mirror of
https://github.com/massgravel/Microsoft-Activation-Scripts.git
synced 2025-01-19 00:07:18 -05:00
dd3d788bfa
Issue when similar names products are installed, like O365ProPlusRetail and ProPlusRetail Issue in detecting SPDRetail 2013 because of different name in LicenseFamily
2514 lines
126 KiB
Batchfile
2514 lines
126 KiB
Batchfile
@set masver=2.6
|
|
@echo off
|
|
|
|
|
|
|
|
::============================================================================
|
|
::
|
|
:: Homepage: mass grave[.]dev
|
|
:: Email: mas.help@outlook.com
|
|
::
|
|
::============================================================================
|
|
|
|
|
|
|
|
:: To activate Office with Ohook activation, run the script with "/Ohook" parameter or change 0 to 1 in below line
|
|
set _act=0
|
|
|
|
:: To remove Ohook activation, run the script with /Ohook-Uninstall parameter or change 0 to 1 in below line
|
|
set _rem=0
|
|
|
|
:: To run the script in debug mode, change 0 to "/Ohook" in below line
|
|
set "_debug=0"
|
|
|
|
:: If value is changed in above lines or parameter is used then script will run in unattended mode
|
|
|
|
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Set Environment variables, it helps if they are misconfigured in the system
|
|
|
|
setlocal EnableExtensions
|
|
setlocal DisableDelayedExpansion
|
|
|
|
set "PathExt=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"
|
|
|
|
set "SysPath=%SystemRoot%\System32"
|
|
set "Path=%SystemRoot%\System32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0\"
|
|
if exist "%SystemRoot%\Sysnative\reg.exe" (
|
|
set "SysPath=%SystemRoot%\Sysnative"
|
|
set "Path=%SystemRoot%\Sysnative;%SystemRoot%;%SystemRoot%\Sysnative\Wbem;%SystemRoot%\Sysnative\WindowsPowerShell\v1.0\;%Path%"
|
|
)
|
|
|
|
set "ComSpec=%SysPath%\cmd.exe"
|
|
set "PSModulePath=%ProgramFiles%\WindowsPowerShell\Modules;%SysPath%\WindowsPowerShell\v1.0\Modules"
|
|
|
|
set "_cmdf=%~f0"
|
|
for %%# in (%*) do (
|
|
if /i "%%#"=="r1" set r1=1
|
|
if /i "%%#"=="r2" set r2=1
|
|
)
|
|
|
|
:: Re-launch the script with x64 process if it was initiated by x86 process on x64 bit Windows
|
|
:: or with ARM64 process if it was initiated by x86/ARM32 process on ARM64 Windows
|
|
|
|
if exist %SystemRoot%\Sysnative\cmd.exe if not defined r1 (
|
|
setlocal EnableDelayedExpansion
|
|
start %SystemRoot%\Sysnative\cmd.exe /c ""!_cmdf!" %* r1"
|
|
exit /b
|
|
)
|
|
|
|
:: Re-launch the script with ARM32 process if it was initiated by x64 process on ARM64 Windows
|
|
|
|
if exist %SystemRoot%\SysArm32\cmd.exe if %PROCESSOR_ARCHITECTURE%==AMD64 if not defined r2 (
|
|
setlocal EnableDelayedExpansion
|
|
start %SystemRoot%\SysArm32\cmd.exe /c ""!_cmdf!" %* r2"
|
|
exit /b
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Debug code
|
|
|
|
if "%_debug%" EQU "0" (
|
|
set "nul1=1>nul"
|
|
set "nul2=2>nul"
|
|
set "nul6=2^>nul"
|
|
set "nul=>nul 2>&1"
|
|
goto :_debug
|
|
)
|
|
|
|
set "nul1="
|
|
set "nul2="
|
|
set "nul6="
|
|
set "nul="
|
|
|
|
@echo on
|
|
@prompt $G
|
|
@call :_debug "%_debug%" >"%~dp0_tmp.log" 2>&1
|
|
@cmd /u /c type "%~dp0_tmp.log">"%~dp0_Debug.log"
|
|
@del "%~dp0_tmp.log"
|
|
@echo off
|
|
@exit /b
|
|
|
|
:_debug
|
|
|
|
::========================================================================================================================================
|
|
|
|
set "blank="
|
|
set "mas=ht%blank%tps%blank%://mass%blank%grave.dev/"
|
|
|
|
:: Check if Null service is working, it's important for the batch script
|
|
|
|
sc query Null | find /i "RUNNING"
|
|
if %errorlevel% NEQ 0 (
|
|
echo:
|
|
echo Null service is not running, script may crash...
|
|
echo:
|
|
echo:
|
|
echo Help - %mas%troubleshoot
|
|
echo:
|
|
echo:
|
|
ping 127.0.0.1 -n 20
|
|
)
|
|
cls
|
|
|
|
:: Check LF line ending
|
|
|
|
pushd "%~dp0"
|
|
>nul findstr /v "$" "%~nx0" && (
|
|
echo:
|
|
echo Error - Script either has LF line ending issue or an empty line at the end of the script is missing.
|
|
echo:
|
|
echo:
|
|
echo Help - %mas%troubleshoot
|
|
echo:
|
|
echo:
|
|
ping 127.0.0.1 -n 20 >nul
|
|
popd
|
|
exit /b
|
|
)
|
|
popd
|
|
|
|
::========================================================================================================================================
|
|
|
|
cls
|
|
color 07
|
|
title Ohook Activation %masver%
|
|
|
|
set _args=
|
|
set _elev=
|
|
set _unattended=0
|
|
|
|
set _args=%*
|
|
if defined _args set _args=%_args:"=%
|
|
if defined _args (
|
|
for %%A in (%_args%) do (
|
|
if /i "%%A"=="/Ohook" set _act=1
|
|
if /i "%%A"=="/Ohook-Uninstall" set _rem=1
|
|
if /i "%%A"=="-el" set _elev=1
|
|
)
|
|
)
|
|
|
|
for %%A in (%_act% %_rem%) do (if "%%A"=="1" set _unattended=1)
|
|
|
|
::========================================================================================================================================
|
|
|
|
call :dk_setvar
|
|
|
|
if %winbuild% LSS 9200 (
|
|
%eline%
|
|
echo Unsupported OS version detected [%winbuild%].
|
|
echo Ohook Activation is supported on Windows 8 and later and their server equivalent.
|
|
goto dk_done
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Fix special characters limitation in path name
|
|
|
|
set "_work=%~dp0"
|
|
if "%_work:~-1%"=="\" set "_work=%_work:~0,-1%"
|
|
|
|
set "_batf=%~f0"
|
|
set "_batp=%_batf:'=''%"
|
|
|
|
set _PSarg="""%~f0""" -el %_args%
|
|
set _PSarg=%_PSarg:'=''%
|
|
|
|
set "_ttemp=%userprofile%\AppData\Local\Temp"
|
|
|
|
setlocal EnableDelayedExpansion
|
|
|
|
::========================================================================================================================================
|
|
|
|
echo "!_batf!" | find /i "!_ttemp!" %nul1% && (
|
|
if /i not "!_work!"=="!_ttemp!" (
|
|
%eline%
|
|
echo Script is launched from the temp folder,
|
|
echo Most likely you are running the script directly from the archive file.
|
|
echo:
|
|
echo Extract the archive file and launch the script from the extracted folder.
|
|
goto dk_done
|
|
)
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check PowerShell
|
|
|
|
REM :PowerShellTest: $ExecutionContext.SessionState.LanguageMode :PowerShellTest:
|
|
|
|
cmd /c "%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':PowerShellTest:\s*';iex ($f[1])"" | find /i "FullLanguage" %nul1% || (
|
|
%eline%
|
|
cmd /c "%psc% "$ExecutionContext.SessionState.LanguageMode""
|
|
echo:
|
|
cmd /c "%psc% "$ExecutionContext.SessionState.LanguageMode"" | find /i "FullLanguage" %nul1% && (
|
|
echo Failed to run Powershell command but Powershell is working.
|
|
call :dk_color %Blue% "Check if your antivirus is blocking the script."
|
|
) || (
|
|
echo PowerShell is not working. Aborting...
|
|
echo If you have applied restrictions on Powershell then undo those changes.
|
|
)
|
|
echo:
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
goto dk_done
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Elevate script as admin and pass arguments and preventing loop
|
|
|
|
%nul1% fltmc || (
|
|
if not defined _elev %psc% "start cmd.exe -arg '/c \"!_PSarg!\"' -verb runas" && exit /b
|
|
%eline%
|
|
echo This script needs admin rights.
|
|
echo To do so, right click on this script and select 'Run as administrator'.
|
|
goto dk_done
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Disable QuickEdit and launch from conhost.exe to avoid Terminal app
|
|
|
|
if %winbuild% GEQ 17763 (
|
|
set terminal=1
|
|
) else (
|
|
set terminal=
|
|
)
|
|
|
|
:: Check if script is running in Terminal app
|
|
|
|
set r1=$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0);
|
|
set r2=%r1% [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128);
|
|
set r3=%r2% [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128);
|
|
set d1=%r3% $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow();
|
|
set d2=%d1% echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);
|
|
|
|
if defined terminal (
|
|
%psc% "%d2%" %nul2% | find /i "True" %nul1% && set terminal=
|
|
)
|
|
|
|
if %_unattended%==1 goto :skipQE
|
|
for %%# in (%_args%) do (if /i "%%#"=="-qedit" goto :skipQE)
|
|
|
|
if defined terminal (
|
|
set "launchcmd=start conhost.exe %psc%"
|
|
) else (
|
|
set "launchcmd=%psc%"
|
|
)
|
|
|
|
:: Disable QuickEdit in current session
|
|
|
|
set "d1=$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0);"
|
|
set "d2=$t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128);"
|
|
set "d3=$t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128);"
|
|
set "d4=$k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080);"
|
|
|
|
%launchcmd% "%d1% %d2% %d3% %d4% & cmd.exe '/c' '!_PSarg! -qedit'" && (exit /b) || (set terminal=1)
|
|
:skipQE
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check for updates
|
|
|
|
set -=
|
|
set old=
|
|
|
|
for /f "delims=[] tokens=2" %%# in ('ping -4 -n 1 updatecheck.mass%-%grave.dev') do (
|
|
if not [%%#]==[] (echo "%%#" | find "127.69" %nul1% && (echo "%%#" | find "127.69.%masver%" %nul1% || set old=1))
|
|
)
|
|
|
|
if defined old (
|
|
echo ________________________________________________
|
|
%eline%
|
|
echo Version %masver% of MAS is outdated.
|
|
echo ________________________________________________
|
|
echo:
|
|
if not %_unattended%==1 (
|
|
echo [1] Get Latest MAS
|
|
echo [0] Continue Anyway
|
|
echo:
|
|
call :dk_color %_Green% "Enter a menu option in the Keyboard [1,0] :"
|
|
choice /C:10 /N
|
|
if !errorlevel!==2 rem
|
|
if !errorlevel!==1 (start ht%-%tps://github.com/mass%-%gravel/Microsoft-Acti%-%vation-Scripts & start %mas% & exit /b)
|
|
)
|
|
)
|
|
cls
|
|
|
|
::========================================================================================================================================
|
|
|
|
if %_rem%==1 goto :oh_uninstall
|
|
|
|
:oh_menu
|
|
|
|
if %_unattended%==0 (
|
|
cls
|
|
if not defined terminal mode 76, 25
|
|
title Ohook Activation %masver%
|
|
call :oh_checkapps
|
|
echo:
|
|
echo:
|
|
echo:
|
|
echo:
|
|
if defined checknames (call :dk_color %_Yellow% " Close [!checknames!] before proceeding...")
|
|
echo ____________________________________________________________
|
|
echo:
|
|
echo [1] Install Ohook Office Activation
|
|
echo:
|
|
echo [2] Uninstall Ohook
|
|
echo ____________________________________________
|
|
echo:
|
|
echo [3] Download Office
|
|
echo:
|
|
echo [0] %_exitmsg%
|
|
echo ____________________________________________________________
|
|
echo:
|
|
call :dk_color2 %_White% " " %_Green% "Enter a menu option in the Keyboard [1,2,3,0]"
|
|
choice /C:1230 /N
|
|
set _el=!errorlevel!
|
|
if !_el!==4 exit /b
|
|
if !_el!==3 start %mas%genuine-installation-media &goto :oh_menu
|
|
if !_el!==2 goto :oh_uninstall
|
|
if !_el!==1 goto :oh_menu2
|
|
goto :oh_menu
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_menu2
|
|
|
|
cls
|
|
if not defined terminal (
|
|
mode 130, 32
|
|
if exist "%SysPath%\spp\store_test\" mode 134, 32
|
|
%psc% "&{$W=$Host.UI.RawUI.WindowSize;$B=$Host.UI.RawUI.BufferSize;$W.Height=32;$B.Height=300;$Host.UI.RawUI.WindowSize=$W;$Host.UI.RawUI.BufferSize=$B;}"
|
|
)
|
|
title Ohook Activation %masver%
|
|
|
|
echo:
|
|
echo Initializing...
|
|
call :dk_chkmal
|
|
|
|
if not exist %SysPath%\sppsvc.exe (
|
|
%eline%
|
|
echo [%SysPath%\sppsvc.exe] file is missing. Aborting...
