|
@echo OFF
|
|
setlocal
|
|
|
|
REM This script is to prevent users from unknowingly entering sfc /scannow
|
|
REM and causing de-amelioration
|
|
|
|
net session > NUL 2>&1
|
|
if %errorlevel% GTR 0 (
|
|
echo.
|
|
echo You must be an administrator running a console session in order to
|
|
echo use the sfc utility.
|
|
|
|
endlocal & exit /b 1
|
|
) else (
|
|
goto checkScannow
|
|
)
|
|
|
|
:checkScannow
|
|
|
|
set "sfcArgs=%*"
|
|
set "sfcArgs=%sfcArgs:"=:AINV:%"
|
|
set "sfcArgs=%sfcArgs:"=:AINV:%"
|
|
|
|
echo "%sfcArgs%" | findstr /i /c:"/scannow" > NUL 2>&1
|
|
if %errorlevel% EQU 0 (
|
|
goto scannowProcedure
|
|
) else (
|
|
goto verifyOnlyProcedure
|
|
)
|
|
|
|
:verifyOnlyProcedure
|
|
|
|
if /i "%sfcArgs%"=="/verifyonly" (
|
|
echo.
|
|
echo Beginning system scan. This process will take some time.
|
|
timeout /t 1 /NOBREAK > NUL 2>&1
|
|
echo.
|
|
echo Beginning verification phase of system scan.
|
|
timeout /t 2 /NOBREAK > NUL 2>&1
|
|
echo Verifying...
|
|
|
|
REM %* is all the text entered after "sfc ".
|
|
sfc1 %* > NUL 2>&1
|
|
|
|
echo.
|
|
echo Windows Resource Protection found integrity violations.
|
|
echo For online repairs, details are included in the CBS log file located at
|
|
echo windir^\Logs^\CBS^\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline
|
|
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag.
|
|
|
|
endlocal & exit /b 0
|
|
) else (
|
|
goto incorrectSyntaxMessage )
|
|
|
|
:incorrectSyntaxMessage
|
|
|
|
sfc1 %sfcArgs% > NUL 2>&1
|
|
if %errorlevel% GTR 0 (
|
|
|
|
echo.
|
|
echo System File Checker
|
|
echo.
|
|
echo Scans the integrity of all protected system files and replaces incorrect versions with
|
|
echo correct Microsoft versions.
|
|
echo.
|
|
echo SFC ^[^/SCANNOW^] ^[^/VERIFYONLY^] ^[^/SCANFILE^=^<file^>^] ^[^/VERIFYFILE^=^<file^>]
|
|
echo ^[^/OFFWINDIR^=^<offline windows directory^> ^/OFFBOOTDIR^=^<offline boot directory^> ^[^/OFFLOGFILE^=^<log file path^>^]^]
|
|
echo.
|
|
echo ^/SCANNOW Scans integrity of all protected system files and repairs files with
|
|
echo problems when possible.
|
|
echo ^/VERIFYONLY Scans integrity of all protected system files. No repair operation is
|
|
echo performed.
|
|
echo ^/SCANFILE Scans integrity of the referenced file, repairs file if problems are
|
|
echo identified. Specify full path ^<file^>
|
|
echo ^/VERIFYFILE Verifies the integrity of the file with full path ^<file^>. No repair
|
|
echo operation is performed.
|
|
echo ^/OFFBOOTDIR For offline repair, specify the location of the offline boot directory
|
|
echo ^/OFFWINDIR For offline repair, specify the location of the offline windows directory
|
|
echo ^/OFFLOGFILE For offline repair, optionally enable logging by specifying a log file path
|
|
echo.
|
|
echo e.g.
|
|
echo.
