feat: Add ci for our first release (#1)

fontlos · web-flow · commit 834755464f1d · 2025-06-08T10:57:09.000+08:00
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,103 @@
+name: Build and Release
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build:
+    runs-on: windows-latest
+    env:
+      RELEASE_NAME: ""
+      TAG_NAME: ""
+      PRERELEASE: ""
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    # 这会默认启用 Rust Cache, 所以使用 Stable 版本与 Cargo.lock 配合缓存
+    - name: Setup Rust
+      uses: actions-rust-lang/setup-rust-toolchain@v1
+      with:
+        toolchain: stable
+        override: true
+
+    - name: Build for Windows
+      run: |
+        cargo build --release
+        tar -acf ./Defender-rs.zip -C ./target/release defender.exe defender_core.dll
+
+    # 判断是否为预发布
+    - name: Determine Release Type
+      run: |
+        if ${{ github.event_name == 'workflow_dispatch' }}; then
+          echo "RELEASE_NAME=Defender-rs Nightly Build.$(date -u +'%Y.%m.%d')" >> $GITHUB_ENV
+          echo "TAG_NAME=nightly" >> $GITHUB_ENV
+          echo "PRERELEASE=true" >> $GITHUB_ENV
+        else
+          echo "RELEASE_NAME=Defender-rs Release Build.${{ github.ref_name }}" >> $GITHUB_ENV
+          echo "TAG_NAME=${{ github.ref_name }}" >> $GITHUB_ENV
+          echo "PRERELEASE=false" >> $GITHUB_ENV
+        fi
+
+    - name: Read Release Note
+      id: read_release_note
+      run: |
+        if [ -f "./Release.md" ]; then
+          # 读取文件内容并处理换行符，以便在后续步骤中使用
+          notes_content=$(cat "./Release.md")
+          notes_content="${notes_content//'%'/'%25'}"
+          notes_content="${notes_content//$'\n'/'%0A'}"
+          notes_content="${notes_content//$'\r'/'%0D'}"
+          echo "content=${notes_content}" >> $GITHUB_OUTPUT
+        else
+          echo "content=No release notes provided." >> $GITHUB_OUTPUT
+          echo "::warning file=./Release.md::Release notes file not found. Using default message."
+        fi
+
+    - name: Generate Changelog from PRs
+      id: generate_changelog
+      if: env.PRERELEASE == 'false'
+      uses: mikepenz/release-changelog-builder-action@v5
+      with:
+        configurationJson: |
+          {
+            "categories": [
+              {
+                "title": "## What's Changed",
+                "labels": []
+              }
+            ],
+            "pr_template": "- #{{TITLE}} by @#{{AUTHOR}} (##{{NUMBER}})",
+            "template": "#{{CHANGELOG}}",
+            "pr_trim_body": true,
+            "empty_template": "## No significant changes"
+          }
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Construct Release Body
+      id: construct_body
+      run: |
+        release_body="${{ steps.read_release_note.outputs.content }}"
+        if [[ "${{ env.PRERELEASE }}" == "false" && -n "${{ steps.generate_changelog.outputs.changelog }}" ]]; then
+          release_body="${release_body}\n\n${{ steps.generate_changelog.outputs.changelog }}"
+        fi
+        echo "body<<EOF" >> $GITHUB_OUTPUT
+        echo -e "$release_body" >> $GITHUB_OUTPUT
+        echo "EOF" >> $GITHUB_OUTPUT
+
+    # 创建 Release 并上传构建产物
+    - name: Create Release
+      id: create_release
+      uses: softprops/action-gh-release@v1
+      with:
+        name: ${{ env.RELEASE_NAME }}
+        tag_name: ${{ env.TAG_NAME }}
+        body: ${{ steps.construct_body.outputs.body }}
+        draft: false
+        prerelease: ${{ env.PRERELEASE == 'true' }}
+        files: ./Defender-rs.zip
diff --git a/Readme.md b/Readme.md
@@ -1,11 +1,59 @@
-# Defender-rs: DefendNot Written In Rust
+# Defender-rs: Rust Rewrite of DefendNot
 
