爱 地 爱 姆 激 活 鸡,拿回家吧,同学们!
本帖最后由 tt911 于 2024-3-25 09:38 编辑还是分享一下吧。{:1_194:}
**** Hidden Message *****
}
foreach ($lockedKey in $lockedKeys) {
$leafValue = Split-Path -Path $lockedKey.TargetObject -Leaf
$finalValues += $leafValue
Write-Output "$leafValue - Found Locked Key"
}
if ($subKeys -eq $null) {
continue
}
$subKeysToExclude = "LocalServer32", "InProcServer32", "InProcHandler32"
$filteredKeys = $subKeys | Where-Object { !($_.GetSubKeyNames() | Where-Object { $subKeysToExclude -contains $_ }) }
foreach ($key in $filteredKeys) {
$fullPath = $key.PSPath
$keyValues = Get-ItemProperty -Path $fullPath -ErrorAction SilentlyContinue
$defaultValue = $keyValues.PSObject.Properties | Where-Object { $_.Name -eq '(default)' } | Select-Object -ExpandProperty Value
if (($defaultValue -match "^\d+[ DISCUZ_CODE_0 ]quot;) -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Digit In Default and No Subkeys"
continue
}
if (($defaultValue -match "\+|=") -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found + or = In Default and No Subkeys"
continue
}
$versionValue = Get-ItemProperty -Path "$fullPath\Version" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty '(default)' -ErrorAction SilentlyContinue
if (($versionValue -match "^\d+[ DISCUZ_CODE_0 ]quot;) -and ($key.SubKeyCount -eq 1)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Digit In \Version and No Other Subkeys"
continue
}
$keyValues.PSObject.Properties | ForEach-Object {
if ($_.Name -match "MData|Model|scansk|Therad") {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found MData Model scansk Therad"
continue
}
}
if (($key.ValueCount -eq 0) -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Empty Key"
continue
}
}
}
$finalValues = @($finalValues | Select-Object -Unique)
if ($finalValues -ne $null) {
Write-Host
if ($lockKey -ne $null) {
Write-Host "Locking IDM CLSID Registry Keys..."
}
if ($deleteKey -ne $null) {
Write-Host "Deleting IDM CLSID Registry Keys..."
}
Write-Host
} else {
Write-Host "IDM CLSID Registry Keys are not found."
Exit
}
if (($finalValues.Count -gt 20) -and ($toggle -ne $null)) {
$lockKey = $null
$deleteKey = 1
Write-Host "The IDM keys count is more than 20. Deleting them now instead of locking..."
Write-Host
}
function Take-Permissions {
param($rootKey, $regKey)
$AssemblyBuilder = ::CurrentDomain.DefineDynamicAssembly(4, 1)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False)
$TypeBuilder = $ModuleBuilder.DefineType(0)
$TypeBuilder.DefinePInvokeMethod('RtlAdjustPrivilege', 'ntdll.dll', 'Public, Static', 1, , @(, , , .MakeByRefType()), 1, 3) | Out-Null
9,17,18 | ForEach-Object { $TypeBuilder.CreateType()::RtlAdjustPrivilege($_, $true, $false, $false) | Out-Null }
$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$IDN = ($SID.Translate()).Value
$Admin = New-Object System.Security.Principal.NTAccount($IDN)
$everyone = New-Object System.Security.Principal.SecurityIdentifier('S-1-1-0')
$none = New-Object System.Security.Principal.SecurityIdentifier('S-1-0-0')
$key = ::$rootKey.OpenSubKey($regkey, 'ReadWriteSubTree', 'TakeOwnership')
$acl = New-Object System.Security.AccessControl.RegistrySecurity
$acl.SetOwner($Admin)
$key.SetAccessControl($acl)
$key = $key.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions')
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'FullControl', 'ContainerInherit', 'None', 'Allow')
$acl.ResetAccessRule($rule)
$key.SetAccessControl($acl)
if ($lockKey -ne $null) {
$acl = New-Object System.Security.AccessControl.RegistrySecurity
$acl.SetOwner($none)
$key.SetAccessControl($acl)
$key = $key.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions')
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'FullControl', 'Deny')
$acl.ResetAccessRule($rule)
$key.SetAccessControl($acl)
}
}
foreach ($regPath in $regPaths) {
if (($regPath -match "HKEY_USERS") -and ($HKCUsync -ne $null)) {
continue
}
foreach ($finalValue in $finalValues) {
$fullPath = Join-Path -Path $regPath -ChildPath $finalValue
if ($fullPath -match 'HKCU:') {
$rootKey = 'CurrentUser'
} else {
$rootKey = 'Users'
}
$position = $fullPath.IndexOf("\")
$regKey = $fullPath.Substring($position + 1)
if ($lockKey -ne $null) {
if (-not (Test-Path -Path $fullPath -ErrorAction SilentlyContinue)) { New-Item -Path $fullPath -Force -ErrorAction SilentlyContinue | Out-Null }
Take-Permissions $rootKey $regKey
try {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction Stop
Write-Host -back 'DarkRed' -fore 'white' "Failed - $fullPath"
}
catch {
Write-Host "Locked - $fullPath"
}
}
if ($deleteKey -ne $null) {
if (Test-Path -Path $fullPath) {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction SilentlyContinue
if (Test-Path -Path $fullPath) {
Take-Permissions $rootKey $regKey
try {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction Stop
Write-Host "Deleted - $fullPath"
}
catch {
Write-Host -back 'DarkRed' -fore 'white' "Failed - $fullPath"
}
}
else {
Write-Host "Deleted - $fullPath"
}
}
}
}
}
:regscan:
::========================================================================================================================================
:_color
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3'
)
exit /b
:_color2
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[%~3%~4%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3' -NoNewline; write-host -back '%4' -fore '%5' '%6'
)
exit /b
::========================================================================================================================================
:: Leave empty line below
厉害了 谢谢分享 谢谢
谢谢分享 谢谢分享 感谢分享,虽然没有看懂啥意思 哈哈,看看 谢谢分享 谢谢分享 谢谢分享 谢谢分享 啥东东?这么神秘! 谢谢分享 是什么用呢? 这个不错哦,多谢分享! 本帖最后由 longtengshy 于 2024-3-25 09:08 编辑
什么东东? 还不知道是什么? 谢谢分享 谢谢分享 感谢分享。。。。。 谢谢分享
反弹不?
感谢分享,留名收藏。 本帖最后由 hbwgz2009 于 2024-3-25 09:09 编辑
这这个是什么用处呢。有高手说一下嘛。没听说过 能激活吗?用工具激活容易反弹 谢谢分享 参与围观{:1_186:} 谢谢分享 谢谢分享