@set iasver=1.2
@setlocal DisableDelayedExpansion
@echo off
::============================================================================
::
:: IDM Activation Script (IAS)
::
:: Homepages: domaincuaban
::
:: Email: email
::
::============================================================================
:: To activate, run the script with "/act" parameter or change 0 to 1 in below line
set _activate=0
:: To Freeze the 30 days trial period, run the script with "/frz" parameter or change 0 to 1 in below line
set _freeze=0
:: To reset the activation and trial, run the script with "/res" parameter or change 0 to 1 in below line
set _reset=0
:: If value is changed in above lines or parameter is used then script will run in unattended mode
::========================================================================================================================================
:: Set Path variable, it helps if it is misconfigured in the system
set "PATH=%SystemRoot%\System32;%SystemRoot%\System32\wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\"
if exist "%SystemRoot%\Sysnative\reg.exe" (
set "PATH=%SystemRoot%\Sysnative;%SystemRoot%\Sysnative\wbem;%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\;%PATH%"
)
:: Re-launch the script with x64 process if it was initiated by x86 process on x64 bit Windows
:: or with ARM64 process if it was initiated by x86/ARM32 process on ARM64 Windows
set "_cmdf=%~f0"
for %%# in (%*) do (
if /i "%%#"=="r1" set r1=1
if /i "%%#"=="r2" set r2=1
)
if exist %SystemRoot%\Sysnative\cmd.exe if not defined r1 (
setlocal EnableDelayedExpansion
start %SystemRoot%\Sysnative\cmd.exe /c ""!_cmdf!" %* r1"
exit /b
)
:: Re-launch the script with ARM32 process if it was initiated by x64 process on ARM64 Windows
if exist %SystemRoot%\SysArm32\cmd.exe if %PROCESSOR_ARCHITECTURE%==AMD64 if not defined r2 (
setlocal EnableDelayedExpansion
start %SystemRoot%\SysArm32\cmd.exe /c ""!_cmdf!" %* r2"
exit /b
)
::========================================================================================================================================
set "blank="
set "mas=ht%blank%tps%blank%://mass%blank%grave.dev/"
:: Check if Null service is working, it's important for the batch script
sc query Null | find /i "RUNNING"
if %errorlevel% NEQ 0 (
echo:
echo Null service is not running, script may crash...
echo:
echo:
echo:
echo:
ping 127.0.0.1 -n 10
)
cls
:: Check LF line ending
pushd "%~dp0"
>nul findstr /v "$" "%~nx0" && (
echo:
echo Error: Script either has LF line ending issue or an empty line at the end of the script is missing.
echo:
ping 127.0.0.1 -n 6 >nul
popd
exit /b
)
popd
::========================================================================================================================================
cls
color 07
title IDM Activation Script %iasver%
set _args=
set _elev=
set _unattended=0
set _args=%*
if defined _args set _args=%_args:"=%
if defined _args (
for %%A in (%_args%) do (
if /i "%%A"=="-el" set _elev=1
if /i "%%A"=="/res" set _reset=1
if /i "%%A"=="/frz" set _freeze=1
if /i "%%A"=="/act" set _activate=1
)
)
for %%A in (%_activate% %_freeze% %_reset%) do (if "%%A"=="1" set _unattended=1)
::========================================================================================================================================
set "nul1=1>nul"
set "nul2=2>nul"
set "nul6=2^>nul"
set "nul=>nul 2>&1"
set psc=powershell.exe
set winbuild=1
for /f "tokens=6 delims=[]. " %%G in ('ver') do set winbuild=%%G
set _NCS=1
if %winbuild% LSS 10586 set _NCS=0
if %winbuild% GEQ 10586 reg query "HKCU\Console" /v ForceV2 %nul2% | find /i "0x0" %nul1% && (set _NCS=0)
if %_NCS% EQU 1 (
for /F %%a in ('echo prompt $E ^| cmd') do set "esc=%%a"
set "Red="41;97m""
set "Gray="100;97m""
set "Green="42;97m""
set "Blue="44;97m""
set "_White="40;37m""
set "_Green="40;92m""
set "_Yellow="40;93m""
) else (
set "Red="Red" "white""
set "Gray="Darkgray" "white""
set "Green="DarkGreen" "white""
set "Blue="Blue" "white""
set "_White="Black" "Gray""
set "_Green="Black" "Green""
set "_Yellow="Black" "Yellow""
)
set "nceline=echo: &echo ==== ERROR ==== &echo:"
set "eline=echo: &call :_color %Red% "==== ERROR ====" &echo:"
set "line=___________________________________________________________________________________________________"
set "_buf={$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=34;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
::========================================================================================================================================
if %winbuild% LSS 7600 (
%nceline%
echo Unsupported OS version Detected [%winbuild%].
