fix: replace wmic with Windows API to prevent antivirus false positives

biancode · biancode · commit 02ed9ec6a747 · 2025-09-30T21:21:49.000+02:00
Replace wmic-based battery detection with direct kernel32.dll API calls
to avoid Trojan:Win32/Wacatac false positive detections by Windows Defender.

Changes:
- Use GetSystemPowerStatus() P/Invoke instead of spawning wmic process
- Add SYSTEM_POWER_STATUS struct for native Windows API
- Maintain same functionality with zero behavioral changes
- macOS and Linux implementations unchanged

This resolves antivirus detection issues while preserving power management
functionality across all platforms.
diff --git a/POWER_OPTIMIZATIONS.md b/POWER_OPTIMIZATIONS.md
@@ -23,7 +23,8 @@ Implemented comprehensive power-saving optimizations to drastically reduce batte
   - Older: 30 minutes
 
 ### 3. Power Management System (`Models/PowerManagement.cs`)
-- **Automatic battery detection**: Works on Windows, macOS, and Linux
+- **Automatic battery detection**: Uses native Windows API (kernel32.dll) on Windows, system utilities on macOS/Linux
+- **Antivirus-safe implementation**: Direct Windows API calls instead of wmic to avoid false positives
 - **Three power modes**:
   - **Power Saver** (on battery): Minimal refresh rates, no parallel operations
   - **Balanced** (default on AC): Moderate refresh rates, limited parallelism
diff --git a/src/Models/PowerManagement.cs b/src/Models/PowerManagement.cs
@@ -108,30 +108,34 @@ private static bool CheckWindowsBattery()
         {
             try
             {
-                var psi = new System.Diagnostics.ProcessStartInfo
-                {
-                    FileName = "wmic",
-                    Arguments = "path Win32_Battery get BatteryStatus /value",
-                    RedirectStandardOutput = true,
-                    UseShellExecute = false,
-                    CreateNoWindow = true
-                };
-
-                using var process = System.Diagnostics.Process.Start(psi);
-                if (process != null)
+                // Use Windows API via P/Invoke instead of wmic to avoid antivirus false positives
+                var status = GetSystemPowerStatus(out SYSTEM_POWER_STATUS sps);
+                if (status)
                 {
-                    var output = process.StandardOutput.ReadToEnd();
-                    process.WaitForExit();
-
-                    // BatteryStatus=2 means AC powered, 1 means battery
-                    return output.Contains("BatteryStatus=1");
+                    // ACLineStatus: 0 = Offline (on battery), 1 = Online (AC power)
+                    return sps.ACLineStatus == 0;
                 }
             }
             catch { }
 
             return false;
         }
 
+        // Windows API structures and imports for battery status
+        [StructLayout(LayoutKind.Sequential)]
+        private struct SYSTEM_POWER_STATUS
+        {
+            public byte ACLineStatus;
+            public byte BatteryFlag;
+            public byte BatteryLifePercent;
+            public byte SystemStatusFlag;
+            public int BatteryLifeTime;
+            public int BatteryFullLifeTime;
+        }
+
+        [DllImport("kernel32.dll", SetLastError = true)]
+        private static extern bool GetSystemPowerStatus(out SYSTEM_POWER_STATUS lpSystemPowerStatus);
+
         private static bool CheckMacOSBattery()
         {
             try
