|
|
|
@ -53,11 +53,10 @@ namespace REG
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// creates a registry
|
|
|
|
|
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
|
|
|
|
|
//
|
|
|
|
|
bool create_registry(const wchar_t* root_name)
|
|
|
|
|
bool create_registry(const wchar_t* root_name, HKEY& hkey)
|
|
|
|
|
{
|
|
|
|
|
HKEY hkey;
|
|
|
|
|
LSTATUS status;
|
|
|
|
|
|
|
|
|
|
status = RegOpenKeyExW(
|
|
|
|
@ -68,21 +67,55 @@ namespace REG
|
|
|
|
|
&hkey
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!status)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
status = RegCreateKeyExW(
|
|
|
|
|
HKEY_LOCAL_MACHINE,
|
|
|
|
|
root_name,
|
|
|
|
|
0, 0,
|
|
|
|
|
REG_OPTION_NON_VOLATILE,
|
|
|
|
|
KEY_ALL_ACCESS, 0,
|
|
|
|
|
&hkey,
|
|
|
|
|
0
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (status)
|
|
|
|
|
{
|
|
|
|
|
std::cout << "Error creating registry " << root_name << std::endl;
|
|
|
|
|
std::cout << "could not find or create " << root_name << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
|
|
|
|
{
|
|
|
|
|
if (RegSetValueExW(hkey, value_name, 0, REG_DWORD,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), sizeof(DWORD)))
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
|
|
|
|
|
{
|
|
|
|
|
if (RegSetValueExW(hkey, value_name, 0, REG_BINARY,
|
|
|
|
|
reinterpret_cast<LPBYTE>(&value), sizeof(DWORD)))
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
namespace DCONTROL
|
|
|
|
|
{
|
|
|
|
|
// disables window defender
|
|
|
|
|
//
|
|
|
|
|
bool disable_control()
|
|
|
|
|
bool disable_defender()
|
|
|
|
|
{
|
|
|
|
|
// create DisableRealtimeMonitoring if it does not exist then set value to 1
|
|
|
|
|
// [RegCreateKeyExW]
|
|
|
|
@ -113,6 +146,80 @@ namespace DCONTROL
|
|
|
|
|
// lpValueName: SOFTWARE\Microsoft\Windows Defender\Real-Time Protection
|
|
|
|
|
// [RegQueryValueExW]
|
|
|
|
|
// lpValueName: DisableRealtimeMonitoring
|
|
|
|
|
|
|
|
|
|
HKEY hkey;
|
|
|
|
|
|
|
|
|
|
// SecurityHealth
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access CurrentVersion" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to SecurityHealth" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Start (3 off) (2 on)
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access CurrentControlSet" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"Start", 3))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to Start" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DisableAntiSpyware
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access Policies" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access Windows Defender" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DisableRealtimeMonitoring
|
|
|
|
|
{
|
|
|
|
|
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to access registry" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
|
|
|
|
|
{
|
|
|
|
|
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|