Oliver Schneider exoosh

## os-release.txt
ID=debian
NAME="Debian GNU/Linux"
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
VERSION_ID="11"

ID=debian
NAME="Debian GNU/Linux"
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"

## find-visual-studio-path.sh
#!/usr/bin/env bash
[[ -t 1 ]] && { cG="\e[1;32m"; cR="\e[1;31m"; cB="\e[1;34m"; cW="\e[1;37m"; cY="\e[1;33m"; cG_="\e[0;32m"; cR_="\e[0;31m"; cB_="\e[0;34m"; cW_="\e[0;37m"; cY_="\e[0;33m"; cZ="\e[0m"; export cR cG cB cY cW cR_ cG_ cB_ cY_ cW_ cZ; }
for tool in env gawk tr; do type $tool > /dev/null 2>&1 || { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done

function VsWhereLatest
{
    for tool in cygpath; do type $tool > /dev/null 2>&1 || { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done
    # Bash chokes on variable names with embedded parentheses, hence this mumbo jumbo
    local PF86="$(cygpath -u "$(env|tr -d '\r'|gawk -F= '$1 == "ProgramFiles(x86)" {print $2}')")"
    # This is a well-known path that _can_ legitimately be hardcoded as per Microsoft!

## GNUmakefile
# Small function to use Bash to detect the latest available clang and clang++ binaries, if using them by that name fails
detect_newest=$(shell bash -c 'for v in "" -{32..1}; do test -n "$$(which -- $1$$v)" && { echo "$1$$v"; break; }; done')
override CXX:=$(call detect_newest,clang++)
override CC:=$(call detect_newest,clang)

$(warning CC: $(CC))
$(warning CXX: $(CXX))

## detect-clang.sh
function detect_newest # Function to detect newest clang-based tool (they have a numeric suffix -<version>)
{
    local PFX=${1:-clang++}
    for v in "" -{32..1}; do test -n "$(which -- $PFX$v)" && { echo "$PFX$v"; break; }; done
}

[[ -z "$CXX" ]] && CXX=$(detect_newest clang++)
[[ -z "$CC"  ]] && CC=$(detect_newest clang)
[[ -n "$CXX" ]] || { echo -e "${cR}FATAL:${cZ} ${cW}CXX${cZ} not detected."; }
[[ -n "$CC"  ]] || { echo -e "${cR}FATAL:${cZ} ${cW}CC${cZ} not detected."; }

## get_version_with_gitrev.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# vim: set autoindent smartindent softtabstop=4 tabstop=4 shiftwidth=4 expandtab:
import functools
import os
from contextlib import suppress
from dulwich import porcelain
from dulwich.errors import NotGitRepository

__version__ = "0.1.2"

## dpapisrv-tracelogging.json
{
  "FilePath": "C:\\Windows\\System32\\dpapisrv.dll",
  "Providers": [
    {
      "ProviderGUID": "9d2a53b2-1411-5c1c-d88c-f2bf057645bb",
      "ProviderName": "Microsoft.Windows.Security.Dpapi",
      "ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
    },
    {
      "ProviderGUID": "703fcc13-b66f-5868-ddd9-e2db7f381ffb",

## TLGMetadataParser.psm1
#requires -version 5

<#
The things you find on Google searching for specific GUIDs...

Known Keyword friendly names:
"UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328"
"UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664"
"UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832"
"UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648"

## windows_hardening.cmd
::##########################################################################################################################
::
:: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing,
::
::                             OR BOTH!!!
::
::                     YOU HAVE BEEN WARNED!!!!!!!!!!
::
:: This script is provided "AS IS" with no warranties, and confers no rights.
:: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section,

## ksec_ioctls.idc
#include <idc.idc>

static main(void)
{
    auto id;
    // set 'loading idc file' mode
    set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC|get_inf_attr(INF_GENFLAGS));
    begin_type_updating(UTP_ENUM);
    id = add_enum(-1,"IOCTL_KSEC",0x1100000);
    add_enum_member(id,"IOCTL_KSEC_CONNECT_LSA", 0x398000, -1); // CTL_CODE(FILE_DEVICE_KSEC, 0x00, METHOD_BUFFERED, FILE_WRITE_ACCESS)
	ID=debian
	NAME="Debian GNU/Linux"
	PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
	VERSION="11 (bullseye)"
	VERSION_CODENAME=bullseye
	VERSION_ID="11"

