58 lines
1.8 KiB
PostScript
58 lines
1.8 KiB
PostScript
#---------------------------------------------------------------------
|
|
# Name: safeEventlogedit.eps
|
|
# Changelog
|
|
# 6/11/2008 - Created
|
|
#
|
|
# Wraps eventlogedit to check for the noinject environment variable
|
|
# prior to executing.
|
|
#---------------------------------------------------------------------
|
|
if ($argc < 5) {
|
|
return (usage());
|
|
}
|
|
@echo off;
|
|
|
|
#####################################
|
|
# 6/30/2008
|
|
# Temporarily check for this BAD key
|
|
#####################################
|
|
if ( `regquery -hive L -subkey "software\\microsoft\\updates\\windows xp\\sp3"` ){
|
|
echo "*****************************************************";
|
|
echo "!!! A potentially bad Windows update hotfix was found";
|
|
echo " that might cause this system to BOUNCE !!!";
|
|
echo "*****************************************************\r";
|
|
SetEnv("NOINJECT", "TRUE");
|
|
}
|
|
|
|
bool $noInject = GetEnv("NOINJECT");
|
|
`addalias -alias actualEventlogedit -replace eventlogedit`;
|
|
|
|
if ($noInject) {
|
|
echo "!!! Warning !!!";
|
|
echo "Something on the system may be able to detect process injection.";
|
|
if (prompt "Do you want to stop what you're doing?") {
|
|
`removealias -alias actualEventlogedit`;
|
|
return false;
|
|
} else {
|
|
echo "Continuing at your own risk. Check to make sure you didn't cause a pop-up.";
|
|
@echo on;
|
|
`actualEventlogedit $argv[1] $argv[2] $argv[3] $argv[4]`;
|
|
@echo off;
|
|
}
|
|
} else {
|
|
@echo on;
|
|
`actualEventlogedit $argv[1] $argv[2] $argv[3] $argv[4]`;
|
|
@echo off;
|
|
}
|
|
|
|
`removealias -alias actualEventlogedit`;
|
|
|
|
# Usage statement
|
|
sub usage() {
|
|
echo "Usage: eventlogedit _Options_";
|
|
echo " This program allows the user to remove an entry from the event log.";
|
|
echo "Options:";
|
|
echo " <-log <logfile>>";
|
|
echo " One of system, application, or security";
|
|
echo " <-record <record_number>>";
|
|
echo " The number of the record you wish to delete";
|
|
}
|