Archives
/
defender-control
mirror of https://github.com/qtkite/defender-control
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
gui
1.0.0
v1.0
v1.0.0
v1.1
v1.2
v1.3
v1.4
v1.5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6649ae734d'
${ noResults }
defender-control/src/defender-control/dcontrol.cpp

287 lines
6.2 KiB
C++
Raw Blame History

#include "dcontrol.h"
namespace REG
{
// reads a key from HKEY_LOCAL_MACHINE
//
DWORD read_key(const wchar_t* root_name, const wchar_t* value_name, uint32_t flags)
{
LSTATUS status;
HKEY hkey;
DWORD result{};
DWORD buff_sz = sizeof(DWORD);
// https://docs.microsoft.com/en-us/windows/win32/winprog64/accessing-an-alternate-registry-view
status = RegOpenKeyExW(
HKEY_LOCAL_MACHINE,
root_name,
0,
KEY_READ | KEY_WOW64_64KEY,
&hkey
);
if (status)
{
if (flags & DBG_MSG)
std::cout << "Error opening " << root_name << " key" << std::endl;
return -1;
}
status = RegQueryValueExW(
hkey,
value_name,
0, NULL,
reinterpret_cast<LPBYTE>(&result),
&buff_sz
);
if (status)
{
if (flags & DBG_MSG)
std::cout << "Failed to read " << result << std::endl;
return -1;
}
RegCloseKey(hkey);
return result;
}
// creates a registry in HKEY_LOCAL_MACHINE with KEY_ALL_ACCESS permissions
//
bool create_registry(const wchar_t* root_name, HKEY& hkey)
{
LSTATUS status;
DWORD dwDisposition;
status = RegCreateKeyExW(
HKEY_LOCAL_MACHINE,
root_name,
0,
0,
0,
131334,
0,
&hkey,
&dwDisposition
);
if (status)
{
std::wcout << "could not find or create " << root_name << " error: " << status << std::endl;
return false;
}
return true;
}
bool set_keyval(HKEY& hkey, const wchar_t* value_name, DWORD value)
{
auto ret = RegSetValueExW(hkey, value_name, 0, REG_DWORD,
reinterpret_cast<LPBYTE>(&value), 4);
if (ret)
{
std::cout << "Set error: " << ret << std::endl;
return false;
}
return true;
}
bool set_keyval_bin(HKEY& hkey, const wchar_t* value_name, DWORD value)
{
auto ret = RegSetValueExW(hkey, value_name, 0, REG_BINARY,
reinterpret_cast<LPBYTE>(&value), 12);
if (ret)
{
std::cout << "Set error: " << ret << std::endl;
return false;
}
return true;
}
}
namespace WMIC
{
}
namespace DCONTROL
{
// Sets the programs debug priviliges
bool set_privilege(LPCSTR privilege, BOOL enable)
{
TOKEN_PRIVILEGES priv = { 0,0,0,0 };
HANDLE token = nullptr;
LUID luid = { 0,0 };
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &token))
{
if (token)
CloseHandle(token);
return false;
}
if (!LookupPrivilegeValueA(nullptr, SE_DEBUG_NAME, &luid))
{
if (token)
CloseHandle(token);
return false;
}
priv.PrivilegeCount = 1;
priv.Privileges[0].Luid = luid;
priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(token, false, &priv, 0, nullptr, nullptr))
{
if (token)
CloseHandle(token);
return false;
}
if (token)
CloseHandle(token);
return true;
}
char sub_43604B()
{
char v0; // bl
SC_HANDLE v1; // eax
SC_HANDLE v2; // esi
void* v3; // eax
v0 = 0;
v1 = OpenSCManagerW(0, 0, 8u);
v2 = v1;
if (v1)
{
v3 = LockServiceDatabase(v1);
if (v3)
{
UnlockServiceDatabase(v3);
CloseServiceHandle(v2);
return 1;
}
if (GetLastError() == 1055)
v0 = 1;
CloseServiceHandle(v2);
}
return v0;
}
// disables window defender
//
bool disable_defender()
{
if (!sub_43604B())
{
std::cout << "permission error" << std::endl;
return false;
}
set_privilege(SE_DEBUG_NAME, TRUE);
HKEY hkey;
// DisableAntiSpyware
{
if (!REG::create_registry(L"SOFTWARE\\Policies\\Microsoft\\Windows Defender", hkey))
{
std::cout << "failed to access Policies" << std::endl;
return false;
}
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
{
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
return false;
}
#if 0
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender", hkey))
{
std::cout << "failed to access Windows Defender" << std::endl;
return false;
}
if (!REG::set_keyval(hkey, L"DisableAntiSpyware", 1))
{
std::cout << "failed to write to DisableAntiSpyware" << std::endl;
return false;
}
#endif
}
// Start (3 off) (2 on)
{
if (!REG::create_registry(L"SYSTEM\\CurrentControlSet\\Services\\WinDefend", hkey))
{
std::cout << "failed to access CurrentControlSet" << std::endl;
return false;
}
if (!REG::set_keyval(hkey, L"Start", 3))
{
std::cout << "failed to write to Start" << std::endl;
return false;
}
}
std::cout << "Wrote to Start" << std::endl;
// SecurityHealth
{
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run", hkey))
{
std::cout << "failed to access CurrentVersion" << std::endl;
return false;
}
if (!REG::set_keyval_bin(hkey, L"SecurityHealth", 3))
{
std::cout << "failed to write to SecurityHealth" << std::endl;
return false;
}
}
std::cout << "Wrote to SecurityHealth" << std::endl;
#if 0
// DisableRealtimeMonitoring
{
if (!REG::create_registry(L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection", hkey))
{
std::cout << "failed to access registry" << std::endl;
return false;
}
if (!REG::set_keyval(hkey, L"DisableRealtimeMonitoring", 1))
{
std::cout << "failed to disable DisableRealtimeMonitoring" << std::endl;
return false;
}
}
#endif
return true;
}
// Checks whether Real-Time Protection is activated on windows
//
bool check_defender(uint32_t flags)
{
return REG::read_key(
L"SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
L"DisableRealtimeMonitoring") == 0;
}
}
Reference in New Issue View Git Blame Copy Permalink