echo Project is supported only for Windows 7/8/8.1/10/11 and their Server equivalent.
goto done2
)
for %%# in (powershell.exe) do @if "%%~$PATH:#"=="" (
%nceline%
echo Unable to find powershell.exe in the system.
goto done2
)
::========================================================================================================================================
:: Fix for the special characters limitation in path name
set "_work=%~dp0"
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"
set "_batf=%~f0"
set "_batp=%_batf:'=''%"
set _PSarg="""%~f0""" -el %_args%
set _PSarg=%_PSarg:'=''%
set "_appdata=%appdata%"
set "_ttemp=%userprofile%\AppData\Local\Temp"
setlocal EnableDelayedExpansion
::========================================================================================================================================
echo "!_batf!" | find /i "!_ttemp!" %nul1% && (
if /i not "!_work!"=="!_ttemp!" (
%eline%
echo Script is launched from the temp folder,
echo Most likely you are running the script directly from the archive file.
echo:
echo Extract the archive file and launch the script from the extracted folder.
goto done2
)
)
::========================================================================================================================================
:: Check PowerShell
REM :PowerShellTest: $ExecutionContext.SessionState.LanguageMode :PowerShellTest:
%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':PowerShellTest:\s*';iex ($f[1])" | find /i "FullLanguage" %nul1% || (
%eline%
%psc% $ExecutionContext.SessionState.LanguageMode
echo:
echo PowerShell is not working. Aborting...
echo If you have applied restrictions on Powershell then undo those changes.
echo:
goto done2
)
::========================================================================================================================================
:: Elevate script as admin and pass arguments and preventing loop
%nul1% fltmc || (
if not defined _elev %psc% "start cmd.exe -arg '/c \"!_PSarg!\"' -verb runas" && exit /b
%eline%
echo This script requires admin privileges.
echo To do so, right click on this script and select 'Run as administrator'.
goto done2
)
::========================================================================================================================================
:: Disable QuickEdit and launch from conhost.exe to avoid Terminal app
set quedit=
set terminal=
if %_unattended%==1 (
set quedit=1
set terminal=1
)
for %%# in (%_args%) do (if /i "%%#"=="-qedit" set quedit=1)
if %winbuild% LSS 10586 (
reg query HKCU\Console /v QuickEdit %nul2% | find /i "0x0" %nul1% && set quedit=1
)
if %winbuild% GEQ 17763 (
set "launchcmd=start conhost.exe %psc%"
) else (
set "launchcmd=%psc%"
)
set "d1=$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0);"
set "d2=$t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128);"
set "d3=$t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128);"
set "d4=$k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080);"
if defined quedit goto :skipQE
%launchcmd% "%d1% %d2% %d3% %d4% & cmd.exe '/c' '!_PSarg! -qedit'" &exit /b
:skipQE
::========================================================================================================================================
:: Check for updates
set -=
set old=
for /f "delims=[] tokens=2" %%# in ('ping -4 -n 1 iasupdatecheck.mass%-%grave.dev') do (
if not [%%#]==[] (echo "%%#" | find "127.69" %nul1% && (echo "%%#" | find "127.69.%iasver%" %nul1% || set old=1))
)
if defined old (
echo ________________________________________________
%eline%
echo You are running outdated version IAS %iasver%
echo ________________________________________________
echo:
if not %_unattended%==1 (
echo [1] Get Latest IAS
echo [0] Continue Anyway
echo:
call :_color %_Green% "Enter a menu option in the Keyboard [1,0] :"
choice /C:10 /N
if !errorlevel!==2 rem
if !errorlevel!==1 (start https://github.com/ & start %mas%/idm-activation-script & exit /b)
)
)
::========================================================================================================================================
cls
title IDM Activation Script %iasver%
echo:
echo Initializing...
