DisableRealtimeMonitoring toggle

3 years ago · 84b7bcb66e
parent 747a1be05b
commit 84b7bcb66e
4 changed files with 27 additions and 15 deletions
--- a/README.md
+++ b/README.md
@ -403,6 +403,4 @@ CimSystemProperties                           : Microsoft.Management.Infrastruct

 We can find the class here: https://docs.microsoft.com/en-us/dotnet/api/microsoft.management.infrastructure.cimsystemproperties?view=powershellsdk-7.0.0

-It is also located in windows binaries in the following path: C:\Program Files (x86)\Reference Assemblies\Microsoft\WMI\v1.0 
-
-
+It is also located in windows binaries in the following path: C:\Program Files (x86)\Reference Assemblies\Microsoft\WMI\v1.0 
--- a/src/defender-control/main.cpp
+++ b/src/defender-control/main.cpp
@ -11,10 +11,13 @@
 int main()
 {
  printf(DCONTROL::check_defender() ?
-    "Windows defender is ACTIVE\n" :
-    "Windows defender is OFF\n");
+    "Windows defender is ACTIVE turning off..\n" :
+    "Windows defender is OFF turning on...\n");

-  wmic::test_exec();
+  if (DCONTROL::check_defender())
+    wmic::test_exec(true);
+  else
+    wmic::test_exec(false);

  system("pause");

--- a/src/defender-control/wmic.cpp
+++ b/src/defender-control/wmic.cpp
@ -8,7 +8,7 @@ namespace wmic
 {
  // function to test getting executing a command
  //
-  bool test_exec()
+  bool test_exec(BOOL toggle)
  {
    HRESULT hres;

@ -124,9 +124,9 @@ namespace wmic
    //
    VARIANT var_cmd;
    var_cmd.vt = VT_BOOL;
-    var_cmd.boolVal = TRUE;
+    var_cmd.boolVal = toggle;

-    // Store the value for the in parameters
+    // Store the value for the parameters
    //
    hres = class_inst_ptr->Put(L"DisableRealtimeMonitoring", 0,
      &var_cmd, 0);
@ -161,11 +161,22 @@ namespace wmic
    VariantClear(&var_cmd);
    SysFreeString(class_name);
    SysFreeString(method_name);
-    class_ptr->Release();
-    class_inst_ptr->Release();
-    param_def_ptr->Release();
-    loc_ptr->Release();
-    service_ptr->Release();
+
+    if (class_ptr)
+      class_ptr->Release();
+
+    if (class_inst_ptr)
+      class_inst_ptr->Release();
+
+    if (param_def_ptr)
+      param_def_ptr->Release();
+
+    if (loc_ptr)
+      loc_ptr->Release();
+
+    if (service_ptr)
+      service_ptr->Release();
+
    if (pOutParams)
      pOutParams->Release();

--- a/src/defender-control/wmic.hpp
+++ b/src/defender-control/wmic.hpp
@ -11,5 +11,5 @@ namespace wmic
 {
  // function to test getting executing a command
  //
-  bool test_exec();
+  bool test_exec(BOOL toggle);
 }