	ID=debian
	NAME="Debian GNU/Linux"
	PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
	#!/usr/bin/env bash
	[[ -t 1 ]] && { cG="\e[1;32m"; cR="\e[1;31m"; cB="\e[1;34m"; cW="\e[1;37m"; cY="\e[1;33m"; cG_="\e[0;32m"; cR_="\e[0;31m"; cB_="\e[0;34m"; cW_="\e[0;37m"; cY_="\e[0;33m"; cZ="\e[0m"; export cR cG cB cY cW cR_ cG_ cB_ cY_ cW_ cZ; }
	for tool in env gawk tr; do type $tool > /dev/null 2>&1 \|\| { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done

	function VsWhereLatest
	{
	for tool in cygpath; do type $tool > /dev/null 2>&1 \|\| { echo -e "${cR}ERROR:${cZ} couldn't find '$tool' which is required by this script."; exit 1; }; done
	# Bash chokes on variable names with embedded parentheses, hence this mumbo jumbo
	local PF86="$(cygpath -u "$(env\|tr -d '\r'\|gawk -F= '$1 == "ProgramFiles(x86)" {print $2}')")"
	# This is a well-known path that _can_ legitimately be hardcoded as per Microsoft!
	# Small function to use Bash to detect the latest available clang and clang++ binaries, if using them by that name fails
	detect_newest=$(shell bash -c 'for v in "" -{32..1}; do test -n "$$(which -- $1$$v)" && { echo "$1$$v"; break; }; done')
	override CXX:=$(call detect_newest,clang++)
	override CC:=$(call detect_newest,clang)

	$(warning CC: $(CC))
	$(warning CXX: $(CXX))
	function detect_newest # Function to detect newest clang-based tool (they have a numeric suffix -<version>)
	{
	local PFX=${1:-clang++}
	for v in "" -{32..1}; do test -n "$(which -- $PFX$v)" && { echo "$PFX$v"; break; }; done
	}

	[[ -z "$CXX" ]] && CXX=$(detect_newest clang++)
	[[ -z "$CC" ]] && CC=$(detect_newest clang)
	[[ -n "$CXX" ]] \|\| { echo -e "${cR}FATAL:${cZ} ${cW}CXX${cZ} not detected."; }
	[[ -n "$CC" ]] \|\| { echo -e "${cR}FATAL:${cZ} ${cW}CC${cZ} not detected."; }
	#!/usr/bin/env python3
	# -- coding: utf-8 --
	# vim: set autoindent smartindent softtabstop=4 tabstop=4 shiftwidth=4 expandtab:
	import functools
	import os
	from contextlib import suppress
	from dulwich import porcelain
	from dulwich.errors import NotGitRepository

	__version__ = "0.1.2"
	{
	"FilePath": "C:\\Windows\\System32\\dpapisrv.dll",
	"Providers": [
	{
	"ProviderGUID": "9d2a53b2-1411-5c1c-d88c-f2bf057645bb",
	"ProviderName": "Microsoft.Windows.Security.Dpapi",
	"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
	},
	{
	"ProviderGUID": "703fcc13-b66f-5868-ddd9-e2db7f381ffb",
	#requires -version 5

	<#
	The things you find on Google searching for specific GUIDs...

	Known Keyword friendly names:
	"UTC:::CATEGORYDEFINITION.MS.CRITICALDATA":"140737488355328"
	"UTC:::CATEGORYDEFINITION.MS.MEASURES":"70368744177664"
	"UTC:::CATEGORYDEFINITION.MS.TELEMETRY":"35184372088832"
	"UTC:::CATEGORYDEFINITION.MSWLAN.CRITICALDATA":"2147483648"
	::##########################################################################################################################
	::
	:: This script can ruin your day, if you run it without fully understanding what it does, you don't know what you are doing,
	::
	:: OR BOTH!!!
	::
	:: YOU HAVE BEEN WARNED!!!!!!!!!!
	::
	:: This script is provided "AS IS" with no warranties, and confers no rights.
	:: Feel free to challenge me, disagree with me, or tell me I'm completely nuts in the comments section,
	#include <idc.idc>

	static main(void)
	{
	auto id;
	// set 'loading idc file' mode
	set_inf_attr(INF_GENFLAGS, INFFL_LOADIDC\|get_inf_attr(INF_GENFLAGS));
	begin_type_updating(UTP_ENUM);
	id = add_enum(-1,"IOCTL_KSEC",0x1100000);
	add_enum_member(id,"IOCTL_KSEC_CONNECT_LSA", 0x398000, -1); // CTL_CODE(FILE_DEVICE_KSEC, 0x00, METHOD_BUFFERED, FILE_WRITE_ACCESS)