:: Check WMI
%psc% "Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" %nul2% | find /i "computersystem" %nul1% || (
%eline%
%psc% "Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName"
echo:
echo WMI is not working. Aborting...
echo:
goto done2
)
:: Check user account SID
set _sid=
for /f "delims=" %%a in ('%psc% "([System.Security.Principal.NTAccount](Get-WmiObject -Class Win32_ComputerSystem).UserName).Translate([System.Security.Principal.SecurityIdentifier]).Value" %nul6%') do (set _sid=%%a)
reg query HKU\%_sid%\Software %nul% || (
for /f "delims=" %%a in ('%psc% "$explorerProc = Get-Process -Name explorer | Where-Object {$_.SessionId -eq (Get-Process -Id $pid).SessionId} | Select-Object -First 1; $sid = (gwmi -Query ('Select * From Win32_Process Where ProcessID=' + $explorerProc.Id)).GetOwnerSid().Sid; $sid" %nul6%') do (set _sid=%%a)
)
reg query HKU\%_sid%\Software %nul% || (
%eline%
echo:
echo [%_sid%]
echo User Account SID not found. Aborting...
echo:
goto done2
)
::========================================================================================================================================
:: Check if the current user SID is syncing with the HKCU entries
%nul% reg delete HKCU\IAS_TEST /f
%nul% reg delete HKU\%_sid%\IAS_TEST /f
set HKCUsync=$null
%nul% reg add HKCU\IAS_TEST
%nul% reg query HKU\%_sid%\IAS_TEST && (
set HKCUsync=1
)
%nul% reg delete HKCU\IAS_TEST /f
%nul% reg delete HKU\%_sid%\IAS_TEST /f
:: Below code also works for ARM64 Windows 10 (including x64 bit emulation)
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE') do set arch=%%b
if /i not "%arch%"=="x86" set arch=x64
if "%arch%"=="x86" (
set "CLSID=HKCU\Software\Classes\CLSID"
set "CLSID2=HKU\%_sid%\Software\Classes\CLSID"
set "HKLM=HKLM\Software\Internet Download Manager"
) else (
set "CLSID=HKCU\Software\Classes\Wow6432Node\CLSID"
set "CLSID2=HKU\%_sid%\Software\Classes\Wow6432Node\CLSID"
set "HKLM=HKLM\SOFTWARE\Wow6432Node\Internet Download Manager"
)
for /f "tokens=2*" %%a in ('reg query "HKU\%_sid%\Software\DownloadManager" /v ExePath %nul6%') do call set "IDMan=%%b"
if not exist "%IDMan%" (
if %arch%==x64 set "IDMan=%ProgramFiles(x86)%\Internet Download Manager\IDMan.exe"
if %arch%==x86 set "IDMan=%ProgramFiles%\Internet Download Manager\IDMan.exe"
)
if not exist %SystemRoot%\Temp md %SystemRoot%\Temp
set "idmcheck=tasklist /fi "imagename eq idman.exe" | findstr /i "idman.exe" %nul1%"
:: Check CLSID registry access
%nul% reg add %CLSID2%\IAS_TEST
%nul% reg query %CLSID2%\IAS_TEST || (
%eline%
echo Failed to write in %CLSID2%
echo:
goto done2
)
%nul% reg delete %CLSID2%\IAS_TEST /f
::========================================================================================================================================
if %_reset%==1 goto :_reset
if %_activate%==1 (set frz=0&goto :_activate)
if %_freeze%==1 (set frz=1&goto :_activate)
:MainMenu
cls
title IDM Activation Script %iasver%
if not defined terminal mode 75, 28
echo:
echo:
echo:
echo:
echo:
echo:
echo: ___________________________________________________
echo:
