project file
|
# Backup & report files from converting an old project file
|
||||||
# to a newer Visual Studio version. Backup files are not needed,
|
# to a newer Visual Studio version. Backup files are not needed,
|
||||||
# because we have git ;-)
|
# because we have git ;-)
|
||||||
_UpgradeReport_Files/
|
_UpgradeReport_Files/
|
||||||
Backup*/
|
Backup*/
|
||||||
UpgradeLog*.XML
|
UpgradeLog*.XML
|
||||||
UpgradeLog*.htm
|
UpgradeLog*.htm
|
||||||
ServiceFabricBackup/
|
ServiceFabricBackup/
|
||||||
*.rptproj.bak
|
*.rptproj.bak
|
||||||
|
|
||||||
# SQL Server files
|
# SQL Server files
|
||||||
*.mdf
|
*.mdf
|
||||||
*.ldf
|
*.ldf
|
||||||
*.ndf
|
*.ndf
|
||||||
|
|
||||||
# Business Intelligence projects
|
# Business Intelligence projects
|
||||||
*.rdl.data
|
*.rdl.data
|
||||||
*.bim.layout
|
*.bim.layout
|
||||||
*.bim_*.settings
|
*.bim_*.settings
|
||||||
*.rptproj.rsuser
|
*.rptproj.rsuser
|
||||||
*- [Bb]ackup.rdl
|
*- [Bb]ackup.rdl
|
||||||
*- [Bb]ackup ([0-9]).rdl
|
*- [Bb]ackup ([0-9]).rdl
|
||||||
*- [Bb]ackup ([0-9][0-9]).rdl
|
*- [Bb]ackup ([0-9][0-9]).rdl
|
||||||
|
|
||||||
# Microsoft Fakes
|
# Microsoft Fakes
|
||||||
FakesAssemblies/
|
FakesAssemblies/
|
||||||
|
|
||||||
# GhostDoc plugin setting file
|
# GhostDoc plugin setting file
|
||||||
*.GhostDoc.xml
|
*.GhostDoc.xml
|
||||||
|
|
||||||
# Node.js Tools for Visual Studio
|
# Node.js Tools for Visual Studio
|
||||||
.ntvs_analysis.dat
|
.ntvs_analysis.dat
|
||||||
node_modules/
|
node_modules/
|
||||||
|
|
||||||
# Visual Studio 6 build log
|
# Visual Studio 6 build log
|
||||||
*.plg
|
*.plg
|
||||||
|
|
||||||
# Visual Studio 6 workspace options file
|
# Visual Studio 6 workspace options file
|
||||||
*.opt
|
*.opt
|
||||||
|
|
||||||
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
|
# Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
|
||||||
*.vbw
|
*.vbw
|
||||||
|
|
||||||
# Visual Studio LightSwitch build output
|
# Visual Studio LightSwitch build output
|
||||||
**/*.HTMLClient/GeneratedArtifacts
|
**/*.HTMLClient/GeneratedArtifacts
|
||||||
**/*.DesktopClient/GeneratedArtifacts
|
**/*.DesktopClient/GeneratedArtifacts
|
||||||
**/*.DesktopClient/ModelManifest.xml
|
**/*.DesktopClient/ModelManifest.xml
|
||||||
**/*.Server/GeneratedArtifacts
|
**/*.Server/GeneratedArtifacts
|
||||||
**/*.Server/ModelManifest.xml
|
**/*.Server/ModelManifest.xml
|
||||||
_Pvt_Extensions
|
_Pvt_Extensions
|
||||||
|
|
||||||
# Paket dependency manager
|
# Paket dependency manager
|
||||||
.paket/paket.exe
|
.paket/paket.exe
|
||||||
paket-files/
|
paket-files/
|
||||||
|
|
||||||
# FAKE - F# Make
|
# FAKE - F# Make
|
||||||
.fake/
|
.fake/
|
||||||
|
|
||||||
# CodeRush personal settings
|
# CodeRush personal settings
|
||||||
.cr/personal
|
.cr/personal
|
||||||
|
|
||||||
# Python Tools for Visual Studio (PTVS)
|
# Python Tools for Visual Studio (PTVS)
|
||||||
__pycache__/
|
__pycache__/
|
||||||
*.pyc
|
*.pyc
|
||||||
|
|
||||||
# Cake - Uncomment if you are using it
|
# Cake - Uncomment if you are using it
|
||||||
# tools/**
|
# tools/**
|
||||||
# !tools/packages.config
|
# !tools/packages.config
|
||||||
|
|
||||||
# Tabs Studio
|
# Tabs Studio
|
||||||
*.tss
|
*.tss
|
||||||
|
|
||||||
# Telerik's JustMock configuration file
|
# Telerik's JustMock configuration file
|
||||||
*.jmconfig
|
*.jmconfig
|
||||||
|
|
||||||
# BizTalk build output
|
# BizTalk build output
|
||||||
*.btp.cs
|
*.btp.cs
|
||||||
*.btm.cs
|
*.btm.cs
|
||||||
*.odx.cs
|
*.odx.cs
|
||||||
*.xsd.cs
|
*.xsd.cs
|
||||||
|
|
||||||
# OpenCover UI analysis results
|
# OpenCover UI analysis results
|
||||||
OpenCover/
|
OpenCover/
|
||||||
|
|
||||||
# Azure Stream Analytics local run output
|
# Azure Stream Analytics local run output
|
||||||
ASALocalRun/
|
ASALocalRun/
|
||||||
|
|
||||||
# MSBuild Binary and Structured Log
|
# MSBuild Binary and Structured Log
|
||||||
*.binlog
|
*.binlog
|
||||||
|
|
||||||
# NVidia Nsight GPU debugger configuration file
|
# NVidia Nsight GPU debugger configuration file
|
||||||
*.nvuser
|
*.nvuser
|
||||||
|
|
||||||
# MFractors (Xamarin productivity tool) working folder
|
# MFractors (Xamarin productivity tool) working folder
|
||||||
.mfractor/
|
.mfractor/
|
||||||
|
|
||||||
# Local History for Visual Studio
|
# Local History for Visual Studio
|
||||||
.localhistory/
|
.localhistory/
|
||||||
|
|
||||||
# BeatPulse healthcheck temp database
|
# BeatPulse healthcheck temp database
|
||||||
healthchecksdb
|
healthchecksdb
|
||||||
|
|
||||||
# Backup folder for Package Reference Convert tool in Visual Studio 2017
|
# Backup folder for Package Reference Convert tool in Visual Studio 2017
|
||||||
MigrationBackup/
|
MigrationBackup/
|
||||||
|
|
||||||
# Ionide (cross platform F# VS Code tools) working folder
|
# Ionide (cross platform F# VS Code tools) working folder
|
||||||
.ionide/
|
.ionide/
|
||||||
|
@ -1,21 +1,21 @@
|
|||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2021 qtKite
|
Copyright (c) 2021 qtKite
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
in the Software without restriction, including without limitation the rights
|
in the Software without restriction, including without limitation the rights
|
||||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
copies of the Software, and to permit persons to whom the Software is
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
furnished to do so, subject to the following conditions:
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
The above copyright notice and this permission notice shall be included in all
|
The above copyright notice and this permission notice shall be included in all
|
||||||
copies or substantial portions of the Software.
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
SOFTWARE.
|
SOFTWARE.
|
||||||
|
@ -1,386 +1,416 @@
|
|||||||
# defender-control
|
# defender-control
|
||||||
currently a work in progress - feel free to come back to check on any updates
|
currently a work in progress - feel free to come back to check on any updates
|
||||||
|
|
||||||
## what is this project?
|
## what is this project?
|
||||||
We all know that disabling windefender is a pain going through countless registries.
|
We all know that disabling windefender is a pain going through countless registries.
|
||||||
The next easiest solution is to use freeware and currently the most popular one is by sordum. (i won't link here - you can find it on the first google result)
|
The next easiest solution is to use freeware and currently the most popular one is by sordum. (i won't link here - you can find it on the first google result)
|
||||||
however, i was first wary of this program and the virus total detections; althought they are claimed to be false positive.
|
however, i was first wary of this program and the virus total detections; althought they are claimed to be false positive.
|
||||||
but i know that this program has worked well for me and friends in the past.
|
but i know that this program has worked well for me and friends in the past.
|
||||||
|
|
||||||
but for those who like open source, i took apart this program and did the research to disable windows defender in an easy open source manner without having to worry about running malware.
|
but for those who like open source, i took apart this program and did the research to disable windows defender in an easy open source manner without having to worry about running malware.
