Styris
/
AME-11
0
0
Fork 0
Code Issues 9 Pull Requests 0 Projects 1 Releases 4 Wiki Activity
Windows 11 AME playbook for AME Wizard.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
2 Branches
445 MiB
 
 
 
Tree: 02e68fcd7f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '02e68fcd7f'
${ noResults }
AME-11/Executables/sfc.cmd

175 lines
5.6 KiB
Raw Blame History

@echo OFF
setlocal
REM This script is to prevent users from unknowingly entering sfc /scannow
REM and causing de-amelioration
net session > NUL 2>&1
if %errorlevel% GTR 0 (
echo.
echo You must be an administrator running a console session in order to
echo use the sfc utility.
endlocal & exit /b 1
) else (
goto checkScannow
)
:checkScannow
set "sfcArgs=%*"
set "sfcArgs=%sfcArgs:"=:AINV:%"
set "sfcArgs=%sfcArgs:"=:AINV:%"
echo "%sfcArgs%" | findstr /i /c:"/scannow" > NUL 2>&1
if %errorlevel% EQU 0 (
goto scannowProcedure
) else (
goto verifyOnlyProcedure
)
:verifyOnlyProcedure
if /i "%sfcArgs%"=="/verifyonly" (
echo.
echo Beginning system scan. This process will take some time.
timeout /t 1 /NOBREAK > NUL 2>&1
echo.
echo Beginning verification phase of system scan.
timeout /t 2 /NOBREAK > NUL 2>&1
echo Verifying...
REM %* is all the text entered after "sfc ".
sfc1 %* > NUL 2>&1
echo.
echo Windows Resource Protection found integrity violations.
echo For online repairs, details are included in the CBS log file located at
echo windir^\Logs^\CBS^\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag.
endlocal & exit /b 0
) else (
goto incorrectSyntaxMessage )
:incorrectSyntaxMessage
sfc1 %sfcArgs% > NUL 2>&1
if %errorlevel% GTR 0 (
echo.
echo System File Checker
echo.
echo Scans the integrity of all protected system files and replaces incorrect versions with
echo correct Microsoft versions.
echo.
echo SFC ^[^/SCANNOW^] ^[^/VERIFYONLY^] ^[^/SCANFILE^=^<file^>^] ^[^/VERIFYFILE^=^<file^>]
echo ^[^/OFFWINDIR^=^<offline windows directory^> ^/OFFBOOTDIR^=^<offline boot directory^> ^[^/OFFLOGFILE^=^<log file path^>^]^]
echo.
echo ^/SCANNOW Scans integrity of all protected system files and repairs files with
echo problems when possible.
echo ^/VERIFYONLY Scans integrity of all protected system files. No repair operation is
echo performed.
echo ^/SCANFILE Scans integrity of the referenced file, repairs file if problems are
echo identified. Specify full path ^<file^>
echo ^/VERIFYFILE Verifies the integrity of the file with full path ^<file^>. No repair
echo operation is performed.
echo ^/OFFBOOTDIR For offline repair, specify the location of the offline boot directory
echo ^/OFFWINDIR For offline repair, specify the location of the offline windows directory
echo ^/OFFLOGFILE For offline repair, optionally enable logging by specifying a log file path
echo.
echo e.g.
echo.
echo sfc ^/SCANNOW
echo sfc ^/VERIFYFILE^=c^:^\windows^\system32^\kernel32.dll
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows ^/OFFLOGFILE^=c^:^\log.txt
echo sfc ^/VERIFYONLY
endlocal & exit /b 2
) else (
goto grabCBSInfo
)
:grabCBSInfo
setlocal EnableDelayedExpansion
set "count=1"
for /f "tokens=2 delims=]" %%A in ('PowerShell -command "Get-Content '%SYSTEMROOT%\Logs\CBS\CBS.log' -tail 3"') do (
set "var!count!=%%A"
set /a "count=!count!+1"
)
goto noViolationProcedure
:noViolationProcedure
set "var2=%var2:"=:AINV:%"
set "var2=%var2:"=:AINV:%"
echo "%var2%" | findstr /i /c:"Beginning" > NUL 2>&1
if %errorlevel% EQU 0 (
echo.
echo Windows Resource Protection did not find any integrity violations.
endlocal & endlocal & exit /b 0
) else (
goto foundViolationProcedure
)
:foundViolationProcedure
set "var1=%var1:"=:AINV:%"
set "var1=%var1:"=:AINV:%"
echo "%var1%" | findstr /i /c:"reproject" > NUL 2>&1
if %errorlevel% EQU 0 (
echo.
echo Windows Resource Protection found integrity violations.
echo For online repairs, details are included in the CBS log file located at
echo windir^\Logs^\CBS\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag.
endlocal & endlocal & exit /b 3
) else (
REM This will most likely never happen
endlocal & goto :unknownResults
)
:unknownResults
echo.
echo Cannot output results. Details are included in the CBS log file located at
echo windir^\Logs^\CBS\CBS.log.
endlocal & exit /b 4
:scannowProcedure
echo.
echo This command will cause de-amelioration! DO NOT RUN!
echo Are you sure you want to run this command?
echo.
echo Enter 'Cancel' to Exit
SET /P "input=Enter 'I know what I'm doing' to Confirm: "
if "%input%"=="I know what I'm doing" goto scannowSelfDestruct
if /i "%input%"=="Cancel" endlocal & exit /b 0
echo.
echo Incorrect input entered.
endlocal & exit /b 5
:scannowSelfDestruct
:: This will cause sfc.cmd to no longer function, unless sfc.cmd is specified.
:: This is due to the .exe extension being prioritized over .cmd. The PATHEXT environment variable can change this.
takeown /f %SYSTEMROOT%\System32\sfc1.exe /a > NUL 2>&1
icacls %SYSTEMROOT%\System32\sfc1.exe /grant Administrators:F > NUL 2>&1
rename %SYSTEMROOT%\System32\sfc1.exe sfc.exe > NUL 2>&1
:: Copy ACL from diskmgmt.msc to sfc.exe. Essentially resetting sfc.exe's ACL.
PowerShell -NoP -C "Get-Acl %SYSTEMROOT%\System32\diskmgmt.msc | Set-Acl %SYSTEMROOT%\System32\sfc.exe" > NUL 2>&1
:: Self-destruction
takeown /f %SYSTEMROOT%\System32\sfc.cmd /a > NUL 2>&1
icacls %SYSTEMROOT%\System32\sfc.cmd /grant Administrators:F > NUL 2>&1
(GOTO) 2>NUL & del /q /f "%~f0">NUL 2>&1 & sfc %*