|
|
@ -1,175 +0,0 @@ |
|
|
|
@echo OFF |
|
|
|
setlocal |
|
|
|
|
|
|
|
REM This script is to prevent users from unknowingly entering sfc /scannow |
|
|
|
REM and causing de-amelioration |
|
|
|
|
|
|
|
net session > NUL 2>&1 |
|
|
|
if %errorlevel% GTR 0 ( |
|
|
|
echo. |
|
|
|
echo You must be an administrator running a console session in order to |
|
|
|
echo use the sfc utility. |
|
|
|
|
|
|
|
endlocal & exit /b 1 |
|
|
|
) else ( |
|
|
|
goto checkScannow |
|
|
|
) |
|
|
|
|
|
|
|
:checkScannow |
|
|
|
|
|
|
|
set "sfcArgs=%*" |
|
|
|
set "sfcArgs=%sfcArgs:"=:AINV:%" |
|
|
|
set "sfcArgs=%sfcArgs:"=:AINV:%" |
|
|
|
|
|
|
|
echo "%sfcArgs%" | findstr /i /c:"/scannow" > NUL 2>&1 |
|
|
|
if %errorlevel% EQU 0 ( |
|
|
|
goto scannowProcedure |
|
|
|
) else ( |
|
|
|
goto verifyOnlyProcedure |
|
|
|
) |
|
|
|
|
|
|
|
:verifyOnlyProcedure |
|
|
|
|
|
|
|
if /i "%sfcArgs%"=="/verifyonly" ( |
|
|
|
echo. |
|
|
|
echo Beginning system scan. This process will take some time. |
|
|
|
timeout /t 1 /NOBREAK > NUL 2>&1 |
|
|
|
echo. |
|
|
|
echo Beginning verification phase of system scan. |
|
|
|
timeout /t 2 /NOBREAK > NUL 2>&1 |
|
|
|
echo Verifying... |
|
|
|
|
|
|
|
REM %* is all the text entered after "sfc ". |
|
|
|
sfc1 %* > NUL 2>&1 |
|
|
|
|
|
|
|
echo. |
|
|
|
echo Windows Resource Protection found integrity violations. |
|
|
|
echo For online repairs, details are included in the CBS log file located at |
|
|
|
echo windir^\Logs^\CBS^\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline |
|
|
|
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag. |
|
|
|
|
|
|
|
endlocal & exit /b 0 |
|
|
|
) else ( |
|
|
|
goto incorrectSyntaxMessage ) |
|
|
|
|
|
|
|
:incorrectSyntaxMessage |
|
|
|
|
|
|
|
sfc1 %sfcArgs% > NUL 2>&1 |
|
|
|
if %errorlevel% GTR 0 ( |
|
|
|
|
|
|
|
echo. |
|
|
|
echo System File Checker |
|
|
|
echo. |
|
|
|
echo Scans the integrity of all protected system files and replaces incorrect versions with |
|
|
|
echo correct Microsoft versions. |
|
|
|
echo. |
|
|
|
echo SFC ^[^/SCANNOW^] ^[^/VERIFYONLY^] ^[^/SCANFILE^=^<file^>^] ^[^/VERIFYFILE^=^<file^>] |
|
|
|
echo ^[^/OFFWINDIR^=^<offline windows directory^> ^/OFFBOOTDIR^=^<offline boot directory^> ^[^/OFFLOGFILE^=^<log file path^>^]^] |
|
|
|
echo. |
|
|
|
echo ^/SCANNOW Scans integrity of all protected system files and repairs files with |
|
|
|
echo problems when possible. |
|
|
|
echo ^/VERIFYONLY Scans integrity of all protected system files. No repair operation is |
|
|
|
echo performed. |
|
|
|
echo ^/SCANFILE Scans integrity of the referenced file, repairs file if problems are |
|
|
|
echo identified. Specify full path ^<file^> |
|
|
|
echo ^/VERIFYFILE Verifies the integrity of the file with full path ^<file^>. No repair |
|
|
|
echo operation is performed. |
|
|
|
echo ^/OFFBOOTDIR For offline repair, specify the location of the offline boot directory |
|
|
|
echo ^/OFFWINDIR For offline repair, specify the location of the offline windows directory |
|
|
|
echo ^/OFFLOGFILE For offline repair, optionally enable logging by specifying a log file path |
|
|
|
echo. |
|
|
|
echo e.g. |
|
|
|
echo. |
|
|
|
echo sfc ^/SCANNOW |
|
|
|
echo sfc ^/VERIFYFILE^=c^:^\windows^\system32^\kernel32.dll |
|
|
|
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows |
|
|
|
echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows ^/OFFLOGFILE^=c^:^\log.txt |
|
|
|
echo sfc ^/VERIFYONLY |
|
|
|
|
|
|
|
endlocal & exit /b 2 |
|
|
|
) else ( |
|
|
|
goto grabCBSInfo |
|
|
|
) |
|
|
|
|
|
|
|
:grabCBSInfo |
|
|
|
|
|
|
|
setlocal EnableDelayedExpansion |
|
|
|
set "count=1" |
|
|
|
for /f "tokens=2 delims=]" %%A in ('PowerShell -command "Get-Content '%SYSTEMROOT%\Logs\CBS\CBS.log' -tail 3"') do ( |
|
|
|
set "var!count!=%%A" |
|
|
|
set /a "count=!count!+1" |
|
|
|
) |
|
|
|
goto noViolationProcedure |
|
|
|
|
|
|
|
:noViolationProcedure |
|
|
|
|
|
|
|
set "var2=%var2:"=:AINV:%" |
|
|
|
set "var2=%var2:"=:AINV:%" |
|
|
|
echo "%var2%" | findstr /i /c:"Beginning" > NUL 2>&1 |
|
|
|
if %errorlevel% EQU 0 ( |
|
|
|
echo. |
|
|
|
echo Windows Resource Protection did not find any integrity violations. |
|
|
|
|
|
|
|
endlocal & endlocal & exit /b 0 |
|
|
|
) else ( |
|
|
|
goto foundViolationProcedure |
|
|
|
) |
|
|
|
|
|
|
|
:foundViolationProcedure |
|
|
|
|
|
|
|
set "var1=%var1:"=:AINV:%" |
|
|
|
set "var1=%var1:"=:AINV:%" |
|
|
|
echo "%var1%" | findstr /i /c:"reproject" > NUL 2>&1 |
|
|
|
if %errorlevel% EQU 0 ( |
|
|
|
echo. |
|
|
|
echo Windows Resource Protection found integrity violations. |
|
|
|
echo For online repairs, details are included in the CBS log file located at |
|
|
|
echo windir^\Logs^\CBS\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline |
|
|
|
echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag. |
|
|
|
|
|
|
|
endlocal & endlocal & exit /b 3 |
|
|
|
) else ( |
|
|
|
REM This will most likely never happen |
|
|
|
endlocal & goto :unknownResults |
|
|
|
) |
|
|
|
|
|
|
|
:unknownResults |
|
|
|
|
|
|
|
echo. |
|
|
|
echo Cannot output results. Details are included in the CBS log file located at |
|
|
|
echo windir^\Logs^\CBS\CBS.log. |
|
|
|
|
|
|
|
endlocal & exit /b 4 |
|
|
|
|
|
|
|
:scannowProcedure |
|
|
|
|
|
|
|
echo. |
|
|
|
echo This command will cause de-amelioration! DO NOT RUN! |
|
|
|
echo Are you sure you want to run this command? |
|
|
|
echo. |
|
|
|
echo Enter 'Cancel' to Exit |
|
|
|
|
|
|
|
SET /P "input=Enter 'I know what I'm doing' to Confirm: " |
|
|
|
if "%input%"=="I know what I'm doing" goto scannowSelfDestruct |
|
|
|
if /i "%input%"=="Cancel" endlocal & exit /b 0 |
|
|
|
|
|
|
|
echo. |
|
|
|
echo Incorrect input entered. |
|
|
|
|
|
|
|
endlocal & exit /b 5 |
|
|
|
|
|
|
|
:scannowSelfDestruct |
|
|
|
|
|
|
|
:: This will cause sfc.cmd to no longer function, unless sfc.cmd is specified. |
|
|
|
:: This is due to the .exe extension being prioritized over .cmd. The PATHEXT environment variable can change this. |
|
|
|
takeown /f %SYSTEMROOT%\System32\sfc1.exe /a > NUL 2>&1 |
|
|
|
icacls %SYSTEMROOT%\System32\sfc1.exe /grant Administrators:F > NUL 2>&1 |
|
|
|
rename %SYSTEMROOT%\System32\sfc1.exe sfc.exe > NUL 2>&1 |
|
|
|
|
|
|
|
:: Copy ACL from diskmgmt.msc to sfc.exe. Essentially resetting sfc.exe's ACL. |
|
|
|
PowerShell -NoP -C "Get-Acl %SYSTEMROOT%\System32\diskmgmt.msc | Set-Acl %SYSTEMROOT%\System32\sfc.exe" > NUL 2>&1 |
|
|
|
|
|
|
|
:: Self-destruction |
|
|
|
takeown /f %SYSTEMROOT%\System32\sfc.cmd /a > NUL 2>&1 |
|
|
|
icacls %SYSTEMROOT%\System32\sfc.cmd /grant Administrators:F > NUL 2>&1 |
|
|
|
(GOTO) 2>NUL & del /q /f "%~f0">NUL 2>&1 & sfc %* |