|
||||||
|
|
||||||
## reversal
|
## reversal
|
||||||
Our tool of choice will be IDA & x64 debugger for this task
|
Our tool of choice will be IDA & x64 debugger for this task
|
||||||
firstly we are going to inspect the strings and look for anything interesting.
|
firstly we are going to inspect the strings and look for anything interesting.
|
||||||
Strings seems to be hidden in this one, so I will do 2 different PoC of attack.
|
Strings seems to be hidden in this one, so I will do 2 different PoC of attack.
|
||||||
The first one, is to hook the registry functions and output their arguments. Since I know
|
The first one, is to hook the registry functions and output their arguments. Since I know
|
||||||
for a fact after looking at the imports - this program works by writing into relevant registries.
|
for a fact after looking at the imports - this program works by writing into relevant registries.
|
||||||
|
|
||||||
The second method is to breakpoint each function with x64 debugger and take a look at the strings on runtime.
|
The second method is to breakpoint each function with x64 debugger and take a look at the strings on runtime.
|
||||||
|
|
||||||
I did eventually come up with a third method, and it was to let procmon do its thing while you debug the program - but ill leave that as an exercise for another day.
|
I did eventually come up with a third method, and it was to let procmon do its thing while you debug the program - but ill leave that as an exercise for another day.
|
||||||
|
|
||||||
## x64 Debug
|
## x64 Debug
|
||||||
|
|
||||||
### disabling defender
|
### disabling defender
|
||||||
|
|
||||||
If we breakpoint onto RegSetKeyValue it writes into "DisableAntiSpyware" which we can research on the internet
|
If we breakpoint onto RegSetKeyValue it writes into "DisableAntiSpyware" which we can research on the internet
|
||||||
There is a lot of occurance with the following registry directory: "Software\\Policies\\Microsoft\\Windows Defender"
|
There is a lot of occurance with the following registry directory: "Software\\Policies\\Microsoft\\Windows Defender"
|
||||||
It is found under the parent directory of HKLM64.
|
It is found under the parent directory of HKLM64.
|
||||||
|
|
||||||
```asm
|
```asm
|
||||||
008CE9E8 043DCA88 L"HKLM64"
|
008CE9E8 043DCA88 L"HKLM64"
|
||||||
...
|
...
|
||||||
008CEA08 043DCBC0 L"SOFTWARE\\Policies\\Microsoft\\Windows Defender"
|
008CEA08 043DCBC0 L"SOFTWARE\\Policies\\Microsoft\\Windows Defender"
|
||||||
```
|
```
|
||||||
|
|
||||||
The second breakpoint leads us here:
|
The second breakpoint leads us here:
|
||||||
|
|
||||||
```asm
|
```asm
|
||||||
008CE8F0 043DCFE8 L"HKLM64"
|
008CE8F0 043DCFE8 L"HKLM64"
|
||||||
...
|
...
|
||||||
008CE910 043DD120 L"SYSTEM\\CurrentControlSet\\Services\\WinDefend"
|
008CE910 043DD120 L"SYSTEM\\CurrentControlSet\\Services\\WinDefend"
|
||||||
```
|
```
|
||||||
|
|
||||||
So taking a look into the registry: SYSTEM\\CurrentControlSet\\Services\\WinDefend
|
So taking a look into the registry: SYSTEM\\CurrentControlSet\\Services\\WinDefend
|
||||||
and cross referencing back to x64 dbg: we notice this:
|
and cross referencing back to x64 dbg: we notice this:
|
||||||
|
|
||||||
`76122F7F | 397D 0C | cmp dword ptr ss:[ebp+C],edi | [ebp+C]:L"Start"`
|
`76122F7F | 397D 0C | cmp dword ptr ss:[ebp+C],edi | [ebp+C]:L"Start"`
|
||||||
|
|
||||||
It appears that 0x03 disables windefender, while 0x02 means to enable.
|
It appears that 0x03 disables windefender, while 0x02 means to enable.
|
||||||
A quick google search brings us here: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start-windows_10/how-to-disable-windows-defender-in-windows-10/b834d36e-6da8-42a8-85f6-da9a520f05f2
|
A quick google search brings us here: https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_start-windows_10/how-to-disable-windows-defender-in-windows-10/b834d36e-6da8-42a8-85f6-da9a520f05f2
|
||||||
|
|
||||||
The next one is also in HKLM:
|
The next one is also in HKLM:
|
||||||
|
|
||||||
```asm
|
```asm
|
||||||
76122FF0 | 8945 CC | mov dword ptr ss:[ebp-34],eax | [ebp-34]:L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
76122FF0 | 8945 CC | mov dword ptr ss:[ebp-34],eax | [ebp-34]:L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||||
76122FF3 | 66:8B01 | mov ax,word ptr ds:[ecx] | ecx:&L"SecurityHealth"
|
76122FF3 | 66:8B01 | mov ax,word ptr ds:[ecx] | ecx:&L"SecurityHealth"
|
||||||
```
|
```
|
||||||
|
|
||||||
Seems to be set to 3 or off
|
Seems to be set to 3 or off
|
||||||
|
|
||||||
Now we will look at RegCreateKey
|
Now we will look at RegCreateKey
|
||||||
There seems to be a regisatry opened at
|
There seems to be a regisatry opened at
|
||||||
|
|
||||||
```asm
|
```asm
|
||||||
EDX : 043DCD78 L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection"
|
EDX : 043DCD78 L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection"
|
||||||
EIP : 7591E420 <advapi32.RegCreateKeyExW>
|
EIP : 7591E420 <advapi32.RegCreateKeyExW>
|
||||||
```
|
```
|
||||||
|
|
||||||
However, there doesnt seem to be anymore functions breakpointed. So lets inspect the directory
|
However, there doesnt seem to be anymore functions breakpointed. So lets inspect the directory
|
||||||
|
|
||||||
We have 2 flags set:
|
We have 2 flags set:
|
||||||
DisableRealtimeMonitoring as a REG_DWORD set to 0x01
|
DisableRealtimeMonitoring as a REG_DWORD set to 0x01
|
||||||
DpaDisabled as REG_DWORD set to 0x0
|
DpaDisabled as REG_DWORD set to 0x0
|
||||||
|
|
||||||
Another one opened here:
|
Another one opened here:
|
||||||
|
|
||||||
```asm
|
```asm
|
||||||
008CEFF8 043EB4C8 L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
008CEFF8 043EB4C8 L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run"
|
||||||
```
|
```
|
||||||
|
|
||||||
### enabling defender
|
### enabling defender
|
||||||
|
|
||||||
there seems to be a reference with "Policy Manager" using RegEnumKeyExW
|
there seems to be a reference with "Policy Manager" using RegEnumKeyExW
|
||||||
|
|
||||||
It seems to call RegDeleteValueW on security health (see above)
|
It seems to call RegDeleteValueW on security health (see above)
|
||||||
|
|
||||||
|
|
||||||
## reversing w hooks
|
## reversing w hooks
|
||||||
We are going to write a simple dll to inject into defender control to dump out the parameters of the functions we are interested in.
|
We are going to write a simple dll to inject into defender control to dump out the parameters of the functions we are interested in.
|
||||||
|
|
||||||
Here are the logs:
|
Here are the logs:
|
||||||
```
|
```
|
||||||
obtained RegDeleteKeyW from 75A60000
|
obtained RegDeleteKeyW from 75A60000
|
||||||
obtained RegDeleteValueW from 75A60000
|
obtained RegDeleteValueW from 75A60000
|
||||||
obtained RegEnumValueW from 75A60000
|
obtained RegEnumValueW from 75A60000
|
||||||
obtained RegSetValueExW from 75A60000
|
obtained RegSetValueExW from 75A60000
|
||||||
obtained RegCreateKeyExW from 75A60000
|
obtained RegCreateKeyExW from 75A60000
|
||||||
obtained RegConnectRegistryW from 75A60000
|
obtained RegConnectRegistryW from 75A60000
|
||||||
obtained RegEnumKeyExW from 75A60000
|
obtained RegEnumKeyExW from 75A60000
|
||||||
obtained RegQueryValueExW from 75A60000
|
obtained RegQueryValueExW from 75A60000
|
||||||
obtained RegOpenKeyExW from 75A60000
|
obtained RegOpenKeyExW from 75A60000
|
||||||
imports resolved
|
imports resolved
|
||||||
preparing to hook
|
preparing to hook
|
||||||
|
|
||||||
Registry Routine to check if defender activated:
|
Registry Routine to check if defender activated:
|
||||||
|
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||||
|
|
||||||
Routine to disable defender
|
Routine to disable defender
|
||||||
|
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: Start
|
lpValueName: Start
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegEnumValueW]
|
[RegEnumValueW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||||
|
|
||||||
Routine to enable defender
|
Routine to enable defender
|
||||||
|
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: Policy Manager
|
lpValueName: Policy Manager
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SYSTEM\CurrentControlSet\Services\SecLogon
|
lpValueName: SYSTEM\CurrentControlSet\Services\SecLogon
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: Start
|
lpValueName: Start
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: Start
|
lpValueName: Start
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: Policy Manager
|
lpValueName: Policy Manager
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: Policy Manager
|
lpValueName: Policy Manager
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
lpValueName: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegEnumValueW]
|
[RegEnumValueW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||||
[RegDeleteValueW]
|
[RegDeleteValueW]
|
||||||
lpValueNameSecurityHealth
|
lpValueNameSecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegEnumValueW]
|
[RegEnumValueW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: WindowsDefender
|
lpValueName: WindowsDefender
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: WindowsDefender
|
lpValueName: WindowsDefender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegEnumValueW]
|
[RegEnumValueW]
|
||||||
lpValueName: WindowsDefender
|
lpValueName: WindowsDefender
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
lpValueName: C:\Program Files (x86)\DefenderControl\dControl.exe
|
||||||
<also redacted a bunch of stuff from policy manager stuff>
|
<also redacted a bunch of stuff from policy manager stuff>
|
||||||
```
|
```
|
||||||
|
|
||||||
So by analyzing these logs, it seems that we check if defender is enabled by reading these two registries:
|
So by analyzing these logs, it seems that we check if defender is enabled by reading these two registries:
|
||||||
```
|
```
|
||||||
SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
DisableRealtimeMonitoring
|
DisableRealtimeMonitoring
|
||||||
```
|
```
|
||||||
|
|
||||||
When it disables the AV it modifies these registries:
|
When it disables the AV it modifies these registries:
|
||||||
```
|
```
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
lpSubKey: SOFTWARE\Policies\Microsoft\Windows Defender
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: DisableAntiSpyware
|
lpValueName: DisableAntiSpyware
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
lpSubKey: SOFTWARE\Microsoft\Windows Defender
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpSubKey: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
lpSubKey: SYSTEM\CurrentControlSet\Services\WinDefend
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: Start
|
lpValueName: Start
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegCreateKeyExW]
|
[RegCreateKeyExW]
|
||||||
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
lpSubKey: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
|
||||||
[RegSetValueExW]
|
[RegSetValueExW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
lpValueName: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
||||||
[RegEnumValueW]
|
[RegEnumValueW]
|
||||||
lpValueName: SecurityHealth
|
lpValueName: SecurityHealth
|
||||||
[RegOpenKeyExW]
|
[RegOpenKeyExW]
|
||||||
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
||||||
[RegQueryValueExW]
|
[RegQueryValueExW]
|
||||||
lpValueName: DisableRealtimeMonitoring
|
lpValueName: DisableRealtimeMonitoring
|
||||||
```
|
```
|
||||||
|
|
||||||
### Dumping VTable Calls
|
### Dumping VTable Calls
|
||||||
```
|
```
|
||||||
[Control Table] 0x495b78
|
[Control Table] 0x495b78
|
||||||
[Control Table] 0x493658
|
[Control Table] 0x493658
|
||||||
[Control Table] 0x4932f8
|
[Control Table] 0x4932f8
|
||||||
[Control Table] 0x494e1c
|
[Control Table] 0x494e1c
|
||||||
[Control Table] 0x4949e4
|
[Control Table] 0x4949e4
|
||||||
[Control Table] 0x4965e0
|
[Control Table] 0x4965e0
|
||||||
[Control Table] 0x496088
|
[Control Table] 0x496088
|
||||||
[Control Table] 0x4951c4
|
[Control Table] 0x4951c4
|
||||||
[Control Table] 0x4960d0
|
[Control Table] 0x4960d0
|
||||||
[Control Table] 0x49463c
|
[Control Table] 0x49463c
|
||||||
[Control Table] 0x493808
|
[Control Table] 0x493808
|
||||||
[Control Table] 0x493850
|
[Control Table] 0x493850
|
||||||
[Control Table] 0x494ed0
|
[Control Table] 0x494ed0
|
||||||
[Control Table] 0x49382c
|
[Control Table] 0x49382c
|
||||||
[Control Table] 0x49532c
|
[Control Table] 0x49532c
|
||||||
[Control Table] 0x493874
|
[Control Table] 0x493874
|
||||||
[Control Table] 0x493898
|
[Control Table] 0x493898
|
||||||
[Control Table] 0x4931fc
|
[Control Table] 0x4931fc
|
||||||
[Control Table] 0x4931b4
|
[Control Table] 0x4931b4
|
||||||
[Control Table] 0x495500
|
[Control Table] 0x495500
|
||||||
[Control Table] 0x495cbc
|
[Control Table] 0x495cbc
|
||||||
[Control Table] 0x495ce0
|
[Control Table] 0x495ce0
|
||||||
[Control Table] 0x4958cc
|
[Control Table] 0x4958cc
|
||||||
[Control Table] 0x494a74
|
[Control Table] 0x494a74
|
||||||
[Control Table] 0x495c08
|
[Control Table] 0x495c08
|
||||||
[Control Table] 0x494cfc
|
[Control Table] 0x494cfc
|
||||||
[Control Table] 0x493c40
|
[Control Table] 0x493c40
|
||||||
[Control Table] 0x493e5c
|
[Control Table] 0x493e5c
|
||||||
[Control Table] 0x493ea4
|
[Control Table] 0x493ea4
|
||||||
[Control Table] 0x493b8c
|
[Control Table] 0x493b8c
|
||||||
[Control Table] 0x495b0c
|
[Control Table] 0x495b0c
|
||||||
[Control Table] 0x495c2c
|
[Control Table] 0x495c2c
|
||||||
[Control Table] 0x493f7c
|
[Control Table] 0x493f7c
|
||||||
[Control Table] 0x4930dc
|
[Control Table] 0x4930dc
|
||||||
[Control Table] 0x493fe8
|
[Control Table] 0x493fe8
|
||||||
[Control Table] 0x494c00
|
[Control Table] 0x494c00
|
||||||
[Control Table] 0x495644
|
[Control Table] 0x495644
|
||||||
[Control Table] 0x495428
|
[Control Table] 0x495428
|
||||||
[Control Table] 0x496430
|
[Control Table] 0x496430
|
||||||
[Control Table] 0x4963e8
|
[Control Table] 0x4963e8
|
||||||
[Control Table] 0x4954b8
|
[Control Table] 0x4954b8
|
||||||
[Control Table] 0x4945d0
|
[Control Table] 0x4945d0
|
||||||
[Control Table] 0x496040
|
[Control Table] 0x496040
|
||||||
[Control Table] 0x4960ac
|
[Control Table] 0x4960ac
|
||||||
[Control Table] 0x494a50
|
[Control Table] 0x494a50
|
||||||
[Control Table] 0x495be4
|
[Control Table] 0x495be4
|
||||||
```
|
```
|
||||||
|
|
||||||
To enable the AV, we just do the opposite of what we needed to disable the AV.
|
To enable the AV, we just do the opposite of what we needed to disable the AV.
|
||||||
|
|
||||||
Upon starting the AV, the program calls CreateProcessW on C:\Windows\System32\SecurityHealthSystray.exe
|
Upon starting the AV, the program calls CreateProcessW on C:\Windows\System32\SecurityHealthSystray.exe
|
||||||
|
|
||||||
## Windows Tamper Protection
|
## Windows Tamper Protection
|
||||||
|
|
||||||
But theres, a catch. In a newer recent windows update - you can no longer disable the defender via registries. Well, our program runs completely in usermode, so there must be another way its making these registry changes - most likely through the powershell command Set-MpPreference if we do some research into changing the registry. So we will need to take a peek into the wmic api it accesses.
|
But theres, a catch. In a newer recent windows update - you can no longer disable the defender via registries. Well, our program runs completely in usermode, so there must be another way its making these registry changes - most likely through the powershell command Set-MpPreference if we do some research into changing the registry. So we will need to take a peek into the wmic api it accesses.
|
||||||
Luckily for us, all this stuff is documented. Check out these two links:
|
Luckily for us, all this stuff is documented. Check out these two links:
|
||||||
- https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps
|
- https://docs.microsoft.com/en-us/powershell/module/defender/set-mppreference?view=windowsserver2019-ps
|
||||||
- https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-c---application-examples
|
- https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmi-c---application-examples
|
||||||
|
|
||||||
So, since its kind of difficult to debug the values DefenderControl accesses and this stuff is pretty well documented - we are going to base our work off research.
|
So, since its kind of difficult to debug the values DefenderControl accesses and this stuff is pretty well documented - we are going to base our work off research.
|
||||||
|
|
||||||
I first wanted to see how powershell called the command, so i looked through the powershell github since its open sourced and found that the command was in a cmdlet that was not documented in the repository. So after reading up on some powershell commands I dumped the powershell informating using this:
|
I first wanted to see how powershell called the command, so i looked through the powershell github since its open sourced and found that the command was in a cmdlet that was not documented in the repository. So after reading up on some powershell commands I dumped the powershell informating using this:
|
||||||
|
|
||||||
```
|
```
|
||||||
Get-Command Set-MpPreference | fl
|
Get-Command Set-MpPreference | fl
|
||||||
```
|
e``
|
||||||
|
|
||||||
If we wanted to read the MSFT_MpPreference class, it is documented here:
|
If we wanted to read the MSFT_MpPreference class, it is documented here:
|
||||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)#requirements
|
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)#requirements
|
||||||
We can access via powershell like so:
|
We can access via powershell like so:
|
||||||
```
|
```
|
||||||
Get-WmiObject -ClassName MSFT_MpPreference -Namespace root/microsoft/windows/defender
|
Get-WmiObject -ClassName MSFT_MpPreference -Namespace root/microsoft/windows/defender
|
||||||
```
|
```
|
||||||
If we look further we can write to this using the WMI as i suspected, it is documented here:
|
If we look further we can write to this using the WMI as i suspected, it is documented here:
|
||||||
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal
|
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal
|
||||||
|
|
||||||
|
We can find the specific wmi com classes if we do the following command:
|
||||||
|
|
||||||
|
```
|
||||||
|
MpPreference |fl *
|
||||||
|
```
|
||||||
|
|
||||||
|
We get an output and we are intrested in this:
|
||||||
|
```
|
||||||
|
CimClass : root/Microsoft/Windows/Defender:MSFT_MpPreference
|
||||||
|
CimInstanceProperties : {AllowDatagramProcessingOnWinServer, AllowNetworkProtectionDownLevel,
|
||||||
|
AllowNetworkProtectionOnWinServer,
|
||||||
|
AttackSurfaceReductionOnlyExclusions...}
|
||||||
|
CimSystemProperties : Microsoft.Management.Infrastructure.CimSystemProperties
|
||||||
|
```
|
||||||
|
|
||||||
|
We can find the class here: https://docs.microsoft.com/en-us/dotnet/api/microsoft.management.infrastructure.cimsystemproperties?view=powershellsdk-7.0.0
|
||||||
|
|
||||||
|
It is also located in windows binaries in the following path: C:\Program Files (x86)\Reference Assemblies\Microsoft\WMI\v1.0
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,287 +1,287 @@
|
|||||||
#include "dcontrol.h"
|
#include "dcontrol.h"
|
||||||
|
|
||||||
namespace REG
|
namespace REG
|
||||||
{
|
{
|
||||||
// reads a key from HKEY_LOCAL_MACHINE
|
// reads a key from HKEY_LOCAL_MACHINE
|
||||||
//
|
//
|
||||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
|
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
|
||||||
{
|
{
|
||||||
LSTATUS status;
|
LSTATUS status;
|
||||||
HKEY hkey;
|
HKEY hkey;
|
||||||
DWORD result{};
|
DWORD result{};
|
||||||
DWORD buff_sz = sizeof(DWORD);
|
DWORD buff_sz = sizeof(DWORD);
|
||||||
|
|
||||||
// https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
|
// https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
|
||||||
|
|
||||||
status = RegOpenKeyExW(
|
status = RegOpenKeyExW(
|
||||||
HKEY_LOCAL_MACHINE,
|
HKEY_LOCAL_MACHINE,
|
||||||
root_name,
|
root_name,
|
||||||
0,
|
0,
|
||||||
KEY_READ | KEY_WOW64_64KEY,
|
KEY_READ | KEY_WOW64_64KEY,
|
||||||
&hkey
|
&hkey
|
||||||
);
|
);
|
||||||
|
|
||||||
if (status)
|
if (status)
|
||||||
{
|
{
|
||||||
if (flags & DBG_MSG)
|
if (flags & DBG_MSG)
|
||||||
std::cout << "Error opening " << root_name << " key" << std::endl;
|
std::cout << "Error opening " << root_name << " key" << std::endl;
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = RegQueryValueExW(
|
status = RegQueryValueExW(
|
||||||
hkey,
|
hkey,
|
||||||
value_name,
|
value_name,
|
||||||
0, NULL,
|
0, NULL,
|
||||||
reinterpret_cast<LPBYTE>(&result),
|
reinterpret_cast<LPBYTE>(&result),
|
||||||
&buff_sz
|
&buff_sz
|
||||||
);
|
);
|
||||||
|
|
||||||
if (status)
|
if (status)
|
||||||
{
|
{
|
||||||
if (flags & DBG_MSG)
|
if (flags & DBG_MSG)
|
||||||
std::cout << "Failed to read " << result << std::endl;
|
std::cout << "Failed to read " << result << std::endl;
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
RegCloseKey(hkey);
|
RegCloseKey(hkey);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
|
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
|
||||||
//
|
//
|
||||||
bool create_registry(const wchar_t* root_name, HKEY& hkey)
|
bool create_registry(const wchar_t* root_name, HKEY& hkey)
|
||||||
{
|
{
|
||||||
LSTATUS status;
|
LSTATUS status;
|
||||||
|
|
||||||
DWORD dwDisposition;
|
DWORD dwDisposition;
|
||||||
|
|
||||||
status = RegCreateKeyExW(
|
status = RegCreateKeyExW(
|
||||||
HKEY_LOCAL_MACHINE,
|
HKEY_LOCAL_MACHINE,
|
||||||
root_name,
|
root_name,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
0,
|
0,
|
||||||
131334,
|
131334,
|
||||||
0,
|
0,
|
||||||
&hkey,
|
&hkey,
|
||||||
&dwDisposition
|
&dwDisposition
|
||||||
);
|
);
|
||||||
|
|
||||||
if (status)
|
if (status)
|
||||||
{
|
{
|
||||||
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
|
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||||
{
|
{
|
||||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
||||||
reinterpret_cast<LPBYTE>(&value), 4);
|
reinterpret_cast<LPBYTE>(&value), 4);
|
||||||
|
|
||||||
if (ret)
|
if (ret)
|
||||||
{
|
{
|
||||||
std::cout << "Set error: " << ret << std::endl;
|
std::cout << "Set error: " << ret << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
||||||
{
|
{
|
||||||
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
||||||
reinterpret_cast<LPBYTE>(&value), 12);
|
reinterpret_cast<LPBYTE>(&value), 12);
|
||||||
|
|
||||||
if (ret)
|
if (ret)
|
||||||
{
|
{
|
||||||
std::cout << "Set error: " << ret << std::endl;
|
std::cout << "Set error: " << ret << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace WMIC
|
namespace WMIC
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace DCONTROL
|
namespace DCONTROL
|
||||||
{
|
{
|
||||||
// Sets the programs debug priviliges
|
// Sets the programs debug priviliges
|
||||||
bool set_privilege(LPCSTR privilege, BOOL enable)
|
bool set_privilege(LPCSTR privilege, BOOL enable)
|
||||||
{
|
{
|
||||||
TOKEN_PRIVILEGES priv = { 0,0,0,0 };
|
TOKEN_PRIVILEGES priv = { 0,0,0,0 };
|
||||||
HANDLE token = nullptr;
|
HANDLE token = nullptr;
|
||||||
LUID luid = { 0,0 };
|
LUID luid = { 0,0 };
|
||||||
|
|
||||||
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
|
||||||
{
|
{
|
||||||
if (token)
|
if (token)
|
||||||
CloseHandle(token);
|
CloseHandle(token);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!LookupPrivilegeValueA(nullptr, SE_DEBUG_NAME, &luid))
|
if (!LookupPrivilegeValueA(nullptr, SE_DEBUG_NAME, &luid))
|
||||||
{
|
{
|
||||||
if (token)
|
if (token)
|
||||||
CloseHandle(token);
|
CloseHandle(token);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
priv.PrivilegeCount = 1;
|
priv.PrivilegeCount = 1;
|
||||||
priv.Privileges[0].Luid = luid;
|
priv.Privileges[0].Luid = luid;
|
||||||
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
||||||
|
|
||||||
if (!AdjustTokenPrivileges(token, false, &priv, 0, nullptr, nullptr))
|
if (!AdjustTokenPrivileges(token, false, &priv, 0, nullptr, nullptr))
|
||||||
{
|
{
|
||||||
if (token)
|
if (token)
|
||||||
CloseHandle(token);
