Last active
May 15, 2019 01:01
-
-
Save Fleex255/9c2c6355045b228906d0d7ba2a7f0f84 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // CoCreateInstance(CLSID_FhConfigMgr, NULL, CLSCTX_INPROC_SERVER, IID_IFhConfigMgr, &fh) | |
| newslot native fhPtr | |
| call ole32.dll!CoCreateInstance /return uint (blockptr(guid {ED43BB3C-09E9-498a-9DF6-2177244C6DB4}), nullptr, int 1, blockptr(guid {6A5FEA5B-BF8F-4EE5-B8C3-44D8A0D7331C}), slotptr fhPtr) | |
| newslot native fh | |
| copyslot fh = fhPtr dereferenced | |
| newslot block vtbl = nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr, nullptr | |
| copyslot vtbl = fh dereferenced | |
| // fh->CreateDefaultConfiguration(TRUE) | |
| newslot native createDefaultConfiguration | |
| copyslot createDefaultConfiguration = vtbl field 4 | |
| call funcat createDefaultConfiguration /call thiscall /return uint (slotdata fhPtr, int 1) | |
| // fh->ProvisionAndSetNewTarget("\\localhost\FileHistory$\", "Local Disk") | |
| newslot native provisionAndSetNewTarget | |
| copyslot provisionAndSetNewTarget = vtbl field 14 | |
| call funcat provisionAndSetNewTarget /call thiscall /return uint (slotdata fhPtr, bstr "\\\\localhost\\FileHistory$\\", bstr "Local Disk") | |
| // fh->SetLocalPolicy(FH_RETENTION_TYPE, FH_RETENTION_AGE_BASED) | |
| newslot native setLocalPolicy | |
| copyslot setLocalPolicy = vtbl field 9 | |
| call funcat setLocalPolicy /call thiscall /return uint (slotdata fhPtr, int 1, int 2) | |
| // fh->SetLocalPolicy(FH_FREQUENCY, 10800) | |
| call funcat setLocalPolicy /call thiscall /return uint (slotdata fhPtr, int 0, int 10800) | |
| // fh->SetLocalPolicy(FH_RETENTION_AGE, 3) | |
| call funcat setLocalPolicy /call thiscall /return uint (slotdata fhPtr, int 2, int 3) | |
| // fh->SetBackupStatus(FH_STATUS_ENABLED) | |
| newslot native setBackupStatus | |
| copyslot setBackupStatus = vtbl field 11 | |
| call funcat setBackupStatus /call thiscall /return uint (slotdata fhPtr, int 2) | |
| // fh->SaveConfiguration() | |
| newslot native saveConfiguration | |
| copyslot saveConfiguration = vtbl field 5 | |
| call funcat saveConfiguration /call thiscall /return uint (slotdata fhPtr) | |
| // FhServiceOpenPipe(TRUE, &fhPipe) | |
| newslot native fhPipe | |
| call fhsvcctl.dll!FhServiceOpenPipe /return int (int 1, slotptr fhPipe) | |
| // FhServiceReloadConfiguration(fhPipe) | |
| call fhsvcctl.dll!FhServiceReloadConfiguration /return int (slotdata fhPipe) | |
| // FhServiceClosePipe(fhPipe) | |
| call fhsvcctl.dll!FhServiceClosePipe /return int (slotdata fhPipe) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment