EvilZone
Programming and Scripting => C - C++ => : xC May 07, 2013, 01:58:53 AM
-
Made this from the public documentation of the Windows Defender a couple years back.. not much use nowadays as the defender is quite obsolete.
#include <windows.h>
#include <stdio.h>
bool LoadFunctions( void );
bool WDStatus( void );
bool WDDisable( bool bEnable );
typedef HRESULT ( __stdcall *WDS )( BOOL* );
WDS fWDStatus;
typedef HRESULT ( __stdcall *WDE )( BOOL );
WDE fWDEnable;
bool LoadFunctions()
{
char szBuffer[256];
if( GetEnvironmentVariable( "ProgramFiles", szBuffer, sizeof( szBuffer ) ) )
{
strcat( szBuffer, "/Windows Defender/MpClient.dll" ); //
HMODULE hMpClient = LoadLibrary( szBuffer );
if( hMpClient != NULL)
{
fWDStatus = (WDS) GetProcAddress( hMpClient, "WDStatus" );
fWDEnable = (WDE) GetProcAddress( hMpClient, "WDEnable" );
if( fWDStatus != NULL || fWDEnable != NULL )
{
return( true );
}
}
}
return( false );
}
bool WDStatus()
{
BOOL bStatus;
HRESULT hResult = fWDStatus( &bStatus );
if( hResult == S_OK ) {
switch( bStatus ) {
case TRUE:
return( true );
}
}
return( false );
}
bool WDDisable( bool bEnable ) //false = disable, true = enable
{
HRESULT hResult = fWDEnable( bEnable );
if( hResult == S_OK) {
return( true );
}
return( false );
}
int main()
{
if( LoadFunctions( ) == true ) {//loaded
if( WDStatus( ) == true ) { //enabled
WDDisable( false ); //disable
}
}
getchar( );
return( 0 );
}
-
MS Defender is not obsolete, it is enabled in all newly installed systems and a regular douchebag doesn't know about it or doesn't care to turn it off.
-
Maybe obsolete wasn't the best word for what I meant. However, it doesn't seem to detect much malicious activity. Also, thanks for your comment.