Joe
1 year ago
3 changed files with 22 additions and 215 deletions
Split View
Diff Options
-
+22 -40Executables/SFCDEPLOY.bat
-
+0 -175Executables/sfc.cmd
-
BINExecutables/sfc.exe
+ 22
- 40
Executables/SFCDEPLOY.bat
View File
+ 0
- 175
Executables/sfc.cmd
View File
| @ -1,175 +0,0 @@ | |||
| @echo OFF | |||
| setlocal | |||
| REM This script is to prevent users from unknowingly entering sfc /scannow | |||
| REM and causing de-amelioration | |||
| net session > NUL 2>&1 | |||
| if %errorlevel% GTR 0 ( | |||
| echo. | |||
| echo You must be an administrator running a console session in order to | |||
| echo use the sfc utility. | |||
| endlocal & exit /b 1 | |||
| ) else ( | |||
| goto checkScannow | |||
| ) | |||
| :checkScannow | |||
| set "sfcArgs=%*" | |||
| set "sfcArgs=%sfcArgs:"=:AINV:%" | |||
| set "sfcArgs=%sfcArgs:"=:AINV:%" | |||
| echo "%sfcArgs%" | findstr /i /c:"/scannow" > NUL 2>&1 | |||
| if %errorlevel% EQU 0 ( | |||
| goto scannowProcedure | |||
| ) else ( | |||
| goto verifyOnlyProcedure | |||
| ) | |||
| :verifyOnlyProcedure | |||
| if /i "%sfcArgs%"=="/verifyonly" ( | |||
| echo. | |||
| echo Beginning system scan. This process will take some time. | |||
| timeout /t 1 /NOBREAK > NUL 2>&1 | |||
| echo. | |||
| echo Beginning verification phase of system scan. | |||
| timeout /t 2 /NOBREAK > NUL 2>&1 | |||
| echo Verifying... | |||
| REM %* is all the text entered after "sfc ". | |||
| sfc1 %* > NUL 2>&1 | |||
| echo. | |||
| echo Windows Resource Protection found integrity violations. | |||
| echo For online repairs, details are included in the CBS log file located at | |||
| echo windir^\Logs^\CBS^\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline | |||
| echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag. | |||
| endlocal & exit /b 0 | |||
| ) else ( | |||
| goto incorrectSyntaxMessage ) | |||
| :incorrectSyntaxMessage | |||
| sfc1 %sfcArgs% > NUL 2>&1 | |||
| if %errorlevel% GTR 0 ( | |||
| echo. | |||
| echo System File Checker | |||
| echo. | |||
| echo Scans the integrity of all protected system files and replaces incorrect versions with | |||
| echo correct Microsoft versions. | |||
| echo. | |||
| echo SFC ^[^/SCANNOW^] ^[^/VERIFYONLY^] ^[^/SCANFILE^=^<file^>^] ^[^/VERIFYFILE^=^<file^>] | |||
| echo ^[^/OFFWINDIR^=^<offline windows directory^> ^/OFFBOOTDIR^=^<offline boot directory^> ^[^/OFFLOGFILE^=^<log file path^>^]^] | |||
| echo. | |||
| echo ^/SCANNOW Scans integrity of all protected system files and repairs files with | |||
| echo problems when possible. | |||
| echo ^/VERIFYONLY Scans integrity of all protected system files. No repair operation is | |||
| echo performed. | |||
| echo ^/SCANFILE Scans integrity of the referenced file, repairs file if problems are | |||
| echo identified. Specify full path ^<file^> | |||
| echo ^/VERIFYFILE Verifies the integrity of the file with full path ^<file^>. No repair | |||
| echo operation is performed. | |||
| echo ^/OFFBOOTDIR For offline repair, specify the location of the offline boot directory | |||
| echo ^/OFFWINDIR For offline repair, specify the location of the offline windows directory | |||
| echo ^/OFFLOGFILE For offline repair, optionally enable logging by specifying a log file path | |||
| echo. | |||
| echo e.g. | |||
| echo. | |||
| echo sfc ^/SCANNOW | |||