|
CloseHandle(token);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (token)
|
if (token)
|
||||||
CloseHandle(token);
|
CloseHandle(token);
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
char sub_43604B()
|
char sub_43604B()
|
||||||
{
|
{
|
||||||
char v0; // bl
|
char v0; // bl
|
||||||
SC_HANDLE v1; // eax
|
SC_HANDLE v1; // eax
|
||||||
SC_HANDLE v2; // esi
|
SC_HANDLE v2; // esi
|
||||||
void* v3; // eax
|
void* v3; // eax
|
||||||
|
|
||||||
v0 = 0;
|
v0 = 0;
|
||||||
v1 = OpenSCManagerW(0, 0, 8u);
|
v1 = OpenSCManagerW(0, 0, 8u);
|
||||||
v2 = v1;
|
v2 = v1;
|
||||||
if (v1)
|
if (v1)
|
||||||
{
|
{
|
||||||
v3 = LockServiceDatabase(v1);
|
v3 = LockServiceDatabase(v1);
|
||||||
if (v3)
|
if (v3)
|
||||||
{
|
{
|
||||||
UnlockServiceDatabase(v3);
|
UnlockServiceDatabase(v3);
|
||||||
CloseServiceHandle(v2);
|
CloseServiceHandle(v2);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
if (GetLastError() == 1055)
|
if (GetLastError() == 1055)
|
||||||
v0 = 1;
|
v0 = 1;
|
||||||
CloseServiceHandle(v2);
|
CloseServiceHandle(v2);
|
||||||
}
|
}
|
||||||
return v0;
|
return v0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// disables window defender
|
// disables window defender
|
||||||
//
|
//
|
||||||
bool disable_defender()
|
bool disable_defender()
|
||||||
{
|
{
|
||||||
if (!sub_43604B())
|
if (!sub_43604B())
|
||||||
{
|
{
|
||||||
std::cout << "permission error" << std::endl;
|
std::cout << "permission error" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
set_privilege(SE_DEBUG_NAME, TRUE);
|
set_privilege(SE_DEBUG_NAME, TRUE);
|
||||||
|
|
||||||
HKEY hkey;
|
HKEY hkey;
|
||||||
|
|
||||||
// DisableAntiSpyware
|
// DisableAntiSpyware
|
||||||
{
|
{
|
||||||
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
||||||
{
|
{
|
||||||
std::cout << "failed to access Policies" << std::endl;
|
std::cout << "failed to access Policies" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||||
{
|
{
|
||||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
||||||
{
|
{
|
||||||
std::cout << "failed to access Windows Defender" << std::endl;
|
std::cout << "failed to access Windows Defender" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
||||||
{
|
{
|
||||||
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
// Start (3 off) (2 on)
|
// Start (3 off) (2 on)
|
||||||
{
|
{
|
||||||
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
||||||
{
|
{
|
||||||
std::cout << "failed to access CurrentControlSet" << std::endl;
|
std::cout << "failed to access CurrentControlSet" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!REG::set_keyval(hkey, L"Start", 3))
|
if (!REG::set_keyval(hkey, L"Start", 3))
|
||||||
{
|
{
|
||||||
std::cout << "failed to write to Start" << std::endl;
|
std::cout << "failed to write to Start" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
std::cout << "Wrote to Start" << std::endl;
|
std::cout << "Wrote to Start" << std::endl;
|
||||||
|
|
||||||
|
|
||||||
// SecurityHealth
|
// SecurityHealth
|
||||||
{
|
{
|
||||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
||||||
{
|
{
|
||||||
std::cout << "failed to access CurrentVersion" << std::endl;
|
std::cout << "failed to access CurrentVersion" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
||||||
{
|
{
|
||||||
std::cout << "failed to write to SecurityHealth" << std::endl;
|
std::cout << "failed to write to SecurityHealth" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
std::cout << "Wrote to SecurityHealth" << std::endl;
|
std::cout << "Wrote to SecurityHealth" << std::endl;
|
||||||
|
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
// DisableRealtimeMonitoring
|
// DisableRealtimeMonitoring
|
||||||
{
|
{
|
||||||
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
||||||
{
|
{
|
||||||
std::cout << "failed to access registry" << std::endl;
|
std::cout << "failed to access registry" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
|
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
|
||||||
{
|
{
|
||||||
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
|
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Checks whether Real-Time Protection is activated on windows
|
// Checks whether Real-Time Protection is activated on windows
|
||||||
//
|
//
|
||||||
bool check_defender(uint32_t flags)
|
bool check_defender(uint32_t flags)
|
||||||
{
|
{
|
||||||
return REG::read_key(
|
return REG::read_key(
|
||||||
L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
|
L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
|
||||||
L"DisableRealtimeMonitoring") == 0;
|
L"DisableRealtimeMonitoring") == 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -1,20 +1,20 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#include <Windows.h>
|
#include <Windows.h>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
|
|
||||||
#define DBG_MSG (1 << 0)
|
#define DBG_MSG (1 << 0)
|
||||||
|
|
||||||
namespace REG
|
namespace REG
|
||||||
{
|
{
|
||||||
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags = 0);
|
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags = 0);
|
||||||
bool create_registry(const wchar_t* root_name, HKEY& hkey);
|
bool create_registry(const wchar_t* root_name, HKEY& hkey);
|
||||||
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||||
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value);
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace DCONTROL
|
namespace DCONTROL
|
||||||
{
|
{
|
||||||
bool disable_defender();
|
bool disable_defender();
|
||||||
bool check_defender(uint32_t flags = 0);
|
bool check_defender(uint32_t flags = 0);
|
||||||
}
|
}
|
@ -1,153 +1,153 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
<ItemGroup Label="ProjectConfigurations">
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
<ProjectConfiguration Include="Debug|Win32">
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
<Configuration>Debug</Configuration>
|
<Configuration>Debug</Configuration>
|
||||||
<Platform>Win32</Platform>
|
<Platform>Win32</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Release|Win32">
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
<Configuration>Release</Configuration>
|
<Configuration>Release</Configuration>
|
||||||
<Platform>Win32</Platform>
|
<Platform>Win32</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Debug|x64">
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
<Configuration>Debug</Configuration>
|
<Configuration>Debug</Configuration>
|
||||||
<Platform>x64</Platform>
|
<Platform>x64</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Release|x64">
|
<ProjectConfiguration Include="Release|x64">
|
||||||
<Configuration>Release</Configuration>
|
<Configuration>Release</Configuration>
|
||||||
<Platform>x64</Platform>
|
<Platform>x64</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<PropertyGroup Label="Globals">
|
<PropertyGroup Label="Globals">
|
||||||
<VCProjectVersion>16.0</VCProjectVersion>
|
<VCProjectVersion>16.0</VCProjectVersion>
|
||||||
<Keyword>Win32Proj</Keyword>
|
<Keyword>Win32Proj</Keyword>
|
||||||
<ProjectGuid>{7c2c0aec-7b9d-4104-99fa-1844d609452c}</ProjectGuid>
|
<ProjectGuid>{7c2c0aec-7b9d-4104-99fa-1844d609452c}</ProjectGuid>
|
||||||
<RootNamespace>defendercontrol</RootNamespace>
|
<RootNamespace>defendercontrol</RootNamespace>
|
||||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
<CharacterSet>MultiByte</CharacterSet>
|
<CharacterSet>MultiByte</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
<ConfigurationType>Application</ConfigurationType>
|
<ConfigurationType>Application</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
<ImportGroup Label="ExtensionSettings">
|
<ImportGroup Label="ExtensionSettings">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="Shared">
|