-Inspired by [es3n1n/defendnot](https://github.com/es3n1n/defendnot)
+An even funnier way to disable Windows Defender. Inspired by [es3n1n/defendnot](https://github.com/es3n1n/defendnot)
 
-## Usage
+> [!CAUTION]
+> **Permitted Use Notice**:
+>
+> Using this tool to facilitate malware distribution, cybercrime, unauthorized access, evading detection, or any illegal activity is strictly prohibited.
+>
+> Users assume all legal responsibility for how they use this tool and any consequences thereof. You must comply with all applicable local, state, federal, and international laws when using this tool.
+>
+> By downloading, installing, or using this tool, you acknowledge that you have read, understood, and agree to these terms.
 
-- `--name <NAME>`: Set AV name, default is `Defender-rs`. And regist AV and set auto boot task
-- `--disable`: Unregist AV and remove auto boot task
-- `--on-login`: Start on login instead of on boot (by default)
+A fully Rust rewrite of defendnot, 100% compatible with the original [C++ version](https://github.com/es3n1n/defendnot). You can use the Rust loader to inject the C++ DLL, or the C++ loader to inject the Rust DLL.
 
-So the simplest way to use is `sudo defender`
+- Register/unregister custom AV/AS to Windows Security Center (WSC)
+- Automatic scheduled task for persistence (boot/login)
+- Minimal (Just 300kb), dependency-free
+
+## Installation & Usage
+
+1. Download the [latest release](https://github.com/fontlos/defender-rs/releases/latest)
+2. Unzip and run `defender.exe` as administrator. Just
+   ```sh
+   sudo defender.exe
+   ```
+3. Command help
+   ```shell
+   Set AV display name, register AV and set autorun task
+   Usage: defender.exe [--name <NAME>] [--disable] [--auto] [--on-login]
+
+   Options:
+     --name         Set AV display name (default: Defender-rs)
+     --disable      Unregister AV and remove autorun task
+     --auto         Silent mode (no window, used by scheduled task)
+     --on-login     Schedule autorun on login (default: on boot)
+   ```
+
+## How It Works
+
+Windows Security Center (WSC) allows third-party AV/AS to register themselves. When Defender detects another AV/AS registered, it disables itself. defender-rs communicates with WSC via COM, registering a custom AV/AS product so Defender enters "protected" state.
+
+## Limitations
+- **Must stay on disk:** Scheduled task autorun requires binaries to remain for persistence after reboot.
+- **No Windows Server support:** WSC is not available on Server editions, so registration is blocked.
+- **Defender will flag/block:** You must temporarily disable Defender real-time/tamper protection or add an exclusion to allow the program to remain on disk and execute
+
+## Legitimate Use Cases
+- Reduce resource usage in dev/test environments
+- Research/education on Windows security mechanisms
+- Home lab experimentation
+
+> [!IMPORTANT]
+> No support for illegal use. You are responsible for any consequences.
+
+## Credits
+- [es3n1n](https://github.com/es3n1n) for original design and reverse engineering
+- [mrbruh](https://mrbruh.com) for reverse engineering and testing
+- [pindos](https://github.com/pind0s) for WSC debugging support
diff --git a/Release.md b/Release.md
@@ -0,0 +1,15 @@
+## Defender-rs Build.v0.1.0
+
+An even funnier way to disable Windows Defender.
+
+A fully Rust rewrite of defendnot, 100% compatible with the original [C++ version](https://github.com/es3n1n/defendnot). You can use the Rust loader to inject the C++ DLL, or the C++ loader to inject the Rust DLL.
+
+- Register/unregister custom AV/AS to Windows Security Center (WSC)
+- Automatic scheduled task for persistence (boot/login)
+- Minimal (Just 300kb), dependency-free
+
+**Note:**
+
+Defender will flag/block the binaries. Please temporarily disable Defender real-time/tamper protection or add an exclusion before use.
+
+The first public release!