|
|
echo sfc ^/SCANNOW
|
|
echo sfc ^/VERIFYFILE^=c^:^\windows^\system32^\kernel32.dll
|
|
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows
|
|
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows ^/OFFLOGFILE^=c^:^\log.txt
|
|
echo sfc ^/VERIFYONLY
|
|
|
|
endlocal & exit /b 2
|
|
) else (
|
|
goto grabCBSInfo
|
|
)
|
|
|
|
:grabCBSInfo
|
|
|
|
setlocal EnableDelayedExpansion
|
|
set "count=1"
|
|
for /f "tokens=2 delims=]" %%A in ('PowerShell -command "Get-Content '%SYSTEMROOT%\Logs\CBS\CBS.log' -tail 3"') do (
|
|
set "var!count!=%%A"
|
|
set /a "count=!count!+1"
|
|
)
|
|
goto noViolationProcedure
|
|
|
|
:noViolationProcedure
|
|
|
|
set "var2=%var2:"=:AINV:%"
|
|
set "var2=%var2:"=:AINV:%"
|
|
echo "%var2%" | findstr /i /c:"Beginning" > NUL 2>&1
|
|
if %errorlevel% EQU 0 (
|
|
echo.
|
|
echo Windows Resource Protection did not find any integrity violations.
|
|
|
|
endlocal & endlocal & exit /b 0
|
|
) else (
|
|
goto foundViolationProcedure
|
|
)
|
|
|
|
:foundViolationProcedure
|
|
|
|
set "var1=%var1:"=:AINV:%"
|
|
set "var1=%var1:"=:AINV:%"
|
|
echo "%var1%" | findstr /i /c:"reproject" > NUL 2>&1
|
|
if %errorlevel% EQU 0 (
|
|
echo.
|
|
echo Windows Resource Protection found integrity violations.
|
|
echo For online repairs, details are included in the CBS log file located at
|
|
echo windir^\Logs^\CBS\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline
|
|
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag.
|
|
|
|
endlocal & endlocal & exit /b 3
|
|
) else (
|
|
REM This will most likely never happen
|
|
endlocal & goto :unknownResults
|
|
)
|
|
|
|
:unknownResults
|
|
|
|
echo.
|
|
echo Cannot output results. Details are included in the CBS log file located at
|
|
echo windir^\Logs^\CBS\CBS.log.
|
|
|
|
endlocal & exit /b 4
|
|
|
|
:scannowProcedure
|
|
|
|
echo.
|
|
echo This command will cause de-amelioration! DO NOT RUN!
|
|
echo Are you sure you want to run this command?
|
|
echo.
|
|
echo Enter 'Cancel' to Exit
|
|
|
|
SET /P "input=Enter 'I know what I'm doing' to Confirm: "
|
|
if "%input%"=="I know what I'm doing" goto scannowSelfDestruct
|
|
if /i "%input%"=="Cancel" endlocal & exit /b 0
|
|
|
|
echo.
|
|
echo Incorrect input entered.
|
|
|
|
endlocal & exit /b 5
|
|
|
|
:scannowSelfDestruct
|
|
|
|
:: This will cause sfc.cmd to no longer function, unless sfc.cmd is specified.
|
|
:: This is due to the .exe extension being prioritized over .cmd. The PATHEXT environment variable can change this.
|
|
takeown /f %SYSTEMROOT%\System32\sfc1.exe /a > NUL 2>&1
|
|
icacls %SYSTEMROOT%\System32\sfc1.exe /grant Administrators:F > NUL 2>&1
|
|
rename %SYSTEMROOT%\System32\sfc1.exe sfc.exe > NUL 2>&1
|
|
|
|
:: Copy ACL from diskmgmt.msc to sfc.exe. Essentially resetting sfc.exe's ACL.
|
|
PowerShell -NoP -C "Get-Acl %SYSTEMROOT%\System32\diskmgmt.msc | Set-Acl %SYSTEMROOT%\System32\sfc.exe" > NUL 2>&1
|
|
|
|
:: Self-destruction
|
|
takeown /f %SYSTEMROOT%\System32\sfc.cmd /a > NUL 2>&1
|
|
icacls %SYSTEMROOT%\System32\sfc.cmd /grant Administrators:F > NUL 2>&1
|
|
(GOTO) 2>NUL & del /q /f "%~f0">NUL 2>&1 & sfc %*
|