<ImportGroup Label="Shared">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<PropertyGroup Label="UserMacros" />
|
<PropertyGroup Label="UserMacros" />
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<LinkIncremental>true</LinkIncremental>
|
<LinkIncremental>true</LinkIncremental>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<LinkIncremental>false</LinkIncremental>
|
<LinkIncremental>false</LinkIncremental>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<LinkIncremental>true</LinkIncremental>
|
<LinkIncremental>true</LinkIncremental>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<LinkIncremental>false</LinkIncremental>
|
<LinkIncremental>false</LinkIncremental>
|
||||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Console</SubSystem>
|
<SubSystem>Console</SubSystem>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Console</SubSystem>
|
<SubSystem>Console</SubSystem>
|
||||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
<OptimizeReferences>true</OptimizeReferences>
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Console</SubSystem>
|
<SubSystem>Console</SubSystem>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Console</SubSystem>
|
<SubSystem>Console</SubSystem>
|
||||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
<OptimizeReferences>true</OptimizeReferences>
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClCompile Include="dcontrol.cpp" />
|
<ClCompile Include="dcontrol.cpp" />
|
||||||
<ClCompile Include="main.cpp" />
|
<ClCompile Include="main.cpp" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="dcontrol.h" />
|
<ClInclude Include="dcontrol.h" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
<ImportGroup Label="ExtensionTargets">
|
<ImportGroup Label="ExtensionTargets">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
</Project>
|
</Project>
|
@ -1,33 +1,33 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Filter Include="Source Files">
|
<Filter Include="Source Files">
|
||||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||||
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
<Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter Include="Header Files">
|
<Filter Include="Header Files">
|
||||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter Include="Resource Files">
|
<Filter Include="Resource Files">
|
||||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter Include="Source Files\defender-control">
|
<Filter Include="Source Files\defender-control">
|
||||||
<UniqueIdentifier>{8a88e18b-d3f3-447e-a3b0-9867c153c3c1}</UniqueIdentifier>
|
<UniqueIdentifier>{8a88e18b-d3f3-447e-a3b0-9867c153c3c1}</UniqueIdentifier>
|
||||||
</Filter>
|
</Filter>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClCompile Include="main.cpp">
|
<ClCompile Include="main.cpp">
|
||||||
<Filter>Source Files</Filter>
|
<Filter>Source Files</Filter>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<ClCompile Include="dcontrol.cpp">
|
<ClCompile Include="dcontrol.cpp">
|
||||||
<Filter>Source Files\defender-control</Filter>
|
<Filter>Source Files\defender-control</Filter>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="dcontrol.h">
|
<ClInclude Include="dcontrol.h">
|
||||||
<Filter>Source Files\defender-control</Filter>
|
<Filter>Source Files\defender-control</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
@ -1,23 +1,23 @@
|
|||||||
#include "dcontrol.h"
|
#include "dcontrol.h"
|
||||||
|
|
||||||
// to-do:
|
// to-do:
|
||||||
// write argument parser
|
// write argument parser
|
||||||
// create cli program
|
// create cli program
|
||||||
// maybe make a ui for this
|
// maybe make a ui for this
|
||||||
|
|
||||||
// entrypoint
|
// entrypoint
|
||||||
//
|
//
|
||||||
int main()
|
int main()
|
||||||
{
|
{
|
||||||
printf(DCONTROL::check_defender() ?
|
printf(DCONTROL::check_defender() ?
|
||||||
"Windows defender is ACTIVE\n" :
|
"Windows defender is ACTIVE\n" :
|
||||||
"Windows defender is OFF\n");
|
"Windows defender is OFF\n");
|
||||||
|
|
||||||
printf(DCONTROL::disable_defender() ?
|
printf(DCONTROL::disable_defender() ?
|
||||||
"Defender disabled\n" :
|
"Defender disabled\n" :
|
||||||
"Failed to disable\n");
|
"Failed to disable\n");
|
||||||
|
|
||||||
system("pause");
|
system("pause");
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,27 +1,27 @@
|
|||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
// Common version parameters.
|
// Common version parameters.
|
||||||
//
|
//
|
||||||
// Microsoft Research Detours Package, Version 4.0.1
|
// Microsoft Research Detours Package, Version 4.0.1
|
||||||
//
|
//
|
||||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||||
//
|
//
|
||||||
|
|
||||||
#define _USING_V110_SDK71_ 1
|
#define _USING_V110_SDK71_ 1
|
||||||
#include "winver.h"
|
#include "winver.h"
|
||||||
#if 0
|
#if 0
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <detours.h>
|
#include <detours.h>
|
||||||
#else
|
#else
|
||||||
#ifndef DETOURS_STRINGIFY
|
#ifndef DETOURS_STRINGIFY
|
||||||
#define DETOURS_STRINGIFY_(x) #x
|
#define DETOURS_STRINGIFY_(x) #x
|
||||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define VER_FILEFLAGSMASK 0x3fL
|
#define VER_FILEFLAGSMASK 0x3fL
|
||||||
#define VER_FILEFLAGS 0x0L
|
#define VER_FILEFLAGS 0x0L
|
||||||
#define VER_FILEOS 0x00040004L
|
#define VER_FILEOS 0x00040004L
|
||||||
#define VER_FILETYPE 0x00000002L
|
#define VER_FILETYPE 0x00000002L
|
||||||
#define VER_FILESUBTYPE 0x00000000L
|
#define VER_FILESUBTYPE 0x00000000L
|
||||||
#endif
|
#endif
|
||||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||||
|
@ -1,89 +1,89 @@
|
|||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
// Detours Test Program (syelog.h of syelog.lib)
|
// Detours Test Program (syelog.h of syelog.lib)
|
||||||
//
|
//
|
||||||
// Microsoft Research Detours Package
|
// Microsoft Research Detours Package
|
||||||
//
|
//
|
||||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||||
//
|
//
|
||||||
#pragma once
|
#pragma once
|
||||||
#ifndef _SYELOGD_H_
|
#ifndef _SYELOGD_H_
|
||||||
#define _SYELOGD_H_
|
#define _SYELOGD_H_
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
#pragma pack(push, 1)
|
||||||
#pragma warning(push)
|
#pragma warning(push)
|
||||||
#pragma warning(disable: 4200)
|
#pragma warning(disable: 4200)
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
//
|
//
|
||||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||||
#ifdef UNICODE
|
#ifdef UNICODE
|
||||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||||
#else
|
#else
|
||||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||||
|
|
||||||
typedef struct _SYELOG_MESSAGE
|
typedef struct _SYELOG_MESSAGE
|
||||||
{
|
{
|
||||||
USHORT nBytes;
|
USHORT nBytes;
|
||||||
BYTE nFacility;
|
BYTE nFacility;
|
||||||
BYTE nSeverity;
|
BYTE nSeverity;
|
||||||
DWORD nProcessId;
|
DWORD nProcessId;
|
||||||
FILETIME ftOccurance;
|
FILETIME ftOccurance;
|
||||||
BOOL fTerminate;
|
BOOL fTerminate;
|
||||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||||
|
|
||||||
|
|
||||||
// Facility Codes.
|
// Facility Codes.
|
||||||
//
|
//
|
||||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||||
|
|
||||||
// Severity Codes.
|
// Severity Codes.
|
||||||
//
|
//
|
||||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||||
|
|
||||||
// Logging Functions.
|
// Logging Functions.
|
||||||
//
|
//
|
||||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||||
VOID SyelogClose(BOOL fTerminate);
|
VOID SyelogClose(BOOL fTerminate);
|
||||||
|
|
||||||
#pragma warning(pop)
|
#pragma warning(pop)
|
||||||
#pragma pack(pop)
|
#pragma pack(pop)
|
||||||
|
|
||||||
#endif // _SYELOGD_H_
|
#endif // _SYELOGD_H_
|
||||||
//
|
//
|
||||||
///////////////////////////////////////////////////////////////// End of File.
|
///////////////////////////////////////////////////////////////// End of File.
