shadowbrokers-exploits/windows/Resources/Pc2.2/Scripts/Install/winnt/WinsockHelp/_Pc2.2Uninstall.dss


@include "_File.dsi";
@include "_Paths.dsi";
@include "windows/_RegistryIncludes.dsi";
@echo off;
@disablewow64 on;

if ($argc != 1)
{
	echo("* Invalid parmeters", ERROR);
	echo();
	echo("Usage: $argv[0]");
	return false;
}

string $regKey		= "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock";
string $regKeyValue	= "HelperDllName";
string $defaultPath	= "\%\%SystemRoot\%\%\\System32";

# get install name
string $payloadPath = $defaultPath;
string $payloadName = "wship.dll";
if (!GetInput("PC DLL install path", $payloadPath, $payloadPath) ||
	!GetInput("PC DLL install name", $payloadName, $payloadName))
{
	echo("* Failed to get install name and path", ERROR);
	return false;
}

# get the system path
string $sysPath;
if (!_GetSystemPath($sysPath))
{
	echo("* Failed to get system path", ERROR);
	return false;
}

string $usePath = $payloadPath;
if ($payloadPath == $defaultPath)
{
	$usePath = $sysPath;
}

# make sure the file exists
if (!_FileExists($payloadName, $usePath))
{
	echo("* Failed to find $usePath\\$payloadName", ERROR);
	return false;
}

# get the HelperDllName value
string $origKeyValue;
if (!_GetRegistryValue("L", 
					   $regKey,
					   $regKeyValue,
					   $origKeyValue) || !defined($origKeyValue))
{
	$origKeyValue = "";
}

if ($origKeyValue != "$payloadPath\\$payloadName")
{
	echo("* Failed to find $payloadPath\\$payloadName in $regKeyValue key", ERROR);
	if (!prompt("Continue with uninstall?", false))
	{
		return false;
	}
}

# update the registry key
echo "Updating registry";
if (!_SetRegistryValue("L", 
					   $regKey,
					   $regKeyValue,
					   "$defaultPath\\wshtcpip.dll",
					   "REG_EXPAND_SZ"))
{
	echo("    FAILED", ERROR);
	pause;
	return false;
}
echo("    SET", GOOD);

echo "Deleting PC";
if (!`delete -file "$usePath\\$payloadName" -afterreboot`)
{
	echo("    FAILED", ERROR);
}
else
{
	echo("    MARKED FOR DELETION", GOOD);
}

echo "Uninstall Finished";
echo "$regKeyValue before : '$origKeyValue'";
echo " $regKeyValue after : '$defaultPath\\wshtcpip.dll'";

pause;
return true;
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 09:45:07 +00:00
			`@include "_File.dsi";`
			`@include "_Paths.dsi";`
			`@include "windows/_RegistryIncludes.dsi";`
			`@echo off;`
			`@disablewow64 on;`

			`if ($argc != 1)`
			`{`
			`echo("* Invalid parmeters", ERROR);`
			`echo();`
			`echo("Usage: $argv[0]");`
			`return false;`
			`}`

			`string $regKey = "SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Winsock";`
			`string $regKeyValue = "HelperDllName";`
			`string $defaultPath = "\%\%SystemRoot\%\%\\System32";`

			`# get install name`
			`string $payloadPath = $defaultPath;`
			`string $payloadName = "wship.dll";`
			`if (!GetInput("PC DLL install path", $payloadPath, $payloadPath) \|\|`
			`!GetInput("PC DLL install name", $payloadName, $payloadName))`
			`{`
			`echo("* Failed to get install name and path", ERROR);`
			`return false;`
			`}`

			`# get the system path`
			`string $sysPath;`
			`if (!_GetSystemPath($sysPath))`
			`{`
			`echo("* Failed to get system path", ERROR);`
			`return false;`
			`}`

			`string $usePath = $payloadPath;`
			`if ($payloadPath == $defaultPath)`
			`{`
			`$usePath = $sysPath;`
			`}`

			`# make sure the file exists`
			`if (!_FileExists($payloadName, $usePath))`
			`{`
			`echo("* Failed to find $usePath\\$payloadName", ERROR);`
			`return false;`
			`}`

			`# get the HelperDllName value`
			`string $origKeyValue;`
			`if (!_GetRegistryValue("L",`
			`$regKey,`
			`$regKeyValue,`
			`$origKeyValue) \|\| !defined($origKeyValue))`
			`{`
			`$origKeyValue = "";`
			`}`

			`if ($origKeyValue != "$payloadPath\\$payloadName")`
			`{`
			`echo("* Failed to find $payloadPath\\$payloadName in $regKeyValue key", ERROR);`
			`if (!prompt("Continue with uninstall?", false))`
			`{`
			`return false;`
			`}`
			`}`

			`# update the registry key`
			`echo "Updating registry";`
			`if (!_SetRegistryValue("L",`
			`$regKey,`
			`$regKeyValue,`
			`"$defaultPath\\wshtcpip.dll",`
			`"REG_EXPAND_SZ"))`
			`{`
			`echo(" FAILED", ERROR);`
			`pause;`
			`return false;`
			`}`
			`echo(" SET", GOOD);`

			`echo "Deleting PC";`
			if (!`delete -file "$usePath\\$payloadName" -afterreboot`)
			`{`
			`echo(" FAILED", ERROR);`
			`}`
			`else`
			`{`
			`echo(" MARKED FOR DELETION", GOOD);`
			`}`

			`echo "Uninstall Finished";`
			`echo "$regKeyValue before : '$origKeyValue'";`
			`echo " $regKeyValue after : '$defaultPath\\wshtcpip.dll'";`

			`pause;`
			`return true;`