echo: [1] Activate
echo: [2] Freeze Trial
echo: [3] Reset Activation / Trial
echo: _____________________________________________
echo:
echo: [4] Download IDM
echo: [5] Help
echo: [0] Exit
echo: ___________________________________________________
echo:
call :_color2 %_White% " " %_Green% "Enter a menu option in the Keyboard [1,2,3,4,5,0]"
choice /C:123450 /N
set _erl=%errorlevel%
if %_erl%==6 exit /b
if %_erl%==5 start & start & goto MainMenu
if %_erl%==4 start https://www.internetdownloadmanager.com/download.html & goto MainMenu
if %_erl%==3 goto _reset
if %_erl%==2 (set frz=1&goto :_activate)
if %_erl%==1 (set frz=0&goto :_activate)
goto :MainMenu
::========================================================================================================================================
:_reset
cls
if not %HKCUsync%==1 (
if not defined terminal mode 153, 35
) else (
if not defined terminal mode 113, 35
)
if not defined terminal %psc% "&%_buf%" %nul%
echo:
%idmcheck% && taskkill /f /im idman.exe
set _time=
for /f %%a in ('%psc% "(Get-Date).ToString('yyyyMMdd-HHmmssfff')"') do set _time=%%a
echo:
echo Creating backup of CLSID registry keys in %SystemRoot%\Temp
reg export %CLSID% "%SystemRoot%\Temp\_Backup_HKCU_CLSID_%_time%.reg"
if not %HKCUsync%==1 reg export %CLSID2% "%SystemRoot%\Temp\_Backup_HKU-%_sid%_CLSID_%_time%.reg"
call :delete_queue
%psc% "$sid = '%_sid%'; $HKCUsync = %HKCUsync%; $lockKey = $null; $deleteKey = 1; $f=[io.file]::ReadAllText('!_batp!') -split ':regscan\:.*';iex ($f[1])"
call :add_key
echo:
echo %line%
echo:
call :_color %Green% "The IDM reset process has been completed."
goto done
:delete_queue
echo:
echo Deleting IDM registry keys...
echo:
for %%# in (
""HKCU\Software\DownloadManager" "/v" "FName""
""HKCU\Software\DownloadManager" "/v" "LName""
""HKCU\Software\DownloadManager" "/v" "Email""
""HKCU\Software\DownloadManager" "/v" "Serial""
""HKCU\Software\DownloadManager" "/v" "scansk""
""HKCU\Software\DownloadManager" "/v" "tvfrdt""
""HKCU\Software\DownloadManager" "/v" "radxcnt""
""HKCU\Software\DownloadManager" "/v" "LstCheck""
""HKCU\Software\DownloadManager" "/v" "ptrk_scdt""
""HKCU\Software\DownloadManager" "/v" "LastCheckQU""
"%HKLM%"
) do for /f "tokens=* delims=" %%A in ("%%~#") do (
set "reg="%%~A"" ® query !reg! %nul% && call :del
)
if not %HKCUsync%==1 for %%# in (
""HKU\%_sid%\Software\DownloadManager" "/v" "FName""
""HKU\%_sid%\Software\DownloadManager" "/v" "LName""
""HKU\%_sid%\Software\DownloadManager" "/v" "Email""
""HKU\%_sid%\Software\DownloadManager" "/v" "Serial""
""HKU\%_sid%\Software\DownloadManager" "/v" "scansk""
""HKU\%_sid%\Software\DownloadManager" "/v" "tvfrdt""
""HKU\%_sid%\Software\DownloadManager" "/v" "radxcnt""
""HKU\%_sid%\Software\DownloadManager" "/v" "LstCheck""
""HKU\%_sid%\Software\DownloadManager" "/v" "ptrk_scdt""
""HKU\%_sid%\Software\DownloadManager" "/v" "LastCheckQU""
) do for /f "tokens=* delims=" %%A in ("%%~#") do (
set "reg="%%~A"" ® query !reg! %nul% && call :del
)
exit /b
:del
reg delete %reg% /f %nul%
if "%errorlevel%"=="0" (
set "reg=%reg:"=%"
echo Deleted - !reg!