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,27 +1,27 @@
|
|||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
// Common version parameters.
|
// Common version parameters.
|
||||||
//
|
//
|
||||||
// Microsoft Research Detours Package, Version 4.0.1
|
// Microsoft Research Detours Package, Version 4.0.1
|
||||||
//
|
//
|
||||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||||
//
|
//
|
||||||
|
|
||||||
#define _USING_V110_SDK71_ 1
|
#define _USING_V110_SDK71_ 1
|
||||||
#include "winver.h"
|
#include "winver.h"
|
||||||
#if 0
|
#if 0
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
#include <detours.h>
|
#include <detours.h>
|
||||||
#else
|
#else
|
||||||
#ifndef DETOURS_STRINGIFY
|
#ifndef DETOURS_STRINGIFY
|
||||||
#define DETOURS_STRINGIFY_(x) #x
|
#define DETOURS_STRINGIFY_(x) #x
|
||||||
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
#define DETOURS_STRINGIFY(x) DETOURS_STRINGIFY_(x)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define VER_FILEFLAGSMASK 0x3fL
|
#define VER_FILEFLAGSMASK 0x3fL
|
||||||
#define VER_FILEFLAGS 0x0L
|
#define VER_FILEFLAGS 0x0L
|
||||||
#define VER_FILEOS 0x00040004L
|
#define VER_FILEOS 0x00040004L
|
||||||
#define VER_FILETYPE 0x00000002L
|
#define VER_FILETYPE 0x00000002L
|
||||||
#define VER_FILESUBTYPE 0x00000000L
|
#define VER_FILESUBTYPE 0x00000000L
|
||||||
#endif
|
#endif
|
||||||
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
#define VER_DETOURS_BITS DETOURS_STRINGIFY(DETOURS_BITS)
|
||||||
|
@ -1,89 +1,89 @@
|
|||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
// Detours Test Program (syelog.h of syelog.lib)
|
// Detours Test Program (syelog.h of syelog.lib)
|
||||||
//
|
//
|
||||||
// Microsoft Research Detours Package
|
// Microsoft Research Detours Package
|
||||||
//
|
//
|
||||||
// Copyright (c) Microsoft Corporation. All rights reserved.
|
// Copyright (c) Microsoft Corporation. All rights reserved.
|
||||||
//
|
//
|
||||||
#pragma once
|
#pragma once
|
||||||
#ifndef _SYELOGD_H_
|
#ifndef _SYELOGD_H_
|
||||||
#define _SYELOGD_H_
|
#define _SYELOGD_H_
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
#pragma pack(push, 1)
|
||||||
#pragma warning(push)
|
#pragma warning(push)
|
||||||
#pragma warning(disable: 4200)
|
#pragma warning(disable: 4200)
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
//
|
//
|
||||||
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
#define SYELOG_PIPE_NAMEA "\\\\.\\pipe\\syelog"
|
||||||
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
#define SYELOG_PIPE_NAMEW L"\\\\.\\pipe\\syelog"
|
||||||
#ifdef UNICODE
|
#ifdef UNICODE
|
||||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEW
|
||||||
#else
|
#else
|
||||||
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
#define SYELOG_PIPE_NAME SYELOG_PIPE_NAMEA
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//////////////////////////////////////////////////////////////////////////////
|
//////////////////////////////////////////////////////////////////////////////
|
||||||
//
|
//
|
||||||
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
#define SYELOG_MAXIMUM_MESSAGE 4086 // 4096 - sizeof(header stuff)
|
||||||
|
|
||||||
typedef struct _SYELOG_MESSAGE
|
typedef struct _SYELOG_MESSAGE
|
||||||
{
|
{
|
||||||
USHORT nBytes;
|
USHORT nBytes;
|
||||||
BYTE nFacility;
|
BYTE nFacility;
|
||||||
BYTE nSeverity;
|
BYTE nSeverity;
|
||||||
DWORD nProcessId;
|
DWORD nProcessId;
|
||||||
FILETIME ftOccurance;
|
FILETIME ftOccurance;
|
||||||
BOOL fTerminate;
|
BOOL fTerminate;
|
||||||
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
CHAR szMessage[SYELOG_MAXIMUM_MESSAGE];
|
||||||
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
} SYELOG_MESSAGE, *PSYELOG_MESSAGE;
|
||||||
|
|
||||||
|
|
||||||
// Facility Codes.
|
// Facility Codes.
|
||||||
//
|
//
|
||||||
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
#define SYELOG_FACILITY_KERNEL 0x10 // OS Kernel
|
||||||
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
#define SYELOG_FACILITY_SECURITY 0x20 // OS Security
|
||||||
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
#define SYELOG_FACILITY_LOGGING 0x30 // OS Logging-internal
|
||||||
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
#define SYELOG_FACILITY_SERVICE 0x40 // User-mode system daemon
|
||||||
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
#define SYELOG_FACILITY_APPLICATION 0x50 // User-mode application
|
||||||
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
#define SYELOG_FACILITY_USER 0x60 // User self-generated.
|
||||||
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL0 0x70 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL1 0x71 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL2 0x72 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL3 0x73 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL4 0x74 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL5 0x75 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL6 0x76 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL7 0x77 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL8 0x78 // Locally defined.
|
||||||
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
#define SYELOG_FACILITY_LOCAL9 0x79 // Locally defined.
|
||||||
|
|
||||||
// Severity Codes.
|
// Severity Codes.
|
||||||
//
|
//
|
||||||
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
#define SYELOG_SEVERITY_FATAL 0x00 // System is dead.
|
||||||
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
#define SYELOG_SEVERITY_ALERT 0x10 // Take action immediately.
|
||||||
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
#define SYELOG_SEVERITY_CRITICAL 0x20 // Critical condition.
|
||||||
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
#define SYELOG_SEVERITY_ERROR 0x30 // Error
|
||||||
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
#define SYELOG_SEVERITY_WARNING 0x40 // Warning
|
||||||
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
#define SYELOG_SEVERITY_NOTICE 0x50 // Significant condition.
|
||||||
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
#define SYELOG_SEVERITY_INFORMATION 0x60 // Informational
|
||||||
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
#define SYELOG_SEVERITY_AUDIT_FAIL 0x66 // Audit Failed
|
||||||
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
#define SYELOG_SEVERITY_AUDIT_PASS 0x67 // Audit Succeeeded
|
||||||
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
#define SYELOG_SEVERITY_DEBUG 0x70 // Debugging
|
||||||
|
|
||||||
// Logging Functions.
|
// Logging Functions.
|
||||||
//
|
//
|
||||||
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
VOID SyelogOpen(PCSTR pszIdentifier, BYTE nFacility);
|
||||||
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
VOID Syelog(BYTE nSeverity, PCSTR pszMsgf, ...);
|
||||||
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
VOID SyelogV(BYTE nSeverity, PCSTR pszMsgf, va_list args);
|
||||||
VOID SyelogClose(BOOL fTerminate);
|
VOID SyelogClose(BOOL fTerminate);
|
||||||
|
|
||||||
#pragma warning(pop)
|
#pragma warning(pop)
|
||||||
#pragma pack(pop)
|
#pragma pack(pop)
|
||||||
|
|
||||||
#endif // _SYELOGD_H_
|
#endif // _SYELOGD_H_
|
||||||
//
|
//
|
||||||
///////////////////////////////////////////////////////////////// End of File.
|
///////////////////////////////////////////////////////////////// End of File.
|
||||||
|
@ -1,3 +1,3 @@
|
|||||||
Please include microsoft detour binaries here.
|
Please include microsoft detour binaries here.