|
|
echo:
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
goto dk_done
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
set spp=SoftwareLicensingProduct
|
|
set sps=SoftwareLicensingService
|
|
|
|
call :dk_reflection
|
|
call :dk_ckeckwmic
|
|
call :dk_product
|
|
call :dk_sppissue
|
|
|
|
::========================================================================================================================================
|
|
|
|
set error=
|
|
|
|
cls
|
|
echo:
|
|
call :dk_showosinfo
|
|
|
|
::========================================================================================================================================
|
|
|
|
echo Initiating Diagnostic Tests...
|
|
|
|
set "_serv=sppsvc Winmgmt"
|
|
|
|
:: Software Protection
|
|
:: Windows Management Instrumentation
|
|
|
|
set officeact=1
|
|
call :dk_errorcheck
|
|
|
|
:: Check unsupported office versions
|
|
|
|
set o14msi=
|
|
set o14c2r=
|
|
set o16uwp=
|
|
|
|
set _68=HKLM\SOFTWARE\Microsoft\Office
|
|
set _86=HKLM\SOFTWARE\Wow6432Node\Microsoft\Office
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_86%\14.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o14msi=Office 2010 MSI )
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_68%\14.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o14msi=Office 2010 MSI )
|
|
%nul% reg query %_68%\14.0\CVH /f Click2run /k && set o14c2r=Office 2010 C2R
|
|
%nul% reg query %_86%\14.0\CVH /f Click2run /k && set o14c2r=Office 2010 C2R
|
|
|
|
if %winbuild% GEQ 10240 %psc% "Get-AppxPackage -name "Microsoft.Office.Desktop"" | find /i "Office" %nul1% && set o16uwp=Office UWP
|
|
|
|
if not "%o14msi%%o14c2r%%o16uwp%"=="" (
|
|
echo:
|
|
call :dk_color %Red% "Checking Unsupported Office Install [ %o14msi%%o14c2r%%o16uwp%]"
|
|
)
|
|
|
|
if %winbuild% GEQ 10240 %psc% "Get-AppxPackage -name "Microsoft.MicrosoftOfficeHub"" | find /i "Office" %nul1% && (
|
|
set ohub=1
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check supported office versions
|
|
|
|
call :oh_getpath
|
|
|
|
sc query ClickToRunSvc %nul%
|
|
set error1=%errorlevel%
|
|
|
|
if defined o16c2r if %error1% EQU 1060 (
|
|
call :dk_color %Red% "Checking ClickToRun Service [Not found, Office 16.0 files found]"
|
|
set o16c2r=
|
|
set error=1
|
|
)
|
|
|
|
sc query OfficeSvc %nul%
|
|
set error2=%errorlevel%
|
|
|
|
if defined o15c2r if %error1% EQU 1060 if %error2% EQU 1060 (
|
|
call :dk_color %Red% "Checking ClickToRun Service [Not found, Office 15.0 files found]"
|
|
set o15c2r=
|
|
set error=1
|
|
)
|
|
|
|
if "%o16c2r%%o15c2r%%o16msi%%o15msi%"=="" (
|
|
set error=1
|
|
echo:
|
|
if not "%o14msi%%o14c2r%%o16uwp%"=="" (
|
|
call :dk_color %Red% "Checking Supported Office Install [Not Found]"
|
|
) else (
|
|
call :dk_color %Red% "Checking Installed Office [Not Found]"
|
|
)
|
|
|
|
if defined ohub (
|
|
echo:
|
|
echo You have only Office dashboard app installed, you need to install full Office version.
|
|
)
|
|
echo:
|
|
call :dk_color %Blue% "Download and install Office from below URL and try again."
|
|
echo:
|
|
set fixes=%fixes% %mas%genuine-installation-media
|
|
call :dk_color %_Yellow% "%mas%genuine-installation-media"
|
|
goto dk_done
|
|
)
|
|
|
|
set multioffice=
|
|
if not "%o16c2r%%o15c2r%%o16msi%%o15msi%"=="1" set multioffice=1
|
|
if not "%o14msi%%o14c2r%%o16uwp%"=="" set multioffice=1
|
|
|
|
if defined multioffice (
|
|
call :dk_color %Gray% "Checking Multiple Office Install [Found. Recommended to install one version only]"
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check Windows Server
|
|
|
|
set winserver=
|
|
reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v ProductType %nul2% | find /i "WinNT" %nul1% || set winserver=1
|
|
if not defined winserver (
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID %nul2% | find /i "Server" %nul1% && set winserver=1
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check already activated products list
|
|
|
|
set actiProds15=
|
|
set actiProds16=
|
|
|
|
if not "%o15c2r%%o15msi%"=="" call :oh_findactivated -like 15
|
|
if not "%o16c2r%%o16msi%"=="" call :oh_findactivated -notlike 16
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Process Office 15.0 C2R
|
|
|
|
if not defined o15c2r goto :starto16c2r
|
|
|
|
call :oh_reset
|
|
call :dk_actids 0ff1ce15-a989-479d-af46-f275c6370663
|
|
|
|
set oVer=15
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg% /v InstallPath" %nul6%') do (set "_oRoot=%%b\root")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\Configuration /v Platform" %nul6%') do (set "_oArch=%%b")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\Configuration /v VersionToReport" %nul6%') do (set "_version=%%b")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\Configuration /v ProductReleaseIds" %nul6%') do (set "_prids=%o15c2r_reg%\Configuration /v ProductReleaseIds" & set "_config=%o15c2r_reg%\Configuration")
|
|
if not defined _oArch for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\propertyBag /v Platform" %nul6%') do (set "_oArch=%%b")
|
|
if not defined _version for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\propertyBag /v version" %nul6%') do (set "_version=%%b")
|
|
if not defined _prids for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg%\propertyBag /v ProductReleaseId" %nul6%') do (set "_prids=%o15c2r_reg%\propertyBag /v ProductReleaseId" & set "_config=%o15c2r_reg%\propertyBag")
|
|
|
|
echo "%o15c2r_reg%" | find /i "Wow6432Node" %nul1% && (set _tok=10) || (set _tok=9)
|
|
for /f "tokens=%_tok% delims=\" %%a in ('reg query %o15c2r_reg%\ProductReleaseIDs\Active %nul6% ^| findstr /i "Retail Volume"') do (
|
|
echo "!_oIds!" | find /i " %%a " %nul1% || (set "_oIds= !_oIds! %%a ")
|
|
)
|
|
|
|
set "_oLPath=%_oRoot%\Licenses"
|
|
set "_oIntegrator=%_oRoot%\integration\integrator.exe"
|
|
|
|
if [%_oArch%]==[x64] (set "_hookPath=%_oRoot%\vfs\System" & set "_hook=sppc64.dll")
|
|
if [%_oArch%]==[x86] (set "_hookPath=%_oRoot%\vfs\SystemX86" & set "_hook=sppc32.dll")
|
|
if not [%osarch%]==[x86] (
|
|
if [%_oArch%]==[x64] set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
if [%_oArch%]==[x86] set "_sppcPath=%SystemRoot%\SysWOW64\sppc.dll"
|
|
) else (
|
|
set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
)
|
|
|
|
echo:
|
|
echo Activating Office... [C2R ^| %_version% ^| %_oArch%]
|
|
|
|
if not defined _oIds (
|
|
call :dk_color %Red% "Checking Installed Products [Product IDs not found. Aborting activation...]"
|
|
set error=1
|
|
goto :starto16c2r
|
|
)
|
|
|
|
call :oh_fixprids
|
|
call :oh_process
|
|
call :oh_hookinstall
|
|
|
|
::========================================================================================================================================
|
|
|
|
:starto16c2r
|
|
|
|
:: Process Office 16.0 C2R
|
|
|
|
if not defined o16c2r goto :startmsi
|
|
|
|
call :oh_reset
|
|
call :dk_actids 0ff1ce15-a989-479d-af46-f275c6370663
|
|
|
|
set oVer=16
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg% /v InstallPath" %nul6%') do (set "_oRoot=%%b\root")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg%\Configuration /v Platform" %nul6%') do (set "_oArch=%%b")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg%\Configuration /v VersionToReport" %nul6%') do (set "_version=%%b")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg%\Configuration /v AudienceData" %nul6%') do (set "_AudienceData=^| %%b ")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg%\Configuration /v ProductReleaseIds" %nul6%') do (set "_prids=%o16c2r_reg%\Configuration /v ProductReleaseIds" & set "_config=%o16c2r_reg%\Configuration")
|
|
|
|
echo "%o16c2r_reg%" | find /i "Wow6432Node" %nul1% && (set _tok=9) || (set _tok=8)
|
|
for /f "tokens=%_tok% delims=\" %%a in ('reg query "%o16c2r_reg%\ProductReleaseIDs" /s /f ".16" /k %nul6% ^| findstr /i "Retail Volume"') do (
|
|
echo "!_oIds!" | find /i " %%a " %nul1% || (set "_oIds= !_oIds! %%a ")
|
|
)
|
|
set _oIds=%_oIds:.16=%
|
|
set _o16c2rIds=%_oIds%
|
|
|
|
set "_oLPath=%_oRoot%\Licenses16"
|
|
set "_oIntegrator=%_oRoot%\integration\integrator.exe"
|
|
|
|
if [%_oArch%]==[x64] (set "_hookPath=%_oRoot%\vfs\System" & set "_hook=sppc64.dll")
|
|
if [%_oArch%]==[x86] (set "_hookPath=%_oRoot%\vfs\SystemX86" & set "_hook=sppc32.dll")
|
|
if not [%osarch%]==[x86] (
|
|
if [%_oArch%]==[x64] set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
if [%_oArch%]==[x86] set "_sppcPath=%SystemRoot%\SysWOW64\sppc.dll"
|
|
) else (
|
|
set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
)
|
|
|
|
echo:
|
|
echo Activating Office... [C2R ^| %_version% %_AudienceData%^| %_oArch%]
|
|
|
|
if not defined _oIds (
|
|
call :dk_color %Red% "Checking Installed Products [Product IDs not found. Aborting activation...]"
|
|
set error=1
|
|
goto :startmsi
|
|
)
|
|
|
|
call :oh_fixprids
|
|
call :oh_process
|
|
call :oh_hookinstall
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Old version (16.0.9xxxx and below) of Office with subscription license key may show a banner to sign in to fix license issue.
|
|
:: Although script applies a Resiliency registry entry to fix that but it doesn't work on old office versions.
|
|
:: Below code checks that condition and informs the user to update the Office.
|
|
|
|
if defined _sublic (
|
|
if not exist "%_oLPath%\Word2019VL_KMS_Client_AE*.xrm-ms" (
|
|
call :dk_color %Gray% "Checking Old Office With Sub License [Found. Update Office, otherwise, it may show a licensing issue-related banner.]"
|
|
)
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: mass grave[.]dev/office-license-is-not-genuine
|
|
:: Add registry keys for volume products so that 'non-genuine' banner won't appear
|
|
:: Script already is using MAK instead of GVLK so it won't appear anyway, but registry keys are added incase Office installs default GVLK grace key for volume products
|
|
|
|
set "kmskey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663"
|
|
echo "%_oIds%" | find /i "Volume" %nul1% && (
|
|
if %winbuild% GEQ 9200 (
|
|
if not [%osarch%]==[x86] (
|
|
reg delete "%kmskey%" /f /reg:32 %nul%
|
|
reg add "%kmskey%" /f /v KeyManagementServiceName /t REG_SZ /d "10.0.0.10" /reg:32 %nul%
|
|
)
|
|
reg delete "%kmskey%" /f %nul%
|
|
reg add "%kmskey%" /f /v KeyManagementServiceName /t REG_SZ /d "10.0.0.10" %nul%
|
|
echo Adding a Reg To Prevent Banner [Successful]
|
|
)
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:startmsi
|
|
|
|
if defined o15msi call :oh_processmsi 15 %o15msi_reg%
|
|
if defined o16msi call :oh_processmsi 16 %o16msi_reg%
|
|
|
|
::========================================================================================================================================
|
|
|
|
call :oh_clearblock
|
|
call :oh_uninstkey
|
|
call :oh_licrefresh
|
|
|
|
::========================================================================================================================================
|
|
|
|
echo:
|
|
if not defined error (
|
|
call :dk_color %Green% "Office is permanently activated."
|
|
REM if defined ohub call :dk_color %Gray% "Office apps such as Word, Excel are activated. Ignore 'Buy Microsoft 365' button in Office dashboard app."
|
|
echo Help: %mas%troubleshoot
|
|
) else (
|
|
call :dk_color %Red% "Some errors were detected."
|
|
if not defined ierror if not defined showfix if not defined serv_cor if not defined serv_cste call :dk_color %Blue% "%_fixmsg%"
|
|
echo:
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
)
|
|
|
|
goto :dk_done
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_uninstall
|
|
|
|
cls
|
|
if not defined terminal mode 99, 32
|
|
title Uninstall Ohook Activation %masver%
|
|
|
|
set _present=
|
|
set _unerror=
|
|
call :oh_reset
|
|
call :oh_getpath
|
|
|
|
echo:
|
|
echo Uninstalling Ohook Activation...