) else (
set "reg=%reg:"=%"
call :_color2 %Red% "Failed - !reg!"
)
exit /b
::========================================================================================================================================
:_activate
cls
if not %HKCUsync%==1 (
if not defined terminal mode 153, 35
) else (
if not defined terminal mode 113, 35
)
if not defined terminal %psc% "&%_buf%" %nul%
if %frz%==0 if %_unattended%==0 (
echo:
echo %line%
echo:
echo Activation is not working for some users and IDM may show fake serial nag screen.
echo:
call :_color2 %_White% " " %_Green% "Its recommended to use Freeze Trial option instead."
echo %line%
echo:
choice /C:19 /N /M "> [1] Go Back [9] Activate : "
if !errorlevel!==1 goto :MainMenu
cls
)
echo:
if not exist "%IDMan%" (
call :_color %Red% "IDM [Internet Download Manager] is not Installed."
echo You can download it from https://www.internetdownloadmanager.com/download.html
goto done
)
:: Internet check with internetdownloadmanager.com ping and port 80 test
set _int=
for /f "delims=[] tokens=2" %%# in ('ping -n 1 internetdownloadmanager.com') do (if not [%%#]==[] set _int=1)
if not defined _int (
%psc% "$t = New-Object Net.Sockets.TcpClient;try{$t.Connect("""internetdownloadmanager.com""", 80)}catch{};$t.Connected" | findstr /i "true" %nul1% || (
call :_color %Red% "Unable to connect internetdownloadmanager.com, aborting..."
goto done
)
call :_color %Gray% "Ping command failed for internetdownloadmanager.com"
echo:
)
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName 2^>nul') do set "regwinos=%%b"
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE') do set "regarch=%%b"
for /f "tokens=6-7 delims=[]. " %%i in ('ver') do if "%%j"=="" (set fullbuild=%%i) else (set fullbuild=%%i.%%j)
for /f "tokens=2*" %%a in ('reg query "HKU\%_sid%\Software\DownloadManager" /v idmvers %nul6%') do set "IDMver=%%b"
echo Checking Info - [%regwinos% ^| %fullbuild% ^| %regarch% ^| IDM: %IDMver%]
%idmcheck% && (echo: & taskkill /f /im idman.exe)
set _time=
for /f %%a in ('%psc% "(Get-Date).ToString('yyyyMMdd-HHmmssfff')"') do set _time=%%a
echo:
echo Creating backup of CLSID registry keys in %SystemRoot%\Temp
reg export %CLSID% "%SystemRoot%\Temp\_Backup_HKCU_CLSID_%_time%.reg"
if not %HKCUsync%==1 reg export %CLSID2% "%SystemRoot%\Temp\_Backup_HKU-%_sid%_CLSID_%_time%.reg"
call :delete_queue
call :add_key
%psc% "$sid = '%_sid%'; $HKCUsync = %HKCUsync%; $lockKey = 1; $deleteKey = $null; $toggle = 1; $f=[io.file]::ReadAllText('!_batp!') -split ':regscan\:.*';iex ($f[1])"
if %frz%==0 call :register_IDM
call :download_files
if not defined _fileexist (
%eline%
echo Error: Unable to download files with IDM.
echo:
goto :done
)
%psc% "$sid = '%_sid%'; $HKCUsync = %HKCUsync%; $lockKey = 1; $deleteKey = $null; $f=[io.file]::ReadAllText('!_batp!') -split ':regscan\:.*';iex ($f[1])"
echo:
echo %line%
echo:
if %frz%==0 (
call :_color %Green% "The IDM Activation process has been completed."
echo:
call :_color %Gray% "If the fake serial screen appears, use the Freeze Trial option instead."
