W4RH4WK · XtheOne · Oct 17, 2016 · Oct 17, 2016 · Oct 24, 2016 · Jan 17, 2018
diff --git a/lib/take-own.psm1 b/lib/take-own.psm1
@@ -1,106 +1,106 @@
-function Takeown-Registry($key) {
-    # TODO does not work for all root keys yet
-    switch ($key.split('\')[0]) {
-        "HKEY_CLASSES_ROOT" {
-            $reg = [Microsoft.Win32.Registry]::ClassesRoot
-            $key = $key.substring(18)
-        }
-        "HKEY_CURRENT_USER" {
-            $reg = [Microsoft.Win32.Registry]::CurrentUser
-            $key = $key.substring(18)
-        }
-        "HKEY_LOCAL_MACHINE" {
-            $reg = [Microsoft.Win32.Registry]::LocalMachine
-            $key = $key.substring(19)
-        }
-    }
-
-    # get administraor group
-    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
-    $admins = $admins.Translate([System.Security.Principal.NTAccount])
-
-    # set owner
-    $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
-    $acl = $key.GetAccessControl()
-    $acl.SetOwner($admins)
-    $key.SetAccessControl($acl)
-
-    # set FullControl
-    $acl = $key.GetAccessControl()
-    $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
-    $acl.SetAccessRule($rule)
-    $key.SetAccessControl($acl)
-}
-
-function Takeown-File($path) {
-    takeown.exe /A /F $path
-    $acl = Get-Acl $path
-
-    # get administraor group
-    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
-    $admins = $admins.Translate([System.Security.Principal.NTAccount])
-
-    # add NT Authority\SYSTEM
-    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
-    $acl.AddAccessRule($rule)
-
-    Set-Acl -Path $path -AclObject $acl
-}
-
-function Takeown-Folder($path) {
-    Takeown-File $path
-    foreach ($item in Get-ChildItem $path) {
-        if (Test-Path $item -PathType Container) {
-            Takeown-Folder $item.FullName
-        } else {
-            Takeown-File $item.FullName
-        }
-    }
-}
-
-function Elevate-Privileges {
-    param($Privilege)
-    $Definition = @"
-    using System;
-    using System.Runtime.InteropServices;
-
-    public class AdjPriv {
-        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
-            internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
-
-        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
-            internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
-
-        [DllImport("advapi32.dll", SetLastError = true)]
-            internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
-
-        [StructLayout(LayoutKind.Sequential, Pack = 1)]
-            internal struct TokPriv1Luid {
-                public int Count;
-                public long Luid;
-                public int Attr;
-            }
-
-        internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
-        internal const int TOKEN_QUERY = 0x00000008;
-        internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
-
-        public static bool EnablePrivilege(long processHandle, string privilege) {
-            bool retVal;
-            TokPriv1Luid tp;
-            IntPtr hproc = new IntPtr(processHandle);
-            IntPtr htok = IntPtr.Zero;
-            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
-            tp.Count = 1;
-            tp.Luid = 0;
-            tp.Attr = SE_PRIVILEGE_ENABLED;
-            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
-            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
-            return retVal;
-        }
-    }
-"@
-    $ProcessHandle = (Get-Process -id $pid).Handle
-    $type = Add-Type $definition -PassThru
-    $type[0]::EnablePrivilege($processHandle, $Privilege)
-}
+function Takeown-Registry($key) {
+    # TODO does not work for all root keys yet
+    switch ($key.split('\')[0]) {
+        "HKEY_CLASSES_ROOT" {
+            $reg = [Microsoft.Win32.Registry]::ClassesRoot
+            $key = $key.substring(18)
+        }
+        "HKEY_CURRENT_USER" {
+            $reg = [Microsoft.Win32.Registry]::CurrentUser
+            $key = $key.substring(18)
+        }
+        "HKEY_LOCAL_MACHINE" {
+            $reg = [Microsoft.Win32.Registry]::LocalMachine
+            $key = $key.substring(19)
+        }
+    }
+
+    # get administraor group
+    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