|
|
echo:
|
|
|
|
if defined o16c2r_reg (for /f "skip=2 tokens=2*" %%a in ('"reg query %o16c2r_reg% /v InstallPath" %nul6%') do (set "_16CHook=%%b\root\vfs"))
|
|
if defined o15c2r_reg (for /f "skip=2 tokens=2*" %%a in ('"reg query %o15c2r_reg% /v InstallPath" %nul6%') do (set "_15CHook=%%b\root\vfs"))
|
|
if defined o16msi_reg (for /f "skip=2 tokens=2*" %%a in ('"reg query %o16msi_reg%\Common\InstallRoot /v Path" %nul6%') do (set "_16MHook=%%b"))
|
|
if defined o15msi_reg (for /f "skip=2 tokens=2*" %%a in ('"reg query %o15msi_reg%\Common\InstallRoot /v Path" %nul6%') do (set "_15MHook=%%b"))
|
|
|
|
if defined _16CHook (if exist "%_16CHook%\System\sppc*dll" (set _present=1& del /s /f /q "%_16CHook%\System\sppc*dll" & if exist "%_16CHook%\System\sppc*dll" set _unerror=1))
|
|
if defined _16CHook (if exist "%_16CHook%\SystemX86\sppc*dll" (set _present=1& del /s /f /q "%_16CHook%\SystemX86\sppc*dll" & if exist "%_16CHook%\SystemX86\sppc*dll" set _unerror=1))
|
|
if defined _15CHook (if exist "%_15CHook%\System\sppc*dll" (set _present=1& del /s /f /q "%_15CHook%\System\sppc*dll" & if exist "%_15CHook%\System\sppc*dll" set _unerror=1))
|
|
if defined _15CHook (if exist "%_15CHook%\SystemX86\sppc*dll" (set _present=1& del /s /f /q "%_15CHook%\SystemX86\sppc*dll" & if exist "%_15CHook%\SystemX86\sppc*dll" set _unerror=1))
|
|
if defined _16MHook (if exist "%_16MHook%sppc*dll" (set _present=1& del /s /f /q "%_16MHook%sppc*dll" & if exist "%_16MHook%sppc*dll" set _unerror=1))
|
|
if defined _15MHook (if exist "%_15MHook%sppc*dll" (set _present=1& del /s /f /q "%_15MHook%sppc*dll" & if exist "%_15MHook%sppc*dll" set _unerror=1))
|
|
|
|
for %%# in (15 16) do (
|
|
for %%A in ("%ProgramFiles%" "%ProgramW6432%" "%ProgramFiles(x86)%") do (
|
|
if exist "%%~A\Microsoft Office\Office%%#\sppc*dll" (set _present=1& del /s /f /q "%%~A\Microsoft Office\Office%%#\sppc*dll" & if exist "%%~A\Microsoft Office\Office%%#\sppc*dll" set _unerror=1)
|
|
)
|
|
)
|
|
|
|
for %%# in (System SystemX86) do (
|
|
for %%G in ("Office 15" "Office") do (
|
|
for %%A in ("%ProgramFiles%" "%ProgramW6432%" "%ProgramFiles(x86)%") do (
|
|
if exist "%%~A\Microsoft %%~G\root\vfs\%%#\sppc*dll" (set _present=1& del /s /f /q "%%~A\Microsoft %%~G\root\vfs\%%#\sppc*dll" & if exist "%%~A\Microsoft %%~G\root\vfs\%%#\sppc*dll" set _unerror=1)
|
|
)
|
|
)
|
|
)
|
|
|
|
reg query HKCU\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency %nul% && (
|
|
echo:
|
|
echo Deleting - Registry keys to skip license check from all ^& future new useraccounts
|
|
|
|
reg load HKU\DEF_TEMP %SystemDrive%\Users\Default\NTUSER.DAT %nul%
|
|
reg query HKU\DEF_TEMP\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency %nul% && reg delete HKU\DEF_TEMP\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f
|
|
reg unload HKU\DEF_TEMP %nul%
|
|
|
|
for /f "tokens=* delims=" %%a in ('%psc% "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty $('{0}\{1}' -f $p, $_.PSChildName)).ProfileImagePath; if ($pi -like $('{0}\Users\*' -f $Env:SystemDrive)) { Split-Path $_.PSPath -Leaf } }" %nul6%') do (if defined _sidlist (set _sidlist=!_sidlist! %%a) else (set _sidlist=%%a))
|
|
|
|
for %%# in (!_sidlist!) do (
|
|
|
|
reg query HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency %nul% && reg delete HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f
|
|
|
|
reg query HKU\%%#\Software %nul% || (
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%%#" /v ProfileImagePath" %nul6%') do (
|
|
reg load HKU\%%# "%%b\NTUSER.DAT" %nul%
|
|
reg query HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency %nul% && reg delete HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f
|
|
reg unload HKU\%%# %nul%
|
|
)
|
|
)
|
|
)
|
|
)
|
|
|
|
set "kmskey=HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\0ff1ce15-a989-479d-af46-f275c6370663"
|
|
reg query "%kmskey%" %nul% && (
|
|
echo:
|
|
echo Deleting - Registry keys to prevent non-genuine banner
|
|
reg delete "%kmskey%" /f
|
|
)
|
|
|
|
reg query "%kmskey%" /reg:32 %nul% && (
|
|
reg delete "%kmskey%" /f /reg:32
|
|
)
|
|
|
|
echo __________________________________________________________________________________________
|
|
echo:
|
|
|
|
if not defined _present (
|
|
echo Ohook Activation is not installed.
|
|
) else (
|
|
if defined _unerror (
|
|
call :dk_color %Red% "Failed to uninstall Ohook activation."
|
|
call :oh_checkapps
|
|
if defined checknames (
|
|
call :dk_color %Blue% "Close [!checknames!] and try again."
|
|
call :dk_color %Blue% "If its still not resolved then restart system and try again."
|
|
) else (
|
|
call :dk_color %Blue% "Restart system and try again."
|
|
)
|
|
) else (
|
|
call :dk_color %Green% "Successfully uninstalled Ohook activation."
|
|
)
|
|
)
|
|
echo __________________________________________________________________________________________
|
|
|
|
goto :dk_done
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_reset
|
|
|
|
set key=
|
|
set _oRoot=
|
|
set _oArch=
|
|
set _oIds=
|
|
set _oLPath=
|
|
set _hookPath=
|
|
set _hook=
|
|
set _sppcPath=
|
|
set _actid=
|
|
set _prod=
|
|
set _lic=
|
|
set _arr=
|
|
set _prids=
|
|
set _config=
|
|
set _version=
|
|
set _License=
|
|
set _oBranding=
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_getpath
|
|
|
|
set o16c2r=
|
|
set o15c2r=
|
|
set o16msi=
|
|
set o15msi=
|
|
|
|
set _68=HKLM\SOFTWARE\Microsoft\Office
|
|
set _86=HKLM\SOFTWARE\Wow6432Node\Microsoft\Office
|
|
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_86%\ClickToRun /v InstallPath" %nul6%') do if exist "%%b\root\Licenses16\ProPlus*.xrm-ms" (set o16c2r=1&set o16c2r_reg=%_86%\ClickToRun)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_68%\ClickToRun /v InstallPath" %nul6%') do if exist "%%b\root\Licenses16\ProPlus*.xrm-ms" (set o16c2r=1&set o16c2r_reg=%_68%\ClickToRun)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_86%\15.0\ClickToRun /v InstallPath" %nul6%') do if exist "%%b\root\Licenses\ProPlus*.xrm-ms" (set o15c2r=1&set o15c2r_reg=%_86%\15.0\ClickToRun)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_68%\15.0\ClickToRun /v InstallPath" %nul6%') do if exist "%%b\root\Licenses\ProPlus*.xrm-ms" (set o15c2r=1&set o15c2r_reg=%_68%\15.0\ClickToRun)
|
|
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_86%\16.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o16msi=1&set o16msi_reg=%_86%\16.0)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_68%\16.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o16msi=1&set o16msi_reg=%_68%\16.0)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_86%\15.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o15msi=1&set o15msi_reg=%_86%\15.0)
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_68%\15.0\Common\InstallRoot /v Path" %nul6%') do if exist "%%b\EntityPicker.dll" (set o15msi=1&set o15msi_reg=%_68%\15.0)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Some Office Retail to Volume converter tools may edit the ProductReleaseIds to add VL products. This code restores it because it may affect features.
|
|
|
|
:oh_fixprids
|
|
|
|
if not defined _prids (
|
|
call :dk_color %Gray% "Checking ProductReleaseIds In Registry [Not Found]"
|
|
exit /b
|
|
)
|
|
|
|
set _pridsR=
|
|
set _pridsE=
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %_prids%" %nul6%') do (set "_pridsR=%%b")
|
|
|
|
set _pridsR=%_pridsR:,= %
|
|
for %%# in (%_pridsR%) do (echo %%# | findstr /I "%_oIds%" %nul1% || set _pridsE=1)
|
|
for %%# in (%_oIds%) do (echo %%# | findstr /I "%_pridsR%" %nul1% || set _pridsE=1)
|
|
|
|
if not defined _pridsE exit /b
|
|
reg add %_prids% /t REG_SZ /d "" /f %nul1%
|
|
|
|
for %%# in (%_oIds%) do (
|
|
for /f "skip=2 tokens=2*" %%a in ('reg query %_prids%') do if not "%%b"=="" (
|
|
reg add %_prids% /t REG_SZ /d "%%b,%%#" /f %nul1%
|
|
) else (
|
|
reg add %_prids% /t REG_SZ /d "%%#" /f %nul1%
|
|
)
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_installlic
|
|
|
|
if not defined _oLPath exit /b
|
|
|
|
if %oVer%==16 (
|
|
"!_oIntegrator!" /I /License PRIDName=%_License%.16 PidKey=%key% %nul%
|
|
) else (
|
|
"!_oIntegrator!" /I /License PRIDName=%_License% PidKey=%key% %nul%
|
|
)
|
|
|
|
call :dk_actids 0ff1ce15-a989-479d-af46-f275c6370663
|
|
echo "!allapps!" | find /i "!_actid!" %nul1% && exit /b
|
|
|
|
:: Fallback to manual method to install licenses incase integrator.exe is not working
|
|
|
|
set _License=%_License:XVolume=XC2RVL_%
|
|
|
|
set _License=%_License:O365EduCloudRetail=O365EduCloudEDUR_%
|
|
|
|
set _License=%_License:ProjectProRetail=ProjectProO365R_%
|
|
set _License=%_License:ProjectStdRetail=ProjectStdO365R_%
|
|
set _License=%_License:VisioProRetail=VisioProO365R_%
|
|
set _License=%_License:VisioStdRetail=VisioStdO365R_%
|
|
|
|
if defined _preview set _License=%_License:Volume=PreviewVL_%
|
|
|
|
set _License=%_License:Retail=R_%
|
|
set _License=%_License:Volume=VL_%
|
|
|
|
for %%# in ("!_oLPath!\client-issuance-*.xrm-ms") do (
|
|
if defined _arr (set "_arr=!_arr!;"!_oLPath!\%%~nx#"") else (set "_arr="!_oLPath!\%%~nx#"")
|
|
)
|
|
|
|
for %%# in ("!_oLPath!\%_License%*.xrm-ms") do (
|
|
if defined _arr (set "_arr=!_arr!;"!_oLPath!\%%~nx#"") else (set "_arr="!_oLPath!\%%~nx#"")
|
|
)
|
|
|
|
%psc% "$sls = Get-WmiObject %sps%; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); InstallLicenseArr '!_arr!'; InstallLicenseFile '"!_oLPath!\pkeyconfig-office.xrm-ms"'" %nul%
|
|
|
|
call :dk_actids 0ff1ce15-a989-479d-af46-f275c6370663
|
|
echo "!allapps!" | find /i "!_actid!" %nul1% || (
|
|
set error=1
|
|
call :dk_color %Red% "Installing Missing License Files [Office %oVer%.0 %_prod%] [Failed]"
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_hookinstall
|
|
|
|
set ierror=
|
|
set hasherror=
|
|
|
|
if %_hook%==sppc32.dll set offset=2564
|
|
if %_hook%==sppc64.dll set offset=3076
|
|
|
|
del /s /q "%_hookPath%\sppcs.dll" %nul%
|
|
del /s /q "%_hookPath%\sppc.dll" %nul%
|
|
|
|
if exist "%_hookPath%\sppcs.dll" set "ierror=Remove Previous Ohook Install"
|
|
if exist "%_hookPath%\sppc.dll" set "ierror=Remove Previous Ohook Install"
|
|
|
|
mklink "%_hookPath%\sppcs.dll" "%_sppcPath%" %nul%
|
|
if not %errorlevel%==0 (
|
|
if not defined ierror set ierror=mklink
|
|
)
|
|
|
|
set exhook=
|
|
if exist "!_work!\BIN\%_hook%" set exhook=1
|
|
|
|
if not exist "%_hookPath%\sppc.dll" (
|
|
if defined exhook (
|
|
pushd "!_work!\BIN\"
|
|
copy /y /b "%_hook%" "%_hookPath%\sppc.dll" %nul%
|
|
popd
|
|
) else (
|
|
call :oh_extractdll "%_hookPath%\sppc.dll" "%offset%"
|
|
)
|
|
)
|
|
if not exist "%_hookPath%\sppc.dll" (if not defined ierror set ierror=Copy)
|
|
|
|
echo:
|
|
if not defined ierror (
|
|
echo Symlinking System's sppc.dll To ["%_hookPath%\sppcs.dll"] [Successful]
|
|
if defined exhook (
|
|
echo Copying Custom %_hook% To ["%_hookPath%\sppc.dll"] [Successful]
|
|
) else (
|
|
echo Extracting Custom %_hook% To ["%_hookPath%\sppc.dll"] [Successful]
|
|
)
|
|
) else (
|
|
set error=1
|
|
call :dk_color %Red% "Installing Ohook [Failed to %ierror%]"
|
|
echo:
|
|
call :oh_checkapps
|
|
if defined checknames (
|
|
call :dk_color %Blue% "Close [!checknames!] and try again."