| echo sfc ^/VERIFYFILE^=c^:^\windows^\system32^\kernel32.dll | |||
| echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows | |||
| echo sfc ^/SCANFILE^=d^:^\windows^\system32^\kernel32.dll ^/OFFBOOTDIR^=d^:^\ ^/OFFWINDIR^=d^:^\windows ^/OFFLOGFILE^=c^:^\log.txt | |||
| echo sfc ^/VERIFYONLY | |||
| endlocal & exit /b 2 | |||
| ) else ( | |||
| goto grabCBSInfo | |||
| ) | |||
| :grabCBSInfo | |||
| setlocal EnableDelayedExpansion | |||
| set "count=1" | |||
| for /f "tokens=2 delims=]" %%A in ('PowerShell -command "Get-Content '%SYSTEMROOT%\Logs\CBS\CBS.log' -tail 3"') do ( | |||
| set "var!count!=%%A" | |||
| set /a "count=!count!+1" | |||
| ) | |||
| goto noViolationProcedure | |||
| :noViolationProcedure | |||
| set "var2=%var2:"=:AINV:%" | |||
| set "var2=%var2:"=:AINV:%" | |||
| echo "%var2%" | findstr /i /c:"Beginning" > NUL 2>&1 | |||
| if %errorlevel% EQU 0 ( | |||
| echo. | |||
| echo Windows Resource Protection did not find any integrity violations. | |||
| endlocal & endlocal & exit /b 0 | |||
| ) else ( | |||
| goto foundViolationProcedure | |||
| ) | |||
| :foundViolationProcedure | |||
| set "var1=%var1:"=:AINV:%" | |||
| set "var1=%var1:"=:AINV:%" | |||
| echo "%var1%" | findstr /i /c:"reproject" > NUL 2>&1 | |||
| if %errorlevel% EQU 0 ( | |||
| echo. | |||
| echo Windows Resource Protection found integrity violations. | |||
| echo For online repairs, details are included in the CBS log file located at | |||
| echo windir^\Logs^\CBS\CBS.log. For example C^:^\Windows^\Logs^\CBS^\CBS.log. For offline | |||
| echo repairs, details are included in the log file provided by the ^/OFFLOGFILE flag. | |||
| endlocal & endlocal & exit /b 3 | |||
| ) else ( | |||
| REM This will most likely never happen | |||
| endlocal & goto :unknownResults | |||
| ) | |||
| :unknownResults | |||
| echo. | |||
| echo Cannot output results. Details are included in the CBS log file located at | |||
| echo windir^\Logs^\CBS\CBS.log. | |||
| endlocal & exit /b 4 | |||
| :scannowProcedure | |||
| echo. | |||
| echo This command will cause de-amelioration! DO NOT RUN! | |||
| echo Are you sure you want to run this command? | |||
| echo. | |||
| echo Enter 'Cancel' to Exit | |||
| SET /P "input=Enter 'I know what I'm doing' to Confirm: " | |||
| if "%input%"=="I know what I'm doing" goto scannowSelfDestruct | |||
| if /i "%input%"=="Cancel" endlocal & exit /b 0 | |||
| echo. | |||
| echo Incorrect input entered. | |||
| endlocal & exit /b 5 | |||
| :scannowSelfDestruct | |||
| :: This will cause sfc.cmd to no longer function, unless sfc.cmd is specified. | |||
| :: This is due to the .exe extension being prioritized over .cmd. The PATHEXT environment variable can change this. | |||
| takeown /f %SYSTEMROOT%\System32\sfc1.exe /a > NUL 2>&1 | |||
| icacls %SYSTEMROOT%\System32\sfc1.exe /grant Administrators:F > NUL 2>&1 | |||
| rename %SYSTEMROOT%\System32\sfc1.exe sfc.exe > NUL 2>&1 | |||
| :: Copy ACL from diskmgmt.msc to sfc.exe. Essentially resetting sfc.exe's ACL. | |||
| PowerShell -NoP -C "Get-Acl %SYSTEMROOT%\System32\diskmgmt.msc | Set-Acl %SYSTEMROOT%\System32\sfc.exe" > NUL 2>&1 | |||
| :: Self-destruction | |||
| takeown /f %SYSTEMROOT%\System32\sfc.cmd /a > NUL 2>&1 | |||
| icacls %SYSTEMROOT%\System32\sfc.cmd /grant Administrators:F > NUL 2>&1 | |||
| (GOTO) 2>NUL & del /q /f "%~f0">NUL 2>&1 & sfc %* | |||