devnullconsole
devnullconsole
/ Autoelevated COM objects
Created
February 15, 2019 06:25
— forked from Elm0D/Autoelevated COM objects
List of COM object with enabled elevation. This does not mean they all useful for bypassing UAC or anything like this. Most of them are not. Some of them like Copy/Move/Rename/Delete/Link Object and Shell Security Editor already used by malware. All others need to be investigated, use OleView from Windows SDK for more info. Snapshots taken from …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| List of COM object with enabled elevation. This does not mean they all useful for bypassing UAC or anything like this. Most of them are not. Some of them like Copy/Move/Rename/Delete/Link Object and Shell Security Editor already used by malware. All others need to be investigated, use OleView from Windows SDK for more info. | |
| Snapshots taken from clean installs. | |
| Windows 7 SP1 x64, 7601 | |
| WPD Association LUA Virtual Factory | |
| {00393519-3A67-4507-A2B8-85146167ACA7} | |
| Virtual Factory for Biometrics | |
| {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} |
devnullconsole
/ FontMapper-bitfield.txt
Created
July 11, 2018 21:23
— forked from Artoria2e5/FontMapper-bitfield.txt
Guesses about HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper bits
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name MVal Feat Pos Bit | |
| ---------------|-------|-------|-------|----------------| | |
| @MS Gothic a080 @ bit15 1xxxxxxxxxxxxxxx | |
| MS Gothic 8080 | |
| @MS PGothic 2080 Mono bit13 xx1xxxxxxxxxxxxx | |
| MS PGothic 0080 CJK? bit06 xxxxxxxxx1xxxxxx | |
| @NSimSun a086 | |
| NSimSun 8086 | |
| @SimSun 2086 | |
| SimSun 0086 Ming? bit02 xxxxxxxxxxxxx1xx |