|
|
call :dk_color %Blue% "If its still not resolved then restart system and try again."
|
|
) else (
|
|
if /i not "%ierror%"=="Copy" call :dk_color %Blue% "Restart system and try again."
|
|
)
|
|
echo:
|
|
)
|
|
|
|
if not defined exhook if not defined ierror (
|
|
if defined hasherror (
|
|
set error=1
|
|
set ierror=1
|
|
call :dk_color %Red% "Modifying Hash of Custom %_hook% [Failed]"
|
|
) else (
|
|
echo Modifying Hash of Custom %_hook% [Successful]
|
|
)
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_process
|
|
|
|
for %%# in (%_oIds%) do (
|
|
|
|
echo: !actiProds%oVer%! | find /i "-%%#-" %nul1% && (
|
|
call :dk_color %Gray% "Checking Activation Status [%%# is already permanently activated]"
|
|
|
|
) || (
|
|
|
|
set key=
|
|
set _actid=
|
|
set _lic=
|
|
set _preview=
|
|
set _License=%%#
|
|
|
|
echo %%# | find /i "2024" %nul% && (
|
|
if exist "!_oLPath!\ProPlus2024PreviewVL_*.xrm-ms" if not exist "!_oLPath!\ProPlus2024VL_*.xrm-ms" set _preview=-Preview
|
|
)
|
|
set _prod=%%#!_preview!
|
|
|
|
call :ohookdata getinfo !_prod!
|
|
|
|
if not [!key!]==[] (
|
|
echo "!allapps!" | find /i "!_actid!" %nul1% || call :oh_installlic
|
|
call :dk_inskey "[!key!] [!_prod!] [!_lic!]"
|
|
) else (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Product In Script [Office %oVer%.0 !_prod! not found in script]"
|
|
call :dk_color %Blue% "Make sure you are using Latest MAS script."
|
|
set fixes=%fixes% %mas%
|
|
call :dk_color %_Yellow% "%mas%"
|
|
)
|
|
)
|
|
)
|
|
|
|
:: Add SharedComputerLicensing registry key if Retail Office C2R is installed on Windows Server
|
|
:: https://learn.microsoft.com/en-us/office/troubleshoot/office-suite-issues/click-to-run-office-on-terminal-server
|
|
|
|
if defined winserver if defined _config (
|
|
echo %_oIds% | find /i "Retail" %nul1% && (
|
|
set scaIsNeeded=1
|
|
reg add %_config% /v SharedComputerLicensing /t REG_SZ /d "1" /f %nul1%
|
|
echo Adding SharedComputerLicensing Reg [Successful] [Needed On Server With Retail Office]"
|
|
)
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_processmsi
|
|
|
|
:: Process Office MSI Version
|
|
|
|
call :oh_reset
|
|
call :dk_actids 0ff1ce15-a989-479d-af46-f275c6370663
|
|
|
|
set oVer=%1
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %2\Common\InstallRoot /v Path" %nul6%') do (set "_oRoot=%%b")
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query %2\Common\ProductVersion /v LastProduct" %nul6%') do (set "_version=%%b")
|
|
if "%_oRoot:~-1%"=="\" set "_oRoot=%_oRoot:~0,-1%"
|
|
|
|
echo "%2" | find /i "Wow6432Node" %nul1% && set _oArch=x86
|
|
if not [%osarch%]==[x86] if not defined _oArch set _oArch=x64
|
|
if [%osarch%]==[x86] set _oArch=x86
|
|
|
|
if [%_oArch%]==[x64] (set "_hookPath=%_oRoot%" & set "_hook=sppc64.dll")
|
|
if [%_oArch%]==[x86] (set "_hookPath=%_oRoot%" & set "_hook=sppc32.dll")
|
|
if not [%osarch%]==[x86] (
|
|
if [%_oArch%]==[x64] set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
if [%_oArch%]==[x86] set "_sppcPath=%SystemRoot%\SysWOW64\sppc.dll"
|
|
) else (
|
|
set "_sppcPath=%SystemRoot%\System32\sppc.dll"
|
|
)
|
|
|
|
set "_common=%CommonProgramFiles%"
|
|
if defined PROCESSOR_ARCHITEW6432 set "_common=%CommonProgramW6432%"
|
|
set "_common2=%CommonProgramFiles(x86)%"
|
|
|
|
for /r "%_common%\Microsoft Shared\OFFICE%oVer%\" %%f in (BRANDING.XML) do if exist "%%f" set "_oBranding=%%f"
|
|
if not defined _oBranding for /r "%_common2%\Microsoft Shared\OFFICE%oVer%\" %%f in (BRANDING.XML) do if exist "%%f" set "_oBranding=%%f"
|
|
|
|
call :ohookdata getmsiprod %2
|
|
|
|
echo:
|
|
echo Activating Office... [MSI ^| %_version% ^| %_oArch%]
|
|
|
|
if not defined _oBranding (
|
|
set error=1
|
|
call :dk_color %Red% "Checking BRANDING.XML [Not Found. Aborting activation...]"
|
|
exit /b
|
|
)
|
|
|
|
if not defined _oIds (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Installed Products [Product IDs not found. Aborting activation...]"
|
|
exit /b
|
|
)
|
|
|
|
call :oh_process
|
|
call :oh_hookinstall
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_findactivated
|
|
|
|
set oVer=%2
|
|
set _FsortIds=
|
|
set actiProds=
|
|
|
|
for /f "delims=" %%a in ('%psc% "(Get-WmiObject -Query 'SELECT LicenseFamily, Name FROM %spp% WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL' | Where-Object { $_.Name %1 '*Office 15*' }).LicenseFamily" %nul6%') do call set "actiProds=%%a !actiProds!"
|
|
|
|
if not defined actiProds exit /b
|
|
|
|
for %%# in (%actiProds%) do (
|
|
set _sortIds=%%#
|
|
set _sortIds=!_sortIds:OfficeSPDFreeR_=SPDRetail_!
|
|
set _sortIds=!_sortIds:XC2RVL_=XVolume_!
|
|
set _sortIds=!_sortIds:CO365R_=Retail_!
|
|
set _sortIds=!_sortIds:O365R_=Retail_!
|
|
set _sortIds=!_sortIds:E5R_=Retail_!
|
|
set _sortIds=!_sortIds:MSDNR_=Retail_!
|
|
set _sortIds=!_sortIds:DemoR_=Retail_!
|
|
set _sortIds=!_sortIds:EDUR_=Retail_!
|
|
set _sortIds=!_sortIds:R_=Retail_!
|
|
set _sortIds=!_sortIds:VL_=Volume_!
|
|
set _sortIds=!_sortIds:Office16=!
|
|
set _sortIds=!_sortIds:Office19=!
|
|
set _sortIds=!_sortIds:Office21=!
|
|
set _sortIds=!_sortIds:Office24=!
|
|
set _sortIds=!_sortIds:Office=!
|
|
for /f "tokens=1 delims=-_" %%a in ("!_sortIds!") do set "_sortIds=-%%a-"
|
|
set _FsortIds=!_sortIds! !_FsortIds!
|
|
)
|
|
|
|
call :ohookdata findactivated %2
|
|
exit /b
|
|
|
|
:: Below IDs are not checked for permanent activation
|
|
set _sortIds=!_sortIds:PreviewVL_=Volume_!
|
|
set _sortIds=!_sortIds:PreInstallR_=Retail_!
|
|
|
|
::========================================================================================================================================
|
|
|
|
:oh_clearblock
|
|
|
|
:: Find remnants of Office vNext/shared/device license block and remove it because it stops other licenses from appearing
|
|
:: https://learn.microsoft.com/office/troubleshoot/activation/reset-office-365-proplus-activation-state
|
|
|
|
set _sidlist=
|
|
for /f "tokens=* delims=" %%a in ('%psc% "$p = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList'; Get-ChildItem $p | ForEach-Object { $pi = (Get-ItemProperty $('{0}\{1}' -f $p, $_.PSChildName)).ProfileImagePath; if ($pi -like $('{0}\Users\*' -f $Env:SystemDrive)) { Split-Path $_.PSPath -Leaf } }" %nul6%') do (if defined _sidlist (set _sidlist=!_sidlist! %%a) else (set _sidlist=%%a))
|
|
|
|
if not defined _sidlist (
|
|
set error=1
|
|
call :dk_color %Red% "Checking User Accounts SID [Not Found]"
|
|
exit /b
|
|
)
|
|
|
|
set /a counter=0
|
|
for %%# in (%_sidlist%) do set /a counter+=1
|
|
|
|
if %counter% GTR 10 (
|
|
call :dk_color %Gray% "Checking Total User Accounts [%counter%]"
|
|
)
|
|
|
|
::==========================
|
|
|
|
:: Load the unloaded useraccounts registry
|
|
|
|
set loadedsids=
|
|
set failedtoload=
|
|
set failedtounload=
|
|
for %%# in (%_sidlist%) do (
|
|
reg query HKU\%%#\Software %nul% || (
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%%#" /v ProfileImagePath" %nul6%') do (
|
|
reg load HKU\%%# "%%b\NTUSER.DAT" %nul%
|
|
reg query HKU\%%#\Software %nul% && (
|
|
call set "loadedsids=%%loadedsids%% %%#"
|
|
) || (
|
|
set failedtoload=1
|
|
)
|
|
)
|
|
)
|
|
)
|
|
|
|
::==========================
|
|
|
|
:: Clear the vNext/shared/device license blocks which may prevent ohook activation
|
|
|
|
rmdir /s /q "%ProgramData%\Microsoft\Office\Licenses\" %nul%
|
|
|
|
for %%x in (15 16) do (
|
|
for %%# in (%_sidlist%) do (
|
|
reg delete HKU\%%#\Software\Microsoft\Office\%%x.0\Common\Licensing /f %nul%
|
|
reg delete HKU\%%#\Software\Microsoft\Office\%%x.0\Common\Identity /f %nul%
|
|
|
|
for /f "skip=2 tokens=2*" %%a in ('"reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\%%#" /v ProfileImagePath" %nul6%') do (
|
|
rmdir /s /q "%%b\AppData\Local\Microsoft\Office\Licenses\" %nul%
|
|
rmdir /s /q "%%b\AppData\Local\Microsoft\Office\%%x.0\Licensing\" %nul%
|
|
)
|
|
)
|
|
reg delete "HKLM\SOFTWARE\Microsoft\Office\%%x.0\Common\Licensing" /f %nul%
|
|
reg delete "HKLM\SOFTWARE\Microsoft\Office\%%x.0\Common\Licensing" /f /reg:32 %nul%
|
|
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\%%x.0\Common\Licensing" /f %nul%
|
|
reg delete "HKLM\SOFTWARE\Policies\Microsoft\Office\%%x.0\Common\Licensing" /f /reg:32 %nul%
|
|
)
|
|
|
|
:: Clear SharedComputerLicensing for office
|
|
:: https://learn.microsoft.com/en-us/deployoffice/overview-shared-computer-activation
|
|
|
|
if not defined scaIsNeeded (
|
|
reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f %nul%
|
|
reg delete HKLM\SOFTWARE\Microsoft\Office\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32 %nul%
|
|
reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f %nul%
|
|
reg delete HKLM\SOFTWARE\Microsoft\Office\15.0\ClickToRun\Configuration /v SharedComputerLicensing /f /reg:32 %nul%
|
|
)
|
|
|
|
:: Clear device-based-licensing
|
|
:: https://learn.microsoft.com/deployoffice/device-based-licensing
|
|
|
|
for %%# in (%_o16c2rIds%) do (
|
|
reg delete %o16c2r_reg%\Configuration /v %%#.DeviceBasedLicensing /f %nul%
|
|
)
|
|
|
|
:: Remove OEM registry key
|
|
:: https://support.microsoft.com/office/office-repeatedly-prompts-you-to-activate-on-a-new-pc-a9a6b05f-f6ce-4d1f-8d49-eb5007b64ba1
|
|
|
|
for %%# in (15 16) do (
|
|
reg delete "HKLM\SOFTWARE\Microsoft\Office\%%#.0\Common\OEM" /f %nul%
|
|
reg delete "HKLM\SOFTWARE\Microsoft\Office\%%#.0\Common\OEM" /f /reg:32 %nul%
|
|
)
|
|
|
|
reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies\0ff1ce15-a989-479d-af46-f275c6370663" /f %nul%
|
|
|
|
echo Clearing Office License Blocks [Successfully Cleared From All %counter% Useraccounts]
|
|
|
|
::==========================
|
|
|
|
:: Some retail products attempt to validate the license and may show a banner "There was a problem checking this device's license status."
|
|
:: Resiliency registry entry can skip this check
|
|
|
|
if defined o16c2r if defined officeact (
|
|
reg load HKU\DEF_TEMP %SystemDrive%\Users\Default\NTUSER.DAT %nul%
|
|
reg query HKU\DEF_TEMP %nul% || set failedtoload=1
|
|
reg add HKU\DEF_TEMP\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f %nul%
|
|
reg unload HKU\DEF_TEMP %nul%
|
|
reg query HKU\DEF_TEMP %nul% && set failedtounload=1
|
|
|
|
for %%# in (%_sidlist%) do (
|
|
reg delete HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /f %nul%
|
|
reg add HKU\%%#\Software\Microsoft\Office\16.0\Common\Licensing\Resiliency /v "TimeOfLastHeartbeatFailure" /t REG_SZ /d "2040-01-01T00:00:00Z" /f %nul%
|
|
)
|
|
echo Adding Reg Keys To Skip License Check [Successfully Added To All %counter% ^& Future New Useraccounts]
|
|
)
|
|
|
|
::==========================
|
|
|
|
:: Unload the loaded useraccounts registry
|
|
|
|
for %%# in (%loadedsids%) do (
|
|
reg unload HKU\%%# %nul%
|
|
reg query HKU\%%# %nul% && set failedtounload=1
|
|
)
|
|
|
|
if defined failedtoload (
|
|
set error=1
|
|
call :dk_color %Red% "Loading Unloaded accounts Registry [Failed For Some Useraccounts]"
|
|
call :dk_color %Blue% "Restart the system and try again."
|
|
)
|
|
|
|
if defined failedtounload (
|
|
set error=1
|
|
call :dk_color %Red% "Unloading loaded accounts Registry [Failed For Some Useraccounts]"
|
|
call :dk_color %Blue% "Restart the system and try again."