|
||||||
|
|
||||||
https://github.com/Microsoft/Detours/blob/master/samples/README.TXT
|
https://github.com/Microsoft/Detours/blob/master/samples/README.TXT
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,174 +1,174 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
<ItemGroup Label="ProjectConfigurations">
|
<ItemGroup Label="ProjectConfigurations">
|
||||||
<ProjectConfiguration Include="Debug|Win32">
|
<ProjectConfiguration Include="Debug|Win32">
|
||||||
<Configuration>Debug</Configuration>
|
<Configuration>Debug</Configuration>
|
||||||
<Platform>Win32</Platform>
|
<Platform>Win32</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Release|Win32">
|
<ProjectConfiguration Include="Release|Win32">
|
||||||
<Configuration>Release</Configuration>
|
<Configuration>Release</Configuration>
|
||||||
<Platform>Win32</Platform>
|
<Platform>Win32</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Debug|x64">
|
<ProjectConfiguration Include="Debug|x64">
|
||||||
<Configuration>Debug</Configuration>
|
<Configuration>Debug</Configuration>
|
||||||
<Platform>x64</Platform>
|
<Platform>x64</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
<ProjectConfiguration Include="Release|x64">
|
<ProjectConfiguration Include="Release|x64">
|
||||||
<Configuration>Release</Configuration>
|
<Configuration>Release</Configuration>
|
||||||
<Platform>x64</Platform>
|
<Platform>x64</Platform>
|
||||||
</ProjectConfiguration>
|
</ProjectConfiguration>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<PropertyGroup Label="Globals">
|
<PropertyGroup Label="Globals">
|
||||||
<VCProjectVersion>16.0</VCProjectVersion>
|
<VCProjectVersion>16.0</VCProjectVersion>
|
||||||
<ProjectGuid>{089CA7D6-3277-4998-86AF-F6413290A442}</ProjectGuid>
|
<ProjectGuid>{089CA7D6-3277-4998-86AF-F6413290A442}</ProjectGuid>
|
||||||
<Keyword>Win32Proj</Keyword>
|
<Keyword>Win32Proj</Keyword>
|
||||||
<RootNamespace>dumper</RootNamespace>
|
<RootNamespace>dumper</RootNamespace>
|
||||||
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
|
||||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
|
||||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
<UseDebugLibraries>true</UseDebugLibraries>
|
<UseDebugLibraries>true</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
|
||||||
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
<ConfigurationType>DynamicLibrary</ConfigurationType>
|
||||||
<UseDebugLibraries>false</UseDebugLibraries>
|
<UseDebugLibraries>false</UseDebugLibraries>
|
||||||
<PlatformToolset>v142</PlatformToolset>
|
<PlatformToolset>v142</PlatformToolset>
|
||||||
<WholeProgramOptimization>true</WholeProgramOptimization>
|
<WholeProgramOptimization>true</WholeProgramOptimization>
|
||||||
<CharacterSet>Unicode</CharacterSet>
|
<CharacterSet>Unicode</CharacterSet>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
|
||||||
<ImportGroup Label="ExtensionSettings">
|
<ImportGroup Label="ExtensionSettings">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="Shared">
|
<ImportGroup Label="Shared">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
<PropertyGroup Label="UserMacros" />
|
<PropertyGroup Label="UserMacros" />
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<LinkIncremental>true</LinkIncremental>
|
<LinkIncremental>true</LinkIncremental>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<LinkIncremental>true</LinkIncremental>
|
<LinkIncremental>true</LinkIncremental>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<LinkIncremental>false</LinkIncremental>
|
<LinkIncremental>false</LinkIncremental>
|
||||||
<IncludePath>$(SolutionDir)\detour\86\include;$(IncludePath)</IncludePath>
|
<IncludePath>$(SolutionDir)\detour\86\include;$(IncludePath)</IncludePath>
|
||||||
<LibraryPath>$(SolutionDir)\detour\86\lib;$(LibraryPath)</LibraryPath>
|
<LibraryPath>$(SolutionDir)\detour\86\lib;$(LibraryPath)</LibraryPath>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<LinkIncremental>false</LinkIncremental>
|
<LinkIncremental>false</LinkIncremental>
|
||||||
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
<IntDir>$(Platform)\$(Configuration)</IntDir>
|
||||||
<IncludePath>$(SolutionDir)\detour\64\include;$(IncludePath)</IncludePath>
|
<IncludePath>$(SolutionDir)\detour\64\include;$(IncludePath)</IncludePath>
|
||||||
<LibraryPath>$(SolutionDir)\detour\64\lib;$(LibraryPath)</LibraryPath>
|
<LibraryPath>$(SolutionDir)\detour\64\lib;$(LibraryPath)</LibraryPath>
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<EnableUAC>false</EnableUAC>
|
<EnableUAC>false</EnableUAC>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>WIN32;_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;_DEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<EnableUAC>false</EnableUAC>
|
<EnableUAC>false</EnableUAC>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
<OptimizeReferences>true</OptimizeReferences>
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<EnableUAC>false</EnableUAC>
|
<EnableUAC>false</EnableUAC>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
|
||||||
<ClCompile>
|
<ClCompile>
|
||||||
<PrecompiledHeader>Use</PrecompiledHeader>
|
<PrecompiledHeader>Use</PrecompiledHeader>
|
||||||
<WarningLevel>Level3</WarningLevel>
|
<WarningLevel>Level3</WarningLevel>
|
||||||
<FunctionLevelLinking>true</FunctionLevelLinking>
|
<FunctionLevelLinking>true</FunctionLevelLinking>
|
||||||
<IntrinsicFunctions>true</IntrinsicFunctions>
|
<IntrinsicFunctions>true</IntrinsicFunctions>
|
||||||
<SDLCheck>true</SDLCheck>
|
<SDLCheck>true</SDLCheck>
|
||||||
<PreprocessorDefinitions>NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>NDEBUG;DUMPER_EXPORTS;_WINDOWS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<ConformanceMode>true</ConformanceMode>
|
<ConformanceMode>true</ConformanceMode>
|
||||||
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
<PrecompiledHeaderFile>pch.h</PrecompiledHeaderFile>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<Link>
|
<Link>
|
||||||
<SubSystem>Windows</SubSystem>
|
<SubSystem>Windows</SubSystem>
|
||||||
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
<EnableCOMDATFolding>true</EnableCOMDATFolding>
|
||||||
<OptimizeReferences>true</OptimizeReferences>
|
<OptimizeReferences>true</OptimizeReferences>
|
||||||
<GenerateDebugInformation>true</GenerateDebugInformation>
|
<GenerateDebugInformation>true</GenerateDebugInformation>
|
||||||
<EnableUAC>false</EnableUAC>
|
<EnableUAC>false</EnableUAC>
|
||||||
</Link>
|
</Link>
|
||||||
</ItemDefinitionGroup>
|
</ItemDefinitionGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="framework.h" />
|
<ClInclude Include="framework.h" />
|
||||||
<ClInclude Include="pch.h" />
|
<ClInclude Include="pch.h" />
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClCompile Include="dumper.cpp" />
|
<ClCompile Include="dumper.cpp" />
|
||||||
<ClCompile Include="pch.cpp">
|
<ClCompile Include="pch.cpp">
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
|
||||||
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
<PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
|
||||||
<ImportGroup Label="ExtensionTargets">
|
<ImportGroup Label="ExtensionTargets">
|
||||||
</ImportGroup>
|
</ImportGroup>
|
||||||
</Project>
|
</Project>
|
@ -1,33 +1,33 @@
|
|||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<Filter Include="Source Files">
|
<Filter Include="Source Files">
|
||||||
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
<UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
|
||||||
<Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
<Extensions>cpp;c;cc;cxx;c++;def;odl;idl;hpj;bat;asm;asmx</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter Include="Header Files">
|
<Filter Include="Header Files">
|
||||||
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
<UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
|
||||||
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
<Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
<Filter Include="Resource Files">
|
<Filter Include="Resource Files">
|
||||||
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
<UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
|
||||||
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
<Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
|
||||||
</Filter>
|
</Filter>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClInclude Include="framework.h">
|
<ClInclude Include="framework.h">
|
||||||
<Filter>Header Files</Filter>
|
<Filter>Header Files</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
<ClInclude Include="pch.h">
|
<ClInclude Include="pch.h">
|
||||||
<Filter>Header Files</Filter>
|
<Filter>Header Files</Filter>
|
||||||
</ClInclude>
|
</ClInclude>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
<ClCompile Include="pch.cpp">
|
<ClCompile Include="pch.cpp">
|
||||||
<Filter>Source Files</Filter>
|
<Filter>Source Files</Filter>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
<ClCompile Include="dumper.cpp">
|
<ClCompile Include="dumper.cpp">
|
||||||
<Filter>Source Files</Filter>
|
<Filter>Source Files</Filter>
|
||||||
</ClCompile>
|
</ClCompile>
|
||||||
</ItemGroup>
|
</ItemGroup>
|
||||||
</Project>
|
</Project>
|
@ -1,5 +1,5 @@
|
|||||||
#pragma once
|
#pragma once
|
||||||
|
|
||||||
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
|
||||||
// Windows Header Files
|
// Windows Header Files
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
// pch.cpp: source file corresponding to the pre-compiled header
|
// pch.cpp: source file corresponding to the pre-compiled header
|
||||||
|
|
||||||
#include "pch.h"
|
#include "pch.h"
|
||||||
|
|
||||||
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
// When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
|
||||||
|
@ -1,18 +1,18 @@
|
|||||||
// pch.h: This is a precompiled header file.
|
// pch.h: This is a precompiled header file.
|
||||||
// Files listed below are compiled only once, improving build performance for future builds.
|
// Files listed below are compiled only once, improving build performance for future builds.
|
||||||
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
// This also affects IntelliSense performance, including code completion and many code browsing features.
|
||||||
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
// However, files listed here are ALL re-compiled if any one of them is updated between builds.
|
||||||
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
// Do not add files here that you will be updating frequently as this negates the performance advantage.
|
||||||
|
|
||||||
#ifndef PCH_H
|
#ifndef PCH_H
|
||||||
#define PCH_H
|
#define PCH_H
|
||||||
|
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <Windows.h>
|
#include <Windows.h>
|
||||||
#include <Psapi.h>
|
#include <Psapi.h>
|
||||||
#include <string>
|
#include <string>
|
||||||
#include <detours.h>
|
#include <detours.h>
|
||||||
#include <vector>
|
#include <vector>
|
||||||
#pragma comment(lib, "detours.lib")
|
#pragma comment(lib, "detours.lib")
|
||||||
|
|
||||||
#endif //PCH_H
|
#endif //PCH_H
|
||||||
|
Loading…
Reference in New Issue