devnullconsole
devnullconsole
/ FontMapper-bitfield.txt
Created
July 11, 2018 21:23
— forked from Artoria2e5/FontMapper-bitfield.txt
Guesses about HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper bits
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Name MVal Feat Pos Bit | |
| ---------------|-------|-------|-------|----------------| | |
| @MS Gothic a080 @ bit15 1xxxxxxxxxxxxxxx | |
| MS Gothic 8080 | |
| @MS PGothic 2080 Mono bit13 xx1xxxxxxxxxxxxx | |
| MS PGothic 0080 CJK? bit06 xxxxxxxxx1xxxxxx | |
| @NSimSun a086 | |
| NSimSun 8086 | |
| @SimSun 2086 | |
| SimSun 0086 Ming? bit02 xxxxxxxxxxxxx1xx |
devnullconsole
/ Get-LocalDateTime.cmd
Last active
July 7, 2020 11:53
wmic を使ってロケールの影響を受けないタイムスタンプを作るやつ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| :Get-LocalDateTime | |
| for /f "tokens=2 delims==" %%i in ('wmic os get localdatetime /format:list') do ( | |
| set "ldt=%%i" | |
| ) | |
| set "lYYYY=%ldt:~0,4%" | |
| set "lMM=%ldt:~4,2%" |
devnullconsole
/ Create-Integrated-ISO-Win10.cmd
Last active
July 7, 2020 12:00
iso ファイルと msu ファイルを結合するやつ 1607 でしかテストしてない WIM_INDEX_NUMBER を設定してね
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| :Header | |
| @echo off | |
| setlocal EnableExtensions EnableDelayedExpansion | |
| set "commandname=%~n0" | |
| title "%commandname%" | |
| cd /d "%~dp0" | |
| if not ""=="%~3" ( goto :Usage ) | |
| if ""=="%~2" ( goto :Usage ) |
devnullconsole
/ Autoelevated COM objects
Created
February 15, 2019 06:25
— forked from Elm0D/Autoelevated COM objects
List of COM object with enabled elevation. This does not mean they all useful for bypassing UAC or anything like this. Most of them are not. Some of them like Copy/Move/Rename/Delete/Link Object and Shell Security Editor already used by malware. All others need to be investigated, use OleView from Windows SDK for more info. Snapshots taken from …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| List of COM object with enabled elevation. This does not mean they all useful for bypassing UAC or anything like this. Most of them are not. Some of them like Copy/Move/Rename/Delete/Link Object and Shell Security Editor already used by malware. All others need to be investigated, use OleView from Windows SDK for more info. | |
| Snapshots taken from clean installs. | |
| Windows 7 SP1 x64, 7601 | |
| WPD Association LUA Virtual Factory | |
| {00393519-3A67-4507-A2B8-85146167ACA7} | |
| Virtual Factory for Biometrics | |
| {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428} |
devnullconsole
/ Get-Admin-VBS-v4.cmd
Last active
January 21, 2021 18:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off & goto Init | |
| 既存のバッチファイルに埋め込みたい場合は :Get-AdminRights 行から :End-Get-AdminRights 行までをコピーして使うと良いでしょう | |
| version 4 | |
| 実行時の Current Directory を引き継げるように修正しました | |
| 特殊文字がパラメータに存在してもバグらないように修正したつもりですが、まだバグがあるかもしれません | |
| version 3 | |
| 汎用性を高めましたが、狙い通りの動作をしないケースがあります |