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Uninstall other / grace Keys
|
|
|
|
:oh_uninstkey
|
|
|
|
set upk_result=0
|
|
call :dk_actid 0ff1ce15-a989-479d-af46-f275c6370663
|
|
|
|
if "%_actprojvis%"=="1" (
|
|
set _allactid=
|
|
for /f "delims=" %%a in ('%psc% "(Get-WmiObject -Query 'SELECT ID, Description, LicenseFamily FROM %spp% WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND PartialProductKey IS NOT NULL' | Where-Object { $_.LicenseFamily -notmatch 'Project' -and $_.LicenseFamily -notmatch 'Visio' }).ID" %nul6%') do call set "_allactid=%%a !_allactid!"
|
|
for /f "delims=" %%a in ('%psc% "(Get-WmiObject -Query 'SELECT ID, Description, LicenseFamily FROM %spp% WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND PartialProductKey IS NOT NULL' | Where-Object { $_.Description -match 'KMSCLIENT' -and ($_.LicenseFamily -match 'Project' -or $_.LicenseFamily -match 'Visio') }).ID" %nul6%') do call set "_allactid=%%a !_allactid!"
|
|
) else (
|
|
for /f "delims=" %%a in ('%psc% "(Get-WmiObject -Query 'SELECT ID FROM %spp% WHERE ApplicationID=''0ff1ce15-a989-479d-af46-f275c6370663'' AND LicenseStatus=1 AND GracePeriodRemaining=0 AND PartialProductKey IS NOT NULL').ID" %nul6%') do call set "_allactid=%%a !_allactid!"
|
|
)
|
|
|
|
for %%# in (%apps%) do (
|
|
echo "%_allactid%" | find /i "%%#" %nul1% || (
|
|
|
|
if %_wmic% EQU 1 wmic path %spp% where ID='%%#' call UninstallProductKey %nul%
|
|
if %_wmic% EQU 0 %psc% "$null=([WMI]'%spp%=''%%#''').UninstallProductKey()" %nul%
|
|
|
|
if !errorlevel!==0 (
|
|
set upk_result=1
|
|
) else (
|
|
set error=1
|
|
set upk_result=2
|
|
)
|
|
)
|
|
)
|
|
|
|
if defined officeact if not %upk_result%==0 echo:
|
|
if %upk_result%==1 echo Uninstalling Other/Grace Keys [Successful]
|
|
if %upk_result%==2 call :dk_color %Red% "Uninstalling Other/Grace Keys [Failed]"
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Refresh Windows Insider Preview Licenses
|
|
:: It required in Insider versions otherwise office may not activate
|
|
|
|
:oh_licrefresh
|
|
|
|
if exist "%SysPath%\spp\store_test\2.0\tokens.dat" (
|
|
%psc% "Stop-Service sppsvc -force; $sls = Get-WmiObject SoftwareLicensingService; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); ReinstallLicenses" %nul%
|
|
if !errorlevel! NEQ 0 %psc% "$sls = Get-WmiObject SoftwareLicensingService; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); ReinstallLicenses" %nul%
|
|
)
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check running office apps and notify user
|
|
|
|
:oh_checkapps
|
|
|
|
set checkapps=
|
|
set checknames=
|
|
for /f "tokens=1" %%i in ('tasklist ^| findstr /I ".exe" %nul6%') do (set "checkapps=!checkapps! %%i")
|
|
|
|
for %%# in (
|
|
Access_msaccess.exe
|
|
Excel_excel.exe
|
|
Groove_groove.exe
|
|
Lync_lync.exe
|
|
OneNote_onenote.exe
|
|
Outlook_outlook.exe
|
|
PowerPoint_powerpnt.exe
|
|
Project_winproj.exe
|
|
Publisher_mspub.exe
|
|
Visio_visio.exe
|
|
Word_winword.exe
|
|
Lime_lime.exe
|
|
) do (
|
|
for /f "tokens=1-2 delims=_" %%A in ("%%#") do (
|
|
echo !checkapps! | find /i "%%B" %nul1% && (if defined checknames (set "checknames=!checknames! %%A") else (set "checknames=%%A"))
|
|
)
|
|
)
|
|
exit /b
|
|
|
|
:: Set variables
|
|
|
|
:dk_setvar
|
|
|
|
set psc=powershell.exe
|
|
set winbuild=1
|
|
for /f "tokens=6 delims=[]. " %%G in ('ver') do set winbuild=%%G
|
|
|
|
set _NCS=1
|
|
if %winbuild% LSS 10586 set _NCS=0
|
|
if %winbuild% GEQ 10586 reg query "HKCU\Console" /v ForceV2 %nul2% | find /i "0x0" %nul1% && (set _NCS=0)
|
|
|
|
if %_NCS% EQU 1 (
|
|
for /F %%a in ('echo prompt $E ^| cmd') do set "esc=%%a"
|
|
set "Red="41;97m""
|
|
set "Gray="100;97m""
|
|
set "Green="42;97m""
|
|
set "Blue="44;97m""
|
|
set "_White="40;37m""
|
|
set "_Green="40;92m""
|
|
set "_Yellow="40;93m""
|
|
) else (
|
|
set "Red="Red" "white""
|
|
set "Gray="Darkgray" "white""
|
|
set "Green="DarkGreen" "white""
|
|
set "Blue="Blue" "white""
|
|
set "_White="Black" "Gray""
|
|
set "_Green="Black" "Green""
|
|
set "_Yellow="Black" "Yellow""
|
|
)
|
|
|
|
set "nceline=echo: &echo ==== ERROR ==== &echo:"
|
|
set "eline=echo: &call :dk_color %Red% "==== ERROR ====" &echo:"
|
|
if %~z0 GEQ 200000 (
|
|
set "_exitmsg=Go back"
|
|
set "_fixmsg=Go back to Main Menu, select Troubleshoot and run Fix Licensing option."
|
|
) else (
|
|
set "_exitmsg=Exit"
|
|
set "_fixmsg=In MAS folder, run Troubleshoot script and select Fix Licensing option."
|
|
)
|
|
exit /b
|
|
|
|
:: Show OS info
|
|
|
|
:dk_showosinfo
|
|
|
|
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE') do set osarch=%%b
|
|
|
|
for /f "tokens=6-7 delims=[]. " %%i in ('ver') do if not "%%j"=="" (
|
|
set fullbuild=%%i.%%j
|
|
) else (
|
|
for /f "tokens=3" %%G in ('"reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v UBR" %nul6%') do if not errorlevel 1 set /a "UBR=%%G"
|
|
for /f "skip=2 tokens=3,4 delims=. " %%G in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildLabEx') do (
|
|
if defined UBR (set "fullbuild=%%G.!UBR!") else (set "fullbuild=%%G.%%H")
|
|
)
|
|
)
|
|
|
|
echo Checking OS Info [%winos% ^| %fullbuild% ^| %osarch%]
|
|
exit /b
|
|
|
|
:: Refresh license status
|
|
|
|
:dk_refresh
|
|
|
|
if %_wmic% EQU 1 wmic path %sps% where __CLASS='%sps%' call RefreshLicenseStatus %nul%
|
|
if %_wmic% EQU 0 %psc% "$null=(([WMICLASS]'%sps%').GetInstances()).RefreshLicenseStatus()" %nul%
|
|
exit /b
|
|
|
|
:: Install Key
|
|
|
|
:dk_inskey
|
|
|
|
if %_wmic% EQU 1 wmic path %sps% where __CLASS='%sps%' call InstallProductKey ProductKey="%key%" %nul%
|
|
if %_wmic% EQU 0 %psc% "try { $null=(([WMISEARCHER]'SELECT Version FROM %sps%').Get()).InstallProductKey('%key%'); exit 0 } catch { exit $_.Exception.InnerException.HResult }" %nul%
|
|
set keyerror=%errorlevel%
|
|
cmd /c exit /b %keyerror%
|
|
if %keyerror% NEQ 0 set "keyerror=[0x%=ExitCode%]"
|
|
|
|
if %keyerror% EQU 0 (
|
|
if %sps%==SoftwareLicensingService call :dk_refresh
|
|
echo Installing Generic Product Key %~1 [Successful]
|
|
) else (
|
|
call :dk_color %Red% "Installing Generic Product Key %~1 [Failed] %keyerror%"
|
|
if not defined error (
|
|
if defined altapplist call :dk_color %Red% "Activation ID not found for this key."
|
|
call :dk_color %Blue% "%_fixmsg%"
|
|
set showfix=1
|
|
)
|
|
set error=1
|
|
)
|
|
|
|
exit /b
|
|
|
|
:: Get all products Activation IDs
|
|
|
|
:dk_actids
|
|
|
|
set allapps=
|
|
if %_wmic% EQU 1 set "chkapp=for /f "tokens=2 delims==" %%a in ('"wmic path %spp% where (ApplicationID='%1') get ID /VALUE" %nul6%')"
|
|
if %_wmic% EQU 0 set "chkapp=for /f "tokens=2 delims==" %%a in ('%psc% "(([WMISEARCHER]'SELECT ID FROM %spp% WHERE ApplicationID=''%1''').Get()).ID ^| %% {echo ('ID='+$_)}" %nul6%')"
|
|
%chkapp% do (if defined allapps (call set "allapps=!allapps! %%a") else (call set "allapps=%%a"))
|
|
exit /b
|
|
|
|
:: Get installed products Activation IDs
|
|
|
|
:dk_actid
|
|
|
|
set apps=
|
|
if %_wmic% EQU 1 set "chkapp=for /f "tokens=2 delims==" %%a in ('"wmic path %spp% where (ApplicationID='%1' and PartialProductKey is not null) get ID /VALUE" %nul6%')"
|
|
if %_wmic% EQU 0 set "chkapp=for /f "tokens=2 delims==" %%a in ('%psc% "(([WMISEARCHER]'SELECT ID FROM %spp% WHERE ApplicationID=''%1'' AND PartialProductKey IS NOT NULL').Get()).ID ^| %% {echo ('ID='+$_)}" %nul6%')"
|
|
%chkapp% do (if defined apps (call set "apps=!apps! %%a") else (call set "apps=%%a"))
|
|
exit /b
|
|
|
|
:: Install License files using Powershell/WMI instead of slmgr.vbs
|
|
|
|
:xrm:
|
|
function InstallLicenseFile($Lsc) {
|
|
try {
|
|
$null = $sls.InstallLicense([IO.File]::ReadAllText($Lsc))
|
|
} catch {
|
|
$host.SetShouldExit($_.Exception.HResult)
|
|
}
|
|
}
|
|
function InstallLicenseArr($Str) {
|
|
$a = $Str -split ';'
|
|
ForEach ($x in $a) {InstallLicenseFile "$x"}
|
|
}
|
|
function InstallLicenseDir($Loc) {
|
|
dir $Loc *.xrm-ms -af -s | select -expand FullName | % {InstallLicenseFile "$_"}
|
|
}
|
|
function ReinstallLicenses() {
|
|
$Oem = "$env:SysPath\oem"
|
|
$Spp = "$env:SysPath\spp\tokens"
|
|
InstallLicenseDir "$Spp"
|
|
If (Test-Path $Oem) {InstallLicenseDir "$Oem"}
|
|
}
|
|
:xrm:
|
|
|
|
:: Check wmic.exe
|
|
|
|
:dk_ckeckwmic
|
|
|
|
set _wmic=0
|
|
for %%# in (wmic.exe) do @if not "%%~$PATH:#"=="" (
|
|
wmic path Win32_ComputerSystem get CreationClassName /value %nul2% | find /i "computersystem" %nul1% && set _wmic=1
|
|
)
|
|
exit /b
|
|
|
|
:: Show info for potential script stuck scenario
|
|
|
|
:dk_sppissue
|
|
|
|
set w=
|
|
sc start sppsvc %nul%
|
|
set spperror=%errorlevel%
|
|
|
|
if %spperror% NEQ 1056 if %spperror% NEQ 0 (
|
|
%eline%
|
|
echo sc start sppsvc [Error Code: %spperror%]
|
|
)
|
|
|
|
echo "%spperror%" | findstr "577 225" %nul% && (
|
|
echo:
|
|
echo Your system is most likely infected with Mal%w%ware.
