KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
System : Windows NT SERVER-PC 10.0 build 26200 (Windows 11) AMD64
User : ServerPC ( 0)
PHP Version : 8.2.12
Disable Function : NONE
Directory :  C:/Windows/System32/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : C:/Windows/System32/hpatchmonTask.cmd
@echo off
setlocal enabledelayedexpansion

REM Initialize VBSStatus
set VBSStatus=0

REM Initialize VBS is running flag
set VBSIsRunning=false

REM Initilize hotpatch registered flag
set hotPatchesRegistered=false

REM Initialize service name
set serviceName=hpatchmon

REM Initialize server installed flag
set serviceInstalled=false

REM Initialize service desired start type
set autoStart=false

REM Initialize force start flag
set forceStart=false


call :checkHotPatchAreRegistered
if "%hotPatchesRegistered%" equ "false" ( goto end )

call :checkVBSIsRunning
if "%VBSIsRunning%" equ "false" ( exit /b 1 )

call :checkServiceInstalled
if "%serviceInstalled%" equ "false" ( goto end )

if "%hotPatchesRegistered%" equ "false" (
	call :checkServiceDemandStart	
	goto end	
)

if "%hotPatchesRegistered%" equ "true" (
	call :checkServiceAutoStart
)

if "%forceStart%" equ "true" (
	call :checkServiceRunning
	goto end
)

goto end

REM -----------------------------------------------------------------------------
REM Function: checkHotPatchAreRegistered
REM Description: This function checks if hotpatches are registered in the system.
REM              It queries the registry subkeys key under parent registry key 
REM 		     "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\HotPatch".
REM 			 If the parent registry  key does not exist or the subkey count 
REM              is zero (error level not equal to 0), it prints a message 
REM              indicating that hotpatches are not registered and exits with a 
REM              status code of 1.
REM -----------------------------------------------------------------------------
:checkHotPatchAreRegistered
REM Initialize hotpatch registry key and pattern to match subkeys for findstr
set subkeyCount=0
set hotPatchKey="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\HotPatch"
reg query %hotPatchKey% > nul 2>&1
if !errorlevel! neq 0 (
	echo Hotpatches are not registered.
	set hotPatchesRegistered=false
	exit /b 1
)

for /f "tokens=*" %%i in ('reg query %hotPatchKey% /s ^| findstr /r /c:"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\HotPatch*"') do ( set /a subkeyCount+=1 )

if %subkeyCount% equ 0 (
    echo No hotpatches are registered.
    set hotPatchesRegistered=false
	exit /b 1
)

echo Hotpatches are registered.
set hotPatchesRegistered=true
set forceStart=true
set errorlevel=0
exit /b 0

REM -----------------------------------------------------------------------------
REM Function: checkServiceInstalled
REM Description: This function checks if a specified service is installed on the system.
REM              It uses the 'sc qc' command to query the service configuration.
REM              If the service is not installed (error level 1060), it outputs a message
REM              and exits with code 1. If the service is installed, it exits with code 0.
REM -----------------------------------------------------------------------------
:checkServiceInstalled
sc qc %serviceName% > nul 2>&1
if !errorlevel! equ 1060 (
	echo The service:%serviceName% is not installed.
	set serviceInstalled=false
	exit /b 1
)
set serviceInstalled=true
exit /b 0

REM -----------------------------------------------------------------------------
REM Function: checkServiceAutoStart
REM Description: This function checks if a specified service is set to start 
REM              automatically. If the service is not set to auto start, it 
REM              configures the service to start automatically.
REM Parameters:
REM   %serviceName% - The name of the service to check and configure.
REM -----------------------------------------------------------------------------
:checkServiceAutoStart
sc qc %serviceName% | findstr /i "AUTO_START" > nul
if !errorlevel! neq 0 (
	echo The service:%serviceName% is not set to auto start. Configuring it now...
	sc config %serviceName% start= auto > nul 2>&1
	if !errorlevel! neq 0 (
		echo could not configure service:%serviceName% to auto start.
		exit /b 1
	)
	echo The service:%serviceName% has been configured to auto start.
	exit /b 0
) 
echo The service:%serviceName% is already set to auto start.
exit /b 0

REM -----------------------------------------------------------------------------
REM Function: checkServiceDemandStart
REM Description: This function checks if a specified service is set to start 
REM              on demand. If the service is not set to demand start, it 
REM              configures the service to demand start.
REM Parameters:
REM   %serviceName% - The name of the service to check and configure.
REM -----------------------------------------------------------------------------
:checkServiceDemandStart
sc qc %serviceName% | findstr /i "DEMAND_START" > nul
if !errorlevel! neq 0 (
	echo The service:%serviceName% is not set to demand start. Configuring it now...
	sc config %serviceName% start= demand > nul 2>&1
	if !errorlevel! neq 0 (
		echo could not configure service:%serviceName% to demand start.
		exit /b 1	
	)
	echo The service:%serviceName% has been configured to demand start.
	exit /b 0
)

echo The service:%serviceName% is already set to demand start.
exit /b 0


REM -----------------------------------------------------------------------------
REM Function: checkServiceRunning
REM Description: This function starts the service.
REM Parameters:
REM   %serviceName% - The name of the service to check and start.
REM -----------------------------------------------------------------------------
:checkServiceRunning
echo starting service:%serviceName%
SC start %serviceName% > nul 2>&1
if !errorlevel! neq 0 (
echo could not start service:%serviceName%
	exit /b 1
)

echo service:%serviceName% started successfully
exit /b 0

REM -----------------------------------------------------------------------------
REM Function: checkVBSIsRunning
REM Description: This function checks if Virtualization Based Security (VBS) is running
REM              by querying the Win32_DeviceGuard CIM instance. It sets the VBSStatus
REM              variable to the returned value and checks if VBS is running (status = 2).
REM              If VBS is not running, it sets VBSIsRunning to false and exits with code 1.
REM             VBSStatus values:
REM              0, VBS is not enabled.
REM              1, VBS is enabled but not running.
REM              2, VBS is enabled and running.
REM -----------------------------------------------------------------------------
:checkVBSIsRunning
for /f %%i in ('powershell.exe -NoLogo -NoProfile -command "try { $VBSStatus=(Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard).VirtualizationBasedSecurityStatus; if ($VBSStatus -eq $null) { Write-Output 0 } else { Write-Output $VBSStatus } } catch { Write-Output 0 }"') do set VBSStatus=%%i
if "%VBSStatus%" neq "2" (
	echo VBS is not running: VirtualizationBasedSecurityStatus=%VBSStatus%
	set VBSIsRunning=false
	exit /b 1
)

echo VBS is running: VirtualizationBasedSecurityStatus=%VBSStatus%
set VBSIsRunning=true

exit /b 0

:end
endlocal

Anon7 - 2021