) else (
call :_color %Green% "The IDM 30 days trial period is successfully freezed for Lifetime."
echo:
call :_color %Gray% "If IDM is showing a popup to register, reinstall IDM."
)
::========================================================================================================================================
:done
echo %line%
echo:
echo:
if %_unattended%==1 timeout /t 2 & exit /b
if defined terminal (
call :_color %_Yellow% "Press 0 key to return..."
choice /c 0 /n
) else (
call :_color %_Yellow% "Press any key to return..."
pause %nul1%
)
goto MainMenu
:done2
if %_unattended%==1 timeout /t 2 & exit /b
if defined terminal (
echo Press 0 key to exit...
choice /c 0 /n
) else (
echo Press any key to exit...
pause %nul1%
)
exit /b
::========================================================================================================================================
:_rcont
reg add %reg% %nul%
call :add
exit /b
:register_IDM
echo:
echo Applying registration details...
echo:
set /a fname = %random% %% 9999 + 1000
set /a lname = %random% %% 9999 + 1000
set email=%fname%.%lname%@tonec.com
for /f "delims=" %%a in ('%psc% "$key = -join ((Get-Random -Count 20 -InputObject ([char[]]('ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'))));$key = ($key.Substring(0, 5) + '-' + $key.Substring(5, 5) + '-' + $key.Substring(10, 5) + '-' + $key.Substring(15, 5) + $key.Substring(20));Write-Output $key" %nul6%') do (set key=%%a)
set "reg=HKCU\SOFTWARE\DownloadManager /v FName /t REG_SZ /d "%fname%"" & call :_rcont
set "reg=HKCU\SOFTWARE\DownloadManager /v LName /t REG_SZ /d "%lname%"" & call :_rcont
set "reg=HKCU\SOFTWARE\DownloadManager /v Email /t REG_SZ /d "%email%"" & call :_rcont
set "reg=HKCU\SOFTWARE\DownloadManager /v Serial /t REG_SZ /d "%key%"" & call :_rcont
if not %HKCUsync%==1 (
set "reg=HKU\%_sid%\SOFTWARE\DownloadManager /v FName /t REG_SZ /d "%fname%"" & call :_rcont
set "reg=HKU\%_sid%\SOFTWARE\DownloadManager /v LName /t REG_SZ /d "%lname%"" & call :_rcont
set "reg=HKU\%_sid%\SOFTWARE\DownloadManager /v Email /t REG_SZ /d "%email%"" & call :_rcont
set "reg=HKU\%_sid%\SOFTWARE\DownloadManager /v Serial /t REG_SZ /d "%key%"" & call :_rcont
)
exit /b
:download_files
echo:
echo Triggering a few downloads to create certain registry keys, please wait...
echo:
set "file=%SystemRoot%\Temp\temp.png"
set _fileexist=
set link=https://www.internetdownloadmanager.com/images/idm_box_min.png
call :download
set link=https://www.internetdownloadmanager.com/register/IDMlib/images/idman_logos.png
call :download
set link=https://www.internetdownloadmanager.com/pictures/idm_about.png
call :download
echo:
timeout /t 3 %nul1%
%idmcheck% && taskkill /f /im idman.exe
if exist "%file%" del /f /q "%file%"
exit /b
:download
set /a attempt=0
if exist "%file%" del /f /q "%file%"
start "" /B "%IDMan%" /n /d "%link%" /p "%SystemRoot%\Temp" /f temp.png
:check_file
timeout /t 1 %nul1%
set /a attempt+=1
if exist "%file%" set _fileexist=1&exit /b
if %attempt% GEQ 20 exit /b
goto :Check_file
::========================================================================================================================================
:add_key
echo:
echo Adding registry key...
echo:
set "reg="%HKLM%" /v "AdvIntDriverEnabled2""
reg add %reg% /t REG_DWORD /d "1" /f %nul%
:add
if "%errorlevel%"=="0" (
set "reg=%reg:"=%"
echo Added - !reg!