|
|
echo:
|
|
set fixes=%fixes% %mas%remove_mal%w%ware
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
|
|
)
|
|
|
|
echo:
|
|
%psc% "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM %sps%').Version }; if (-not (Wait-Job $job -Timeout 20)) {write-host 'sppsvc is not working correctly. Help - %mas%troubleshoot'}"
|
|
exit /b
|
|
|
|
:: Get Product name (WMI/REG methods are not reliable in all conditions, hence winbrand.dll method is used)
|
|
|
|
:dk_product
|
|
|
|
set d1=%ref% $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3);
|
|
set d1=%d1% $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%%WINDOWS_LONG%%')
|
|
|
|
set winos=
|
|
for /f "delims=" %%s in ('"%psc% %d1%"') do if not errorlevel 1 (set winos=%%s)
|
|
echo "%winos%" | find /i "Windows" %nul1% || (
|
|
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName %nul6%') do set "winos=%%b"
|
|
if %winbuild% GEQ 22000 (
|
|
set winos=!winos:Windows 10=Windows 11!
|
|
)
|
|
)
|
|
exit /b
|
|
|
|
:: Common lines used in PowerShell reflection code
|
|
|
|
:dk_reflection
|
|
|
|
set ref=$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1);
|
|
set ref=%ref% $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False);
|
|
set ref=%ref% $TypeBuilder = $ModuleBuilder.DefineType(0);
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:dk_chkmal
|
|
|
|
:: Many users unknowingly download mal-ware by using activators found through Google search.
|
|
:: This code aims to notify users that their system has been affected by mal-ware.
|
|
|
|
set w=
|
|
set results=
|
|
if exist "%ProgramFiles%\KM%w%Spico" set pupfound1= KM%w%Spico
|
|
if exist "%SysPath%\Tasks\R@1n-KMS" set pupfound2= R@inKMS
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "AutoPico" %nul% && set pupfound1= KM%w%Spico
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s | find /i "R@1n" %nul% && set pupfound2= R@inKMS
|
|
set pupfound=%pupfound1%%pupfound2%
|
|
|
|
set hcount=0
|
|
for %%# in (avira.com kaspersky.com virustotal.com mcafee.com) do (
|
|
find /i "%%#" %SysPath%\drivers\etc\hosts %nul% && set /a hcount+=1)
|
|
if %hcount%==4 set "results=[AV URLs are blocked in hosts]"
|
|
|
|
set wucount=0
|
|
for %%# in (wuauserv) do (
|
|
set _corrupt=
|
|
for %%G in (DependOnService Description DisplayName ErrorControl ImagePath ObjectName Start Type) do if not defined _corrupt (
|
|
reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || (set _corrupt=1 & set /a wucount+=1)
|
|
)
|
|
)
|
|
if %wucount% GEQ 1 set "results=%results%[WU registry is corrupt]"
|
|
|
|
sc start sppsvc %nul%
|
|
echo "%errorlevel%" | findstr "577 225" %nul% && set "results=%results%[Likely File Infector]"
|
|
|
|
if not "%results%%pupfound%"=="" (
|
|
if defined pupfound call :dk_color %Gray% "Checking PUP Activators [Found%pupfound%]"
|
|
if defined results call :dk_color %Red% "Checking Probable Mal%w%ware Infection %results%"
|
|
set fixes=%fixes% %mas%remove_mal%w%ware
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%remove_mal%w%ware"
|
|
echo:
|
|
)
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:dk_errorcheck
|
|
|
|
set showfix=
|
|
call :dk_chkmal
|
|
|
|
:: Check corrupt services
|
|
|
|
set serv_cor=
|
|
for %%# in (%_serv%) do (
|
|
set _corrupt=
|
|
sc start %%# %nul%
|
|
if !errorlevel! EQU 1060 set _corrupt=1
|
|
sc query %%# %nul% || set _corrupt=1
|
|
for %%G in (DependOnService Description DisplayName ErrorControl ImagePath ObjectName Start Type) do if not defined _corrupt (
|
|
reg query HKLM\SYSTEM\CurrentControlSet\Services\%%# /v %%G %nul% || set _corrupt=1
|
|
)
|
|
|
|
if defined _corrupt (if defined serv_cor (set "serv_cor=!serv_cor! %%#") else (set "serv_cor=%%#"))
|
|
)
|
|
|
|
if defined serv_cor (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Corrupt Services [%serv_cor%]"
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check disabled services
|
|
|
|
set serv_ste=
|
|
for %%# in (%_serv%) do (
|
|
sc start %%# %nul%
|
|
if !errorlevel! EQU 1058 (if defined serv_ste (set "serv_ste=!serv_ste! %%#") else (set "serv_ste=%%#"))
|
|
)
|
|
|
|
:: Change disabled services startup type to default
|
|
|
|
set serv_csts=
|
|
set serv_cste=
|
|
|
|
if defined serv_ste (
|
|
for %%# in (%serv_ste%) do (
|
|
if /i %%#==ClipSVC (reg add "HKLM\SYSTEM\CurrentControlSet\Services\%%#" /v "Start" /t REG_DWORD /d "3" /f %nul% & sc config %%# start= demand %nul%)
|
|
if /i %%#==wlidsvc sc config %%# start= demand %nul%
|
|
if /i %%#==sppsvc (reg add "HKLM\SYSTEM\CurrentControlSet\Services\%%#" /v "Start" /t REG_DWORD /d "2" /f %nul% & sc config %%# start= delayed-auto %nul%)
|
|
if /i %%#==KeyIso sc config %%# start= demand %nul%
|
|
if /i %%#==LicenseManager sc config %%# start= demand %nul%
|
|
if /i %%#==Winmgmt sc config %%# start= auto %nul%
|
|
if !errorlevel!==0 (
|
|
if defined serv_csts (set "serv_csts=!serv_csts! %%#") else (set "serv_csts=%%#")
|
|
) else (
|
|
if defined serv_cste (set "serv_cste=!serv_cste! %%#") else (set "serv_cste=%%#")
|
|
)
|
|
)
|
|
)
|
|
|
|
if defined serv_csts call :dk_color %Gray% "Enabling Disabled Services [Successful] [%serv_csts%]"
|
|
|
|
if defined serv_cste (
|
|
set error=1
|
|
call :dk_color %Red% "Enabling Disabled Services [Failed] [%serv_cste%]"
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Check if the services are able to run or not
|
|
:: Workarounds are added to get correct status and error code because sc query doesn't output correct results in some conditions
|
|
|
|
set serv_e=
|
|
for %%# in (%_serv%) do (
|
|
set errorcode=
|
|
set checkerror=
|
|
|
|
sc query %%# | find /i "RUNNING" %nul% || (
|
|
%psc% "Start-Job { Start-Service %%# } | Wait-Job -Timeout 10 | Out-Null"
|
|
set errorcode=!errorlevel!
|
|
sc query %%# | find /i "RUNNING" %nul% || set checkerror=1
|
|
)
|
|
|
|
sc start %%# %nul%
|
|
if !errorlevel! NEQ 1056 if !errorlevel! NEQ 0 (set errorcode=!errorlevel!&set checkerror=1)
|
|
if defined checkerror if defined serv_e (set "serv_e=!serv_e!, %%#-!errorcode!") else (set "serv_e=%%#-!errorcode!")
|
|
)
|
|
|
|
if defined serv_e (
|
|
set error=1
|
|
call :dk_color %Red% "Starting Services [Failed] [%serv_e%]"
|
|
echo %serv_e% | findstr /i "ClipSVC-1058 sppsvc-1058" %nul% && (
|
|
call :dk_color %Blue% "Restart the system to fix this error."
|
|
set showfix=1
|
|
)
|
|
)
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: Various error checks
|
|
|
|
if defined safeboot_option (
|
|
set error=1
|
|
set showfix=1
|
|
call :dk_color2 %Red% "Checking Boot Mode [%safeboot_option%] " %Blue% "[Safe mode found. Run in normal mode.]"
|
|
)
|
|
|
|
|
|
for /f "skip=2 tokens=2*" %%A in ('reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState') do (set imagestate=%%B)
|
|
if /i not "%imagestate%"=="IMAGE_STATE_COMPLETE" (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Windows Setup State [%imagestate%]"
|
|
echo "%imagestate%" | find /i "RESEAL" %nul% && (
|
|
set showfix=1
|
|
call :dk_color %Blue% "You need to run it in normal mode in case you are running it in Audit Mode."
|
|
)
|
|
)
|
|
|
|
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot %nul% && (
|
|
set error=1
|
|
set showfix=1
|
|
call :dk_color2 %Red% "Checking WinPE " %Blue% "[WinPE mode found. Run in normal mode.]"
|
|
)
|
|
|
|
|
|
set wpainfo=
|
|
set wpaerror=
|
|
for /f "delims=" %%a in ('%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':wpatest\:.*';iex ($f[1])" %nul6%') do (set wpainfo=%%a)
|
|
echo "%wpainfo%" | find /i "Error Found" %nul% && (
|
|
set error=1
|
|
set wpaerror=1
|
|
call :dk_color %Red% "Checking WPA Registry Error [%wpainfo%]"
|
|
) || (
|
|
echo Checking WPA Registry Count [%wpainfo%]
|
|
)
|
|
|
|
|
|
if not defined officeact if exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*EvalEdition~*.mum" (
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID %nul2% | find /i "Eval" %nul1% || (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Eval Packages [Non-Eval Licenses are installed in Eval Windows]"
|
|
set fixes=%fixes% %mas%evaluation-editions
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%evaluation-editions"
|
|
)
|
|
)
|
|
|
|
|
|
set osedition=0
|
|
for /f "skip=2 tokens=3" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID %nul6%') do set "osedition=%%a"
|
|
|
|
:: Workaround for an issue in builds between 1607 and 1709 where ProfessionalEducation is shown as Professional
|
|
|
|
if not %osedition%==0 (
|
|
if "%osSKU%"=="164" set osedition=ProfessionalEducation
|
|
if "%osSKU%"=="165" set osedition=ProfessionalEducationN
|
|
)
|
|
|
|
if not defined officeact (
|
|
if %osedition%==0 (
|
|
call :dk_color %Red% "Checking Edition Name [Not Found In Registry]"
|
|
) else (
|
|
|
|
if not exist "%SysPath%\spp\tokens\skus\%osedition%\%osedition%*.xrm-ms" if not exist "%SysPath%\spp\tokens\skus\Security-SPP-Component-SKU-%osedition%\*-%osedition%-*.xrm-ms" (
|
|
set error=1
|
|
set skunotfound=1
|
|
call :dk_color %Red% "Checking License Files [Not Found] [%osedition%]"
|
|
)
|
|
|
|
if not exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*-%osedition%-*.mum" (
|
|
set error=1
|
|
call :dk_color %Red% "Checking Package File [Not Found] [%osedition%]"
|
|
)
|
|
)
|
|
)
|
|
|
|
|
|
%psc% "try { $null=([WMISEARCHER]'SELECT * FROM %sps%').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }" %nul%
|
|
set error_code=%errorlevel%
|
|
cmd /c exit /b %error_code%
|
|
if %error_code% NEQ 0 set "error_code=0x%=ExitCode%"
|
|
if %error_code% NEQ 0 (
|
|
set error=1
|
|
call :dk_color %Red% "Checking SoftwareLicensingService [Not Working] %error_code%"
|
|
)
|
|
|
|
|
|
set wmifailed=
|
|
if %_wmic% EQU 1 wmic path Win32_ComputerSystem get CreationClassName /value %nul2% | find /i "computersystem" %nul1%
|
|
if %_wmic% EQU 0 %psc% "Get-WmiObject -Class Win32_ComputerSystem | Select-Object -Property CreationClassName" %nul2% | find /i "computersystem" %nul1%
|
|
|
|
if %errorlevel% NEQ 0 set wmifailed=1
|
|
echo "%error_code%" | findstr /i "0x800410 0x800440" %nul1% && set wmifailed=1& :: https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-error-constants
|
|
if defined wmifailed (
|
|
set error=1
|
|
call :dk_color %Red% "Checking WMI [Not Working]"
|
|
call :dk_color %Blue% "Go back to Main Menu, select Troubleshoot and run Fix WMI option."
|
|
set showfix=1
|
|
)
|
|
|
|
|
|
if not defined officeact (
|
|
if %winbuild% GEQ 10240 (
|
|
%nul% set /a "sum=%slcSKU%+%regSKU%+%wmiSKU%"
|
|
set /a "sum/=3"
|
|
if not "!sum!"=="%slcSKU%" (
|
|
call :dk_color %Gray% "Checking SLC/WMI/REG SKU [Difference Found - SLC:%slcSKU% WMI:%wmiSKU% Reg:%regSKU%]"
|
|
)
|
|
) else (
|
|
%nul% set /a "sum=%slcSKU%+%wmiSKU%"
|
|
set /a "sum/=2"
|
|
if not "!sum!"=="%slcSKU%" (
|
|
call :dk_color %Gray% "Checking SLC/WMI SKU [Difference Found - SLC:%slcSKU% WMI:%wmiSKU%]"
|
|
)
|
|
)
|
|
)
|
|
|
|
reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed" %nul% && (
|
|
set error=1
|
|
set showfix=1
|
|
call :dk_color2 %Red% "Checking Rearm " %Blue% "[System Restart Is Required]"
|
|
)
|
|
|
|
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState" %nul% && (
|
|
set error=1
|
|
set showfix=1
|
|
call :dk_color2 %Red% "Checking ClipSVC " %Blue% "[System Restart Is Required]"
|
|
)
|
|
|
|
|
|
:: This "WLMS" service was included in previous Eval editions (which were activable) to automatically shut down the system every hour after the evaluation period expired and prevent SPPSVC from stopping.
