Skip to content

Instantly share code, notes, and snippets.

View brianreitz's full-sized avatar

Brian Reitz brianreitz

13 followers · 0 following
View GitHub Profile
@brianreitz
brianreitz / msobjs_message_table.txt
Last active November 18, 2024 06:57
msobjs.dll Message Table by MessageID
%%279 : Undefined Access (no effect) Bit 7
%%1536 : Unused message ID
%%1537 : DELETE
%%1538 : READ_CONTROL
%%1539 : WRITE_DAC
%%1540 : WRITE_OWNER
%%1541 : SYNCHRONIZE
%%1542 : ACCESS_SYS_SEC
%%1543 : MAX_ALLOWED
%%1552 : Unknown specific access (bit 0)
@brianreitz
brianreitz / PSReflect-RegKeyFixer.ps1
Last active October 13, 2021 19:25
A port of Joakim Schicht's RegKeyFixer using PSReflect. Will find and delete "hidden" value entries created by PSReflect-RegHide.ps1
# A port of Joakim Schicht's RegKeyFixer in PowerShell.
# https://github.com/jschicht/RegKeyFixer
#
# This script will recursively search keys starting from the Keyname
# for any value entry names with null characters
# Example usage:
# $SID = [System.Security.Principal.WindowsIdentity]::GetCurrent().User.Value
# $KeyName = "\Registry\User\$SID\SOFTWARE\Microsoft\Windows\CurrentVersion"
# $Results = Get-HiddenNames -KeyName $KeyName
# $Results | Remove-HiddenNames
@brianreitz
brianreitz / PSReflect-RegHide.ps1
Created July 14, 2017 12:30
PowerShell script to hide a Run key like Reghide/Kovter/Poweliks
# requires PSReflect.ps1 to be in the same directory as this script
. .\PSReflect.ps1
$Module = New-InMemoryModule -ModuleName RegHide
# Define our structs.
# https://msdn.microsoft.com/en-us/library/windows/hardware/ff564879(v=vs.85).aspx
# typedef struct _UNICODE_STRING {
# USHORT Length;
# USHORT MaximumLength;