8 changed files with 25 additions and 72 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,7 @@
 Open source windows defender disabler.   
 Now you can disable windows defender permanently!   
 Tested from Windows 10 20H2.  
+Also working on Windows 11 (earlier versions)

 ## What is this project?  
 We all know that disabling windefender is very difficult since microsoft is constantly enforcing changes.  
@ -9,13 +10,6 @@ The first solution is to install an anti-virus - but thats not the point if we a
 The next easiest solution is to use freeware thats already available on the internet - but none of them are native & open source...  
 I like open source, so I made a safe to use open source defender control.  

-## On windows updates / Windows 11
-Sometimes windows decides to update and turn itself back on.  
-A common issue is that defender control sometimes doesn't want to disable tamper protection again.  
-Please try turning off tamper protection manually then running disable-defender.exe again before posting an issue.  
-
-![Tamper](https://github.com/qtkite/defender-control/blob/main/resources/tamper.png?raw=true)
-
 ## What does it do?
 1. It gains TrustedInstaller permissions
 2. It will disable windefender services + smartscreen
@ -39,6 +33,11 @@ Compile.
 You can find the first release over at the releases on the right.  
 Or alternatively click [here](https://github.com/qtkite/defender-control/releases/tag/v1.2).

-## Windows 11
-Works for earlier versions of Windows 11. Correct registries have not been added yet for the latest version.
-Update, Trusted Installer no longer has effect on the current live versions of Windows 11. Use with caution.
+## Writeup
+If you are interested in how I developed this program check out the writeup [here](https://github.com/qtkite/defender-control/blob/main/Writeup.md).
+
+## TO-DO
+- [ ] Confirm win 11 support
+- [ ] Disable security center
+- [ ] Better cli support 
+- [ ] Build an interface
--- a/research.md
+++ b/research.md
--- a/resources/tamper.png
+++ b/resources/tamper.png
--- a/src/defender-control/dcontrol.cpp
+++ b/src/defender-control/dcontrol.cpp
@ -34,7 +34,7 @@ namespace dcontrol
    // https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-terminateprocess
    // The state of global data maintained by dynamic-link libraries 
    // (DLLs) may be compromised if TerminateProcess is used rather than ExitProcess.
-    // e.g. Injecting code to execute ExitProcess and manually unloaded everything 
+    // e.g. Injecting code to execute ExitProcess

    TerminateProcess(proc, 0);

@ -132,36 +132,7 @@ namespace dcontrol
  //
  bool manage_security_center(bool enable)
  {
-    // handle registry calls
-    // https://superuser.com/questions/1199112/how-to-tell-the-state-of-a-service-from-the-registry
-    // https://stackoverflow.com/questions/291519/how-does-currentcontrolset-differ-from-controlset001-and-controlset002
-    // https://web.archive.org/web/20110514163940/http://support.microsoft.com/kb/103000
-    //
-
-    // auto ret = manage_security_service(enable, "wscsvc");
-
-    HKEY hkey;
-    if (reg::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\wscsvc", hkey))
-    {
-      if (enable)
-      {
-        if (!reg::set_keyval(hkey, L"Start", 2)) // Automatic
-        {
-          printf("failed to write to wscsvc\n");
-          return false;
-        }
-      }
-      else
-      {
-        if (!reg::set_keyval(hkey, L"Start", 4)) // Disabled
-        {
-          printf("failed to write to wscsvc\n");
-          return false;
-        }
-      }
-    }
-
-    return true;
+    return manage_security_service(enable, "wscsvc");
  }

  // Stop or run the windefend service
@ -304,7 +275,9 @@ namespace dcontrol
    // Protected by anti-tamper
    // Start (3 off) (2 on)
    if (reg::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
+    {
      reg::set_keyval(hkey, L"Start", 2);
+    }
    else
      printf("Failed to access CurrentControlSet\n");

--- a/src/defender-control/main.cpp
+++ b/src/defender-control/main.cpp
@ -1,43 +1,25 @@
 // to-do:
 // make a ui for this
-// argument support -s check
 //
 #include "dcontrol.hpp"
 #include "wmic.hpp"
 #include "trusted.hpp"

-bool check_silent(int argc, char** argv)
-{
-  for (int i = 0; i < argc; i++)
-  {
-    if (!strcmp(argv[i], "-s"))
-      return true;
-  }
-  return false;
-}
-
 int main(int argc, char** argv)
 {
-  auto silent = check_silent(argc, argv);
-
  if (!trusted::has_admin())
  {
    printf("Must run as admin!\n");
-
-    if (!silent)
-      system("pause");
-
+    system("pause");
    return EXIT_FAILURE;
  }

  // Because we are a primary token, we can't swap ourselves with an impersonation token.
  // There will always be a need to re-create the process with the token as primary.
-  // we check for argc == 1, assuming we aren't launching with any parameters
-  //
-  if (!trusted::is_system_group()) // && argc == 1
+  if (!trusted::is_system_group() && argc == 1)
  {
    printf("Restarting with privileges\n");
-    trusted::create_process(util::get_current_path().append(silent ? " -s" : ""));
+    trusted::create_process(util::get_current_path());
    return EXIT_SUCCESS;
  }

@ -45,18 +27,16 @@ int main(int argc, char** argv)
  {
    dcontrol::kill_smartscreen();
    dcontrol::manage_windefend(false);
+    dcontrol::manage_security_center(false);
    dcontrol::toggle_tamper(false);

    printf(dcontrol::check_defender() ?
-      "Windows defender is currently ACTIVE\n" :
-      "Windows defender is currently OFF\n");
+      "Windows defender is ACTIVE\n" :
+      "Windows defender is OFF\n");

 #if DEFENDER_CONFIG == DEFENDER_DISABLE
    if (dcontrol::disable_defender())
-    {
-      dcontrol::manage_security_center(false);
      printf("Disabled windows defender!\n");
-    }
    else
      printf("Failed to disable defender...\n");
 #elif DEFENDER_CONFIG == DEFENDER_ENABLE
@ -67,16 +47,12 @@ int main(int argc, char** argv)
 #elif DEFENDER_CONFIG == DEFENDER_GUI
 #endif

-
-
  }
  catch (std::exception e)
  {
    printf("%s\n", e.what());
  }

-  if (!silent)
-    system("pause");
-
+  system("pause");
  return EXIT_SUCCESS;
 }
--- a/src/defender-control/reg.cpp
+++ b/src/defender-control/reg.cpp
@ -12,6 +12,7 @@ namespace reg
    DWORD buff_sz = sizeof(DWORD);

    // https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
+    //
    status = RegOpenKeyExW(
      HKEY_LOCAL_MACHINE,
      root_name,
@ -24,6 +25,7 @@ namespace reg
    {
      if (flags & DBG_MSG)
        wprintf(L"Error opening %ls key \n", root_name);
+
      return -1;
    }

--- a/src/defender-control/trusted.cpp
+++ b/src/defender-control/trusted.cpp
@ -283,4 +283,5 @@ namespace trusted

    return ret;
  }
+
 }
--- a/src/defender-control/wmic.cpp
+++ b/src/defender-control/wmic.cpp
@ -140,4 +140,6 @@ namespace wmic
  {
    return last_error;
  }
+
+
 }