|
|
|
|
if exist "%SysPath%\wlms\wlms.exe" (
|
|
sc query wlms | find /i "RUNNING" %nul% && (
|
|
echo Checking Eval WLMS Service [Found]
|
|
)
|
|
)
|
|
|
|
|
|
reg query "HKU\S-1-5-20" %nul% && (
|
|
if %winbuild% GEQ 15063 reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" %nul% || (
|
|
set error=1
|
|
call :dk_color %Red% "Checking S-1-5-20 SPP Reg [Not Found]"
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
)
|
|
) || (
|
|
set error=1
|
|
call :dk_color %Red% "Checking HKU\S-1-5-20 Reg [Not Found]"
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
)
|
|
|
|
|
|
for %%# in (SppEx%w%tComObj.exe sppsvc.exe) do (
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ima%w%ge File Execu%w%tion Options\%%#" %nul% && (if defined _sppint (set "_sppint=!_sppint!, %%#") else (set "_sppint=%%#"))
|
|
)
|
|
if defined _sppint (
|
|
echo Checking SPP Interference In IFEO [%_sppint%]
|
|
)
|
|
|
|
|
|
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" %nul6%') do if /i %%b NEQ 0x0 (
|
|
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" /t REG_DWORD /d "0" /f %nul%
|
|
call :dk_color %Red% "Checking SkipRearm [Default 0 Value Not Found. Changing To 0]"
|
|
%psc% "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 10 | Out-Null"
|
|
set error=1
|
|
)
|
|
|
|
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d %nul% || (
|
|
call :dk_color %Red% "Checking SPP Registry Key [Incorrect ModuleId Found]"
|
|
set fixes=%fixes% %mas%issues_due_to_gaming_spoofers
|
|
call :dk_color2 %Blue% "Possibly Caused By Gaming Spoofers. Help - " %_Yellow% " %mas%issues_due_to_gaming_spoofers"
|
|
set error=1
|
|
set showfix=1
|
|
)
|
|
|
|
|
|
set tokenstore=
|
|
for /f "skip=2 tokens=2*" %%a in ('reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore %nul6%') do call set "tokenstore=%%b"
|
|
if %winbuild% LSS 9200 set "tokenstore=%Systemdrive%\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform"
|
|
if %winbuild% GEQ 9200 if /i not "%tokenstore%"=="%SysPath%\spp\store" if /i not "%tokenstore%"=="%SysPath%\spp\store\2.0" if /i not "%tokenstore%"=="%SysPath%\spp\store_test\2.0" (
|
|
set toerr=1
|
|
set error=1
|
|
set showfix=1
|
|
call :dk_color %Red% "Checking TokenStore Registry Key [Correct Path Not Found] [%tokenstore%]"
|
|
set fixes=%fixes% %mas%troubleshoot
|
|
call :dk_color2 %Blue% "Help - " %_Yellow% " %mas%troubleshoot"
|
|
)
|
|
|
|
|
|
:: This code creates token folder only if it's missing and sets default permission for it
|
|
|
|
if not defined toerr if not exist "%tokenstore%\" (
|
|
mkdir "%tokenstore%" %nul%
|
|
if %winbuild% LSS 9200 set "d=$sddl = 'O:NSG:NSD:AI(A;OICIID;FA;;;SY)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;NS)';"
|
|
if %winbuild% GEQ 9200 set "d=$sddl = 'O:BAG:BAD:PAI(A;OICI;FA;;;SY)(A;OICI;FA;;;BA)(A;OICIIO;GR;;;BU)(A;;FR;;;BU)(A;OICI;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)';"
|
|
set "d=!d! $AclObject = New-Object System.Security.AccessControl.DirectorySecurity;"
|
|
set "d=!d! $AclObject.SetSecurityDescriptorSddlForm($sddl);"
|
|
set "d=!d! Set-Acl -Path %tokenstore% -AclObject $AclObject;"
|
|
%psc% "!d!" %nul%
|
|
if exist "%tokenstore%\" (
|
|
call :dk_color %Gray% "Checking SPP Token Folder [Not Found. Created Now] [%tokenstore%\]"
|
|
) else (
|
|
call :dk_color %Red% "Checking SPP Token Folder [Not Found. Failed To Create] [%tokenstore%\]"
|
|
set error=1
|
|
)
|
|
)
|
|
|
|
|
|
call :dk_actid 55c92734-d682-4d71-983e-d6ec3f16059f
|
|
if not defined apps (
|
|
%psc% "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 10 | Out-Null; $sls = Get-WmiObject SoftwareLicensingService; $f=[io.file]::ReadAllText('!_batp!') -split ':xrm\:.*';iex ($f[1]); ReinstallLicenses" %nul%
|
|
call :dk_actid 55c92734-d682-4d71-983e-d6ec3f16059f
|
|
if not defined apps (
|
|
set "_notfoundids=Key Not Installed / Act ID Not Found"
|
|
call :dk_actids 55c92734-d682-4d71-983e-d6ec3f16059f
|
|
if not defined allapps (
|
|
set "_notfoundids=Not found"
|
|
)
|
|
set error=1
|
|
call :dk_color %Red% "Checking Activation IDs [!_notfoundids!]"
|
|
)
|
|
)
|
|
|
|
|
|
if exist "%tokenstore%\" if not exist "%tokenstore%\tokens.dat" (
|
|
set error=1
|
|
call :dk_color %Red% "Checking SPP tokens.dat [Not Found] [%tokenstore%\]"
|
|
)
|
|
|
|
|
|
if %winbuild% GEQ 9200 if not exist "%SystemRoot%\Servicing\Packages\Microsoft-Windows-*EvalEdition~*.mum" (
|
|
for /f "delims=" %%a in ('%psc% "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" %nul6%') do (set taskinfo=%%a)
|
|
echo !taskinfo! | find /i "Ready" %nul% || (
|
|
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f %nul%
|
|
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask" %nul% || set taskinfo=Removed
|
|
call :dk_color %Red% "Checking SvcRestartTask Status [!taskinfo!]"
|
|
)
|
|
)
|
|
|
|
|
|
:: This code checks if NT SERVICE\sppsvc has permission access to tokens folder and required registry keys. It's often caused by gaming spoofers.
|
|
|
|
set permerror=
|
|
if not exist "%tokenstore%\" set permerror=1
|
|
if %winbuild% GEQ 9200 for %%# in (
|
|
"%tokenstore%+FullControl"
|
|
"HKLM:\SYSTEM\WPA+QueryValues, EnumerateSubKeys, WriteKey"
|
|
"HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform+SetValue"
|
|
) do for /f "tokens=1,2 delims=+" %%A in (%%#) do if not defined permerror (
|
|
%psc% "$acl = (Get-Acl '%%A' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow %%B') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}" %nul%
|
|
if !errorlevel!==2 set permerror=1
|
|
)
|
|
|
|
if %winbuild% GEQ 9200 if defined permerror (
|
|
set error=1
|
|
call :dk_color %Red% "Checking SPP Permissions [Error Found]"
|
|
if not defined showfix call :dk_color %Blue% "%_fixmsg%"
|
|
set showfix=1
|
|
)
|
|
|
|
|
|
:: If required services are not disabled or corrupted + if there is any error + SoftwareLicensingService errorlevel is not Zero + no fix was shown before
|
|
|
|
if not defined serv_cor if not defined serv_cste if defined error if /i not %error_code%==0 if not defined showfix (
|
|
if not defined permerror if defined wpaerror (call :dk_color %Blue% "Go back to Main Menu, select Troubleshoot and run Fix WPA Registry option." & set showfix=1)
|
|
if not defined showfix (
|
|
set showfix=1
|
|
call :dk_color %Blue% "%_fixmsg%"
|
|
if not defined permerror call :dk_color %Blue% "If activation still fails then run Fix WPA Registry option."
|
|
)
|
|
)
|
|
|
|
if not defined showfix if defined wpaerror (
|
|
set showfix=1
|
|
call :dk_color %Blue% "If activation fails then go back to Main Menu, select Troubleshoot and run Fix WPA Registry option."
|
|
)
|
|
|
|
exit /b
|
|
|
|
:: This code checks for invalid registry keys in HKLM\SYSTEM\WPA. This issue may appear even on healthy systems
|
|
|
|
:wpatest:
|
|
$wpaKey = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $env:COMPUTERNAME).OpenSubKey("SYSTEM\\WPA")
|
|
$count = 0
|
|
foreach ($subkeyName in $wpaKey.GetSubKeyNames()) {
|
|
if ($subkeyName -match '.*-.*-.*-.*-.*-') {
|
|
$count++
|
|
}
|
|
}
|
|
$osVersion = [System.Environment]::OSVersion.Version
|
|
$minBuildNumber = 14393
|
|
if ($osVersion.Build -ge $minBuildNumber) {
|
|
$subkeyHashTable = @{}
|
|
foreach ($subkeyName in $wpaKey.GetSubKeyNames()) {
|
|
if ($subkeyName -match '.*-.*-.*-.*-.*-') {
|
|
$keyNumber = $subkeyName -replace '.*-', ''
|
|
$subkeyHashTable[$keyNumber] = $true
|
|
}
|
|
}
|
|
for ($i=1; $i -le $count; $i++) {
|
|
if (-not $subkeyHashTable.ContainsKey("$i")) {
|
|
Write-Output "Total Keys $count. Error Found- $i key does not exist"
|
|
$wpaKey.Close()
|
|
exit
|
|
}
|
|
}
|
|
}
|
|
$wpaKey.GetSubKeyNames() | ForEach-Object {
|
|
if ($_ -match '.*-.*-.*-.*-.*-') {
|
|
if ($PSVersionTable.PSVersion.Major -lt 3) {
|
|
cmd /c "reg query "HKLM\SYSTEM\WPA\$_" /ve /t REG_BINARY >nul 2>&1"
|
|
if ($LASTEXITCODE -ne 0) {
|
|
Write-Host "Total Keys $count. Error Found- Binary Data is corrupt"
|
|
$wpaKey.Close()
|
|
exit
|
|
}
|
|
} else {
|
|
$subkey = $wpaKey.OpenSubKey($_)
|
|
$p = $subkey.GetValueNames()
|
|
if (($p | Where-Object { $subkey.GetValueKind($_) -eq [Microsoft.Win32.RegistryValueKind]::Binary }).Count -eq 0) {
|
|
Write-Host "Total Keys $count. Error Found- Binary Data is corrupt"
|
|
$wpaKey.Close()
|
|
exit
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$count
|
|
$wpaKey.Close()
|
|
:wpatest:
|
|
|
|
::========================================================================================================================================
|
|
|
|
:dk_color
|
|
|
|
if %_NCS% EQU 1 (
|
|
echo %esc%[%~1%~2%esc%[0m
|
|
) else (
|
|
%psc% write-host -back '%1' -fore '%2' '%3'
|
|
)
|
|
exit /b
|
|
|
|
:dk_color2
|
|
|
|
if %_NCS% EQU 1 (
|
|
echo %esc%[%~1%~2%esc%[%~3%~4%esc%[0m
|
|
) else (
|
|
%psc% write-host -back '%1' -fore '%2' '%3' -NoNewline; write-host -back '%4' -fore '%5' '%6'
|
|
)
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:dk_done
|
|
|
|
echo:
|
|
if %_unattended%==1 timeout /t 2 & exit /b
|
|
|
|
if defined fixes (
|
|
call :dk_color2 %Blue% "Press [1] To Open Troubleshoot Page " %Gray% " Press [0] To Ignore"
|
|
choice /C:10 /N
|
|
if !errorlevel!==1 (for %%# in (%fixes%) do (start %%#))
|
|
)
|
|
|
|
if defined terminal (
|
|
call :dk_color %_Yellow% "Press 0 key to %_exitmsg%..."
|
|
choice /c 0 /n
|
|
) else (
|
|
call :dk_color %_Yellow% "Press any key to %_exitmsg%..."