+    $admins = $admins.Translate([System.Security.Principal.NTAccount])
+
+    # set owner
+    $key = $reg.OpenSubKey($key, "ReadWriteSubTree", "TakeOwnership")
+    $acl = $key.GetAccessControl()
+    $acl.SetOwner($admins)
+    $key.SetAccessControl($acl)
+
+    # set FullControl
+    $acl = $key.GetAccessControl()
+    $rule = New-Object System.Security.AccessControl.RegistryAccessRule($admins, "FullControl", "Allow")
+    $acl.SetAccessRule($rule)
+    $key.SetAccessControl($acl)
+}
+
+function Takeown-File($path) {
+    takeown.exe /A /F $path
+    $acl = Get-Acl $path
+
+    # get administraor group
+    $admins = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-544")
+    $admins = $admins.Translate([System.Security.Principal.NTAccount])
+
+    # add NT Authority\SYSTEM
+    $rule = New-Object System.Security.AccessControl.FileSystemAccessRule($admins, "FullControl", "None", "None", "Allow")
+    $acl.AddAccessRule($rule)
+
+    Set-Acl -Path $path -AclObject $acl
+}
+
+function Takeown-Folder($path) {
+    Takeown-File $path
+    foreach ($item in Get-ChildItem $path) {
+        if (Test-Path $item -PathType Container) {
+            Takeown-Folder $item.FullName
+        } else {
+            Takeown-File $item.FullName
+        }
+    }
+}
+
+function Elevate-Privileges {
+    param($Privilege)
+    $Definition = @"
+    using System;
+    using System.Runtime.InteropServices;
+
+    public class AdjPriv {
+        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
+            internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall, ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr rele);
+
+        [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
+            internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
+
+        [DllImport("advapi32.dll", SetLastError = true)]
+            internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
+
+        [StructLayout(LayoutKind.Sequential, Pack = 1)]
+            internal struct TokPriv1Luid {
+                public int Count;
+                public long Luid;
+                public int Attr;
+            }
+
+        internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
+        internal const int TOKEN_QUERY = 0x00000008;
+        internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
+
+        public static bool EnablePrivilege(long processHandle, string privilege) {
+            bool retVal;
+            TokPriv1Luid tp;
+            IntPtr hproc = new IntPtr(processHandle);
+            IntPtr htok = IntPtr.Zero;
+            retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
+            tp.Count = 1;
+            tp.Luid = 0;
+            tp.Attr = SE_PRIVILEGE_ENABLED;
+            retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
+            retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
+            return retVal;
+        }
+    }
+"@
+    $ProcessHandle = (Get-Process -id $pid).Handle
+    $type = Add-Type $definition -PassThru
+    $type[0]::EnablePrivilege($processHandle, $Privilege)
+}
diff --git a/scripts/Disable-MaxxAudioPro.ps1 b/scripts/Disable-MaxxAudioPro.ps1
@@ -0,0 +1,24 @@
+Disable-ScheduledTask RtHDVBg_PushButton -ErrorAction SilentlyContinue | Out-Null
+
+# Realtek Audio Service
+Stop-Service RtkAudioService
+Set-Service RtkAudioService -StartupType Disabled
+
+# Waves Audio Services
+Stop-Service WavesSysSvc
+Set-Service WavesSysSvc -StartupType Disabled
+
+$regFileName = "Disable-MaxxAudioPro.reg"
+$regFileContent = @"
+Windows Registry Editor Version 5.00
+
+[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
+"RtHDVBg_PushButton"=hex:03,00,00,00,0b,34,17,77,53,4c,d3,01
+"RtHDVBg_WAVES_SKYLAKE"=hex(3):03,00,00,00,4F,89,38,1E,5D,A1,D2,01
+"RTHDVCPL"=hex(3):03,00,00,00,10,C0,D1,1F,5D,A1,D2,01
+"WavesSvc"=hex(3):03,00,00,00,F8,39,39,21,5D,A1,D2,01
+"@
+
+$regFileContent | Out-file $regFileName
+Start-Process -FilePath "regedit.exe" -ArgumentList "/s", """$regFileName""" -Wait
+Remove-Item $regFileName
diff --git a/scripts/disable-services.ps1 b/scripts/disable-services.ps1
@@ -1,34 +1,34 @@
-#   Description:
-# This script disables unwanted Windows services. If you do not want to disable
-# certain services comment out the corresponding lines below.