) else (
set "reg=%reg:"=%"
call :_color2 %Red% "Failed - !reg!"
)
exit /b
::========================================================================================================================================
:regscan:
$finalValues = @()
$arch = (Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment').PROCESSOR_ARCHITECTURE
if ($arch -eq "x86") {
$regPaths = @("HKCU:\Software\Classes\CLSID", "Registry::HKEY_USERS\$sid\Software\Classes\CLSID")
} else {
$regPaths = @("HKCU:\Software\Classes\WOW6432Node\CLSID", "Registry::HKEY_USERS\$sid\Software\Classes\Wow6432Node\CLSID")
}
foreach ($regPath in $regPaths) {
if (($regPath -match "HKEY_USERS") -and ($HKCUsync -ne $null)) {
continue
}
Write-Host
Write-Host "Searching IDM CLSID Registry Keys in $regPath"
Write-Host
$subKeys = Get-ChildItem -Path $regPath -ErrorAction SilentlyContinue -ErrorVariable lockedKeys | Where-Object { $_.PSChildName -match '^\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}$' }
foreach ($lockedKey in $lockedKeys) {
$leafValue = Split-Path -Path $lockedKey.TargetObject -Leaf
$finalValues += $leafValue
Write-Output "$leafValue - Found Locked Key"
}
if ($subKeys -eq $null) {
continue
}
$subKeysToExclude = "LocalServer32", "InProcServer32", "InProcHandler32"
$filteredKeys = $subKeys | Where-Object { !($_.GetSubKeyNames() | Where-Object { $subKeysToExclude -contains $_ }) }
foreach ($key in $filteredKeys) {
$fullPath = $key.PSPath
$keyValues = Get-ItemProperty -Path $fullPath -ErrorAction SilentlyContinue
$defaultValue = $keyValues.PSObject.Properties | Where-Object { $_.Name -eq '(default)' } | Select-Object -ExpandProperty Value
if (($defaultValue -match "^\d+$") -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Digit In Default and No Subkeys"
continue
}
if (($defaultValue -match "\+|=") -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found + or = In Default and No Subkeys"
continue
}
$versionValue = Get-ItemProperty -Path "$fullPath\Version" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty '(default)' -ErrorAction SilentlyContinue
if (($versionValue -match "^\d+$") -and ($key.SubKeyCount -eq 1)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Digit In \Version and No Other Subkeys"
continue
}
$keyValues.PSObject.Properties | ForEach-Object {
if ($_.Name -match "MData|Model|scansk|Therad") {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found MData Model scansk Therad"
continue
}
}
if (($key.ValueCount -eq 0) -and ($key.SubKeyCount -eq 0)) {
$finalValues += $($key.PSChildName)
Write-Output "$($key.PSChildName) - Found Empty Key"
continue
}
}
}
$finalValues = @($finalValues | Select-Object -Unique)
if ($finalValues -ne $null) {
Write-Host
if ($lockKey -ne $null) {
Write-Host "Locking IDM CLSID Registry Keys..."
}
if ($deleteKey -ne $null) {
Write-Host "Deleting IDM CLSID Registry Keys..."
}
Write-Host
} else {
Write-Host "IDM CLSID Registry Keys are not found."
Exit
}
if (($finalValues.Count -gt 20) -and ($toggle -ne $null)) {
$lockKey = $null
$deleteKey = 1
Write-Host "The IDM keys count is more than 20. Deleting them now instead of locking..."