-
-$services = @(
-    "diagnosticshub.standardcollector.service" # Microsoft (R) Diagnostics Hub Standard Collector Service
-    "DiagTrack"                                # Diagnostics Tracking Service
-    "dmwappushservice"                         # WAP Push Message Routing Service
-    "HomeGroupListener"                        # HomeGroup Listener
-    "HomeGroupProvider"                        # HomeGroup Provider
-    "lfsvc"                                    # Geolocation Service
-    "MapsBroker"                               # Downloaded Maps Manager
-    "NetTcpPortSharing"                        # Net.Tcp Port Sharing Service
-    "RemoteAccess"                             # Routing and Remote Access
-    "RemoteRegistry"                           # Remote Registry
-    "SharedAccess"                             # Internet Connection Sharing (ICS)
-    "TrkWks"                                   # Distributed Link Tracking Client
-    "WbioSrvc"                                 # Windows Biometric Service
-    #"WlanSvc"                                 # WLAN AutoConfig
-    "WMPNetworkSvc"                            # Windows Media Player Network Sharing Service
-    "wscsvc"                                   # Windows Security Center Service
-    #"WSearch"                                 # Windows Search
-    "XblAuthManager"                           # Xbox Live Auth Manager
-    "XblGameSave"                              # Xbox Live Game Save Service
-    "XboxNetApiSvc"                            # Xbox Live Networking Service
-
-    # Services which cannot be disabled
-    #"WdNisSvc"
-)
-
-foreach ($service in $services) {
-    echo "Trying to disable $service"
-    Get-Service -Name $service | Set-Service -StartupType Disabled
-}
+#   Description:
+# This script disables unwanted Windows services. If you do not want to disable
+# certain services comment out the corresponding lines below.
+
+$services = @(
+    "diagnosticshub.standardcollector.service" # Microsoft (R) Diagnostics Hub Standard Collector Service
+    "DiagTrack"                                # Diagnostics Tracking Service
+    "dmwappushservice"                         # WAP Push Message Routing Service
+    "HomeGroupListener"                        # HomeGroup Listener
+    "HomeGroupProvider"                        # HomeGroup Provider
+    #"lfsvc"                                    # Geolocation Service
+    "MapsBroker"                               # Downloaded Maps Manager
+    "NetTcpPortSharing"                        # Net.Tcp Port Sharing Service
+    "RemoteAccess"                             # Routing and Remote Access
+    #"RemoteRegistry"                           # Remote Registry
+    "SharedAccess"                             # Internet Connection Sharing (ICS)
+    #"TrkWks"                                   # Distributed Link Tracking Client
+    #"WbioSrvc"                                 # Windows Biometric Service
+    #"WlanSvc"                                 # WLAN AutoConfig
+    "WMPNetworkSvc"                            # Windows Media Player Network Sharing Service
+    "wscsvc"                                   # Windows Security Center Service
+    #"WSearch"                                 # Windows Search
+    "XblAuthManager"                           # Xbox Live Auth Manager
+    "XblGameSave"                              # Xbox Live Game Save Service
+    "XboxNetApiSvc"                            # Xbox Live Networking Service
+
+    # Services which cannot be disabled
+    #"WdNisSvc"
+)
+
+foreach ($service in $services) {
+    echo "Trying to disable $service"
+    Get-Service -Name $service | Set-Service -StartupType Disabled
+}