Write-Host
}
function Take-Permissions {
param($rootKey, $regKey)
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1)
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False)
$TypeBuilder = $ModuleBuilder.DefineType(0)
$TypeBuilder.DefinePInvokeMethod('RtlAdjustPrivilege', 'ntdll.dll', 'Public, Static', 1, [int], @([int], [bool], [bool], [bool].MakeByRefType()), 1, 3) | Out-Null
9,17,18 | ForEach-Object { $TypeBuilder.CreateType()::RtlAdjustPrivilege($_, $true, $false, [ref]$false) | Out-Null }
$SID = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$IDN = ($SID.Translate([System.Security.Principal.NTAccount])).Value
$Admin = New-Object System.Security.Principal.NTAccount($IDN)
$everyone = New-Object System.Security.Principal.SecurityIdentifier('S-1-1-0')
$none = New-Object System.Security.Principal.SecurityIdentifier('S-1-0-0')
$key = [Microsoft.Win32.Registry]::$rootKey.OpenSubKey($regkey, 'ReadWriteSubTree', 'TakeOwnership')
$acl = New-Object System.Security.AccessControl.RegistrySecurity
$acl.SetOwner($Admin)
$key.SetAccessControl($acl)
$key = $key.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions')
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'FullControl', 'ContainerInherit', 'None', 'Allow')
$acl.ResetAccessRule($rule)
$key.SetAccessControl($acl)
if ($lockKey -ne $null) {
$acl = New-Object System.Security.AccessControl.RegistrySecurity
$acl.SetOwner($none)
$key.SetAccessControl($acl)
$key = $key.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions')
$rule = New-Object System.Security.AccessControl.RegistryAccessRule($everyone, 'FullControl', 'Deny')
$acl.ResetAccessRule($rule)
$key.SetAccessControl($acl)
}
}
foreach ($regPath in $regPaths) {
if (($regPath -match "HKEY_USERS") -and ($HKCUsync -ne $null)) {
continue
}
foreach ($finalValue in $finalValues) {
$fullPath = Join-Path -Path $regPath -ChildPath $finalValue
if ($fullPath -match 'HKCU:') {
$rootKey = 'CurrentUser'
} else {
$rootKey = 'Users'
}
$position = $fullPath.IndexOf("\")
$regKey = $fullPath.Substring($position + 1)
if ($lockKey -ne $null) {
if (-not (Test-Path -Path $fullPath -ErrorAction SilentlyContinue)) { New-Item -Path $fullPath -Force -ErrorAction SilentlyContinue | Out-Null }
Take-Permissions $rootKey $regKey
try {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction Stop
Write-Host -back 'DarkRed' -fore 'white' "Failed - $fullPath"
}
catch {
Write-Host "Locked - $fullPath"
}
}
if ($deleteKey -ne $null) {
if (Test-Path -Path $fullPath) {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction SilentlyContinue
if (Test-Path -Path $fullPath) {
Take-Permissions $rootKey $regKey
try {
Remove-Item -Path $fullPath -Force -Recurse -ErrorAction Stop
Write-Host "Deleted - $fullPath"
}
catch {
Write-Host -back 'DarkRed' -fore 'white' "Failed - $fullPath"
}
}
else {
Write-Host "Deleted - $fullPath"
}
}
}
}
}
:regscan:
::========================================================================================================================================
:_color
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3'
)
exit /b
:_color2
if %_NCS% EQU 1 (
echo %esc%[%~1%~2%esc%[%~3%~4%esc%[0m
) else (
%psc% write-host -back '%1' -fore '%2' '%3' -NoNewline; write-host -back '%4' -fore '%5' '%6'
)
exit /b
::========================================================================================================================================
:: Leave empty line below
vn-z.vn
Hacker phát triển LockBit, Rostislav Panev bị bắt: Bước tiến lớn trong cuộc chiến chống ransomware
Review Phim Carry-On (2024) - Hành lý xách tay - Cuộc chiến cân não, hồi hợp, hấp dẫn và kịch tính!