|
|
pause %nul1%
|
|
)
|
|
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: 1st column = Office version number
|
|
:: 2nd column = Activation ID
|
|
:: 3rd column = Generic key. Preference is given in this order, Retail:TB:Sub > Retail > OEM:NONSLP > Volume:MAK > Volume:GVLK
|
|
:: 4th column = Last part of license description
|
|
:: 5th column = Edition
|
|
:: Separator = "_"
|
|
|
|
:ohookdata
|
|
|
|
set f=
|
|
for %%# in (
|
|
:: Office 2013
|
|
15_ab4d047b-97cf-4126-a69f-34df08e2f254_B7RFY-7NXPK-Q4342-Y9X2H-3J%f%X4X_Retail________AccessRetail
|
|
15_4374022d-56b8-48c1-9bb7-d8f2fc726343_9MF9G-CN32B-HV7XT-9XJ8T-9K%f%VF4_MAK___________AccessVolume
|
|
15_1b1d9bd5-12ea-4063-964c-16e7e87d6e08_NT889-MBH4X-8MD4H-X8R2D-WQ%f%HF8_Retail________ExcelRetail
|
|
15_ac1ae7fd-b949-4e04-a330-849bc40638cf_Y3N36-YCHDK-XYWBG-KYQVV-BD%f%TJ2_MAK___________ExcelVolume
|
|
15_cfaf5356-49e3-48a8-ab3c-e729ab791250_BMK4W-6N88B-BP9QR-PHFCK-MG%f%7GF_Retail________GrooveRetail
|
|
15_4825ac28-ce41-45a7-9e6e-1fed74057601_RN84D-7HCWY-FTCBK-JMXWM-HT%f%7GJ_MAK___________GrooveVolume
|
|
15_c02fb62e-1cd5-4e18-ba25-e0480467ffaa_2WQNF-GBK4B-XVG6F-BBMX7-M4%f%F2Y_OEM-Perp______HomeBusinessPipcRetail
|
|
15_a2b90e7a-a797-4713-af90-f0becf52a1dd_YWD4R-CNKVT-VG8VJ-9333B-RC%f%W9F_Subscription__HomeBusinessRetail
|
|
15_f2de350d-3028-410a-bfae-283e00b44d0e_6WW3N-BDGM9-PCCHD-9QPP9-P3%f%4QG_Subscription__HomeStudentRetail
|
|
15_44984381-406e-4a35-b1c3-e54f499556e2_RV7NQ-HY3WW-7CKWH-QTVMW-29%f%VHC_Retail________InfoPathRetail
|
|
15_9e016989-4007-42a6-8051-64eb97110cf2_C4TGN-QQW6Y-FYKXC-6WJW7-X7%f%3VG_MAK___________InfoPathVolume
|
|
15_9103f3ce-1084-447a-827e-d6097f68c895_6MDN4-WF3FV-4WH3Q-W699V-RG%f%CMY_PrepidBypass__LyncAcademicRetail
|
|
15_ff693bf4-0276-4ddb-bb42-74ef1a0c9f4d_N42BF-CBY9F-W2C7R-X397X-DY%f%FQW_PrepidBypass__LyncEntryRetail
|
|
15_fada6658-bfc6-4c4e-825a-59a89822cda8_89P23-2NK2R-JXM2M-3Q8R8-BW%f%M3Y_Retail________LyncRetail
|
|
15_e1264e10-afaf-4439-a98b-256df8bb156f_3WKCD-RN489-4M7XJ-GJ2GQ-YB%f%FQ6_MAK___________LyncVolume
|
|
15_69ec9152-153b-471a-bf35-77ec88683eae_VNWHF-FKFBW-Q2RGD-HYHWF-R3%f%HH2_Subscription__MondoRetail
|
|
15_f33485a0-310b-4b72-9a0e-b1d605510dbd_2YNYQ-FQMVG-CB8KW-6XKYD-M7%f%RRJ_MAK___________MondoVolume
|
|
15_3391e125-f6e4-4b1e-899c-a25e6092d40d_4TGWV-6N9P6-G2H8Y-2HWKB-B4%f%FF4_Bypass________OneNoteFreeRetail
|
|
15_8b524bcc-67ea-4876-a509-45e46f6347e8_3KXXQ-PVN2C-8P7YY-HCV88-GV%f%GQ6_Retail________OneNoteRetail
|
|
15_b067e965-7521-455b-b9f7-c740204578a2_JDMWF-NJC7B-HRCHY-WFT8G-BP%f%XD9_MAK___________OneNoteVolume
|
|
15_12004b48-e6c8-4ffa-ad5a-ac8d4467765a_9N4RQ-CF8R2-HBVCB-J3C9V-94%f%P4D_Retail________OutlookRetail
|
|
15_8d577c50-ae5e-47fd-a240-24986f73d503_HNG29-GGWRG-RFC8C-JTFP4-2J%f%9FH_MAK___________OutlookVolume
|
|
15_5aab8561-1686-43f7-9ff5-2c861da58d17_9CYB3-NFMRW-YFDG6-XC7TF-BY%f%36J_OEM-Perp______PersonalPipcRetail
|
|
15_17e9df2d-ed91-4382-904b-4fed6a12caf0_2NCQJ-MFRMH-TXV83-J7V4C-RV%f%RWC_Retail________PersonalRetail
|
|
15_31743b82-bfbc-44b6-aa12-85d42e644d5b_HVMN2-KPHQH-DVQMK-7B3CM-FG%f%BFC_Retail________PowerPointRetail
|
|
15_e40dcb44-1d5c-4085-8e8f-943f33c4f004_47DKN-HPJP7-RF9M3-VCYT2-TM%f%Q4G_MAK___________PowerPointVolume
|
|
15_064383fa-1538-491c-859b-0ecab169a0ab_N3QMM-GKDT3-JQGX6-7X3MQ-4G%f%BG3_Retail________ProPlusRetail
|
|
15_2b88c4f2-ea8f-43cd-805e-4d41346e18a7_QKHNX-M9GGH-T3QMW-YPK4Q-QR%f%P9V_MAK___________ProPlusVolume
|
|
15_4e26cac1-e15a-4467-9069-cb47b67fe191_CF9DD-6CNW2-BJWJQ-CVCFX-Y7%f%TXD_OEM-Perp______ProfessionalPipcRetail
|
|
15_44bc70e2-fb83-4b09-9082-e5557e0c2ede_MBQBN-CQPT6-PXRMC-TYJFR-3C%f%8MY_Retail________ProfessionalRetail
|
|
15_2f72340c-b555-418d-8b46-355944fe66b8_WPY8N-PDPY4-FC7TF-KMP7P-KW%f%YFY_Subscription__ProjectProRetail
|
|
15_ed34dc89-1c27-4ecd-8b2f-63d0f4cedc32_WFCT2-NBFQ7-JD7VV-MFJX6-6F%f%2CM_MAK___________ProjectProVolume
|
|
15_58d95b09-6af6-453d-a976-8ef0ae0316b1_NTHQT-VKK6W-BRB87-HV346-Y9%f%6W8_Subscription__ProjectStdRetail
|
|
15_2b9e4a37-6230-4b42-bee2-e25ce86c8c7a_3CNQX-T34TY-99RH4-C4YD2-KW%f%YGV_MAK___________ProjectStdVolume
|
|
15_c3a0814a-70a4-471f-af37-2313a6331111_TWNCJ-YR84W-X7PPF-6DPRP-D6%f%7VC_Retail________PublisherRetail
|
|
15_38ea49f6-ad1d-43f1-9888-99a35d7c9409_DJPHV-NCJV6-GWPT6-K26JX-C7%f%GX6_MAK___________PublisherVolume
|
|
15_ba3e3833-6a7e-445a-89d0-7802a9a68588_3NY6J-WHT3F-47BDV-JHF36-23%f%43W_PrepidBypass__SPDRetail
|
|
15_32255c0a-16b4-4ce2-b388-8a4267e219eb_V6VWN-KC2HR-YYDD6-9V7HQ-7T%f%7VP_Retail________StandardRetail
|
|
15_a24cca51-3d54-4c41-8a76-4031f5338cb2_9TN6B-PCYH4-MCVDQ-KT83C-TM%f%Q7T_MAK___________StandardVolume
|
|
15_a56a3b37-3a35-4bbb-a036-eee5f1898eee_NVK2G-2MY4G-7JX2P-7D6F2-VF%f%QBR_Subscription__VisioProRetail
|
|
15_3e4294dd-a765-49bc-8dbd-cf8b62a4bd3d_YN7CF-XRH6R-CGKRY-GKPV3-BG%f%7WF_MAK___________VisioProVolume
|
|
15_980f9e3e-f5a8-41c8-8596-61404addf677_NCRB7-VP48F-43FYY-62P3R-36%f%7WK_Subscription__VisioStdRetail
|
|
15_44a1f6ff-0876-4edb-9169-dbb43101ee89_RX63Y-4NFK2-XTYC8-C6B3W-YP%f%XPJ_MAK___________VisioStdVolume
|
|
15_191509f2-6977-456f-ab30-cf0492b1e93a_NB77V-RPFQ6-PMMKQ-T87DV-M4%f%D84_Retail________WordRetail
|
|
15_9cedef15-be37-4ff0-a08a-13a045540641_RPHPB-Y7NC4-3VYFM-DW7VD-G8%f%YJ8_MAK___________WordVolume
|
|
:: Office 365 - 15.0 version
|
|
15_6337137e-7c07-4197-8986-bece6a76fc33_2P3C9-BQNJH-VCVPH-YDY6M-43%f%JPQ_Subscription__O365BusinessRetail
|
|
15_537ea5b5-7d50-4876-bd38-a53a77caca32_J2W28-TN9C8-26PWV-F7J4G-72%f%XCB_Subscription1_O365HomePremRetail
|
|
15_149dbce7-a48e-44db-8364-a53386cd4580_2N382-D6PKK-QTX4D-2JJYK-M9%f%6P2_Subscription1_O365ProPlusRetail
|
|
15_bacd4614-5bef-4a5e-bafc-de4c788037a2_HN8JP-87TQJ-PBF3P-Y66KC-W2%f%K9V_Subscription1_O365SmallBusPremRetail
|
|
:: Office 365 - 16.0 version
|
|
16_6337137e-7c07-4197-8986-bece6a76fc33_2P3C9-BQNJH-VCVPH-YDY6M-43%f%JPQ_Subscription__O365BusinessRetail
|
|
16_2f5c71b4-5b7a-4005-bb68-f9fac26f2ea3_W62NQ-267QR-RTF74-PF2MH-JQ%f%MTH_Subscription__O365EduCloudRetail
|
|
16_537ea5b5-7d50-4876-bd38-a53a77caca32_J2W28-TN9C8-26PWV-F7J4G-72%f%XCB_Subscription1_O365HomePremRetail
|
|
16_149dbce7-a48e-44db-8364-a53386cd4580_2N382-D6PKK-QTX4D-2JJYK-M9%f%6P2_Subscription1_O365ProPlusRetail
|
|
16_bacd4614-5bef-4a5e-bafc-de4c788037a2_HN8JP-87TQJ-PBF3P-Y66KC-W2%f%K9V_Subscription1_O365SmallBusPremRetail
|
|
:: Office 2016
|
|
16_bfa358b0-98f1-4125-842e-585fa13032e6_WHK4N-YQGHB-XWXCC-G3HYC-6J%f%F94_Retail________AccessRetail
|
|
16_9d9faf9e-d345-4b49-afce-68cb0a539c7c_RNB7V-P48F4-3FYY6-2P3R3-63%f%BQV_PrepidBypass__AccessRuntimeRetail
|
|
16_3b2fa33f-cd5a-43a5-bd95-f49f3f546b0b_JJ2Y4-N8KM3-Y8KY3-Y22FR-R3%f%KVK_MAK___________AccessVolume
|
|
16_424d52ff-7ad2-4bc7-8ac6-748d767b455d_RKJBN-VWTM2-BDKXX-RKQFD-JT%f%YQ2_Retail________ExcelRetail
|
|
16_685062a7-6024-42e7-8c5f-6bb9e63e697f_FVGNR-X82B2-6PRJM-YT4W7-8H%f%V36_MAK___________ExcelVolume
|
|
16_c02fb62e-1cd5-4e18-ba25-e0480467ffaa_2WQNF-GBK4B-XVG6F-BBMX7-M4%f%F2Y_OEM-Perp______HomeBusinessPipcRetail
|
|
16_86834d00-7896-4a38-8fae-32f20b86fa2b_HM6FM-NVF78-KV9PM-F36B8-D9%f%MXD_Retail________HomeBusinessRetail
|
|
16_c28acdb8-d8b3-4199-baa4-024d09e97c99_PNPRV-F2627-Q8JVC-3DGR9-WT%f%YRK_Retail________HomeStudentRetail
|
|
16_e2127526-b60c-43e0-bed1-3c9dc3d5a468_YWD4R-CNKVT-VG8VJ-9333B-RC%f%3B8_Retail________HomeStudentVNextRetail
|
|
16_69ec9152-153b-471a-bf35-77ec88683eae_VNWHF-FKFBW-Q2RGD-HYHWF-R3%f%HH2_Subscription__MondoRetail
|
|
16_2cd0ea7e-749f-4288-a05e-567c573b2a6c_FMTQQ-84NR8-2744R-MXF4P-PG%f%YR3_MAK___________MondoVolume
|
|
16_436366de-5579-4f24-96db-3893e4400030_XYNTG-R96FY-369HX-YFPHY-F9%f%CPM_Bypass________OneNoteFreeRetail
|
|
16_83ac4dd9-1b93-40ed-aa55-ede25bb6af38_FXF6F-CNC26-W643C-K6KB7-6X%f%XW3_Retail________OneNoteRetail
|
|
16_23b672da-a456-4860-a8f3-e062a501d7e8_9TYVN-D76HK-BVMWT-Y7G88-9T%f%PPV_MAK___________OneNoteVolume
|
|
16_5a670809-0983-4c2d-8aad-d3c2c5b7d5d1_7N4KG-P2QDH-86V9C-DJFVF-36%f%9W9_Retail________OutlookRetail
|
|
16_50059979-ac6f-4458-9e79-710bcb41721a_7QPNR-3HFDG-YP6T9-JQCKQ-KK%f%XXC_MAK___________OutlookVolume
|
|
16_5aab8561-1686-43f7-9ff5-2c861da58d17_9CYB3-NFMRW-YFDG6-XC7TF-BY%f%36J_OEM-Perp______PersonalPipcRetail
|
|
16_a9f645a1-0d6a-4978-926a-abcb363b72a6_FT7VF-XBN92-HPDJV-RHMBY-6V%f%KBF_Retail________PersonalRetail
|
|
16_f32d1284-0792-49da-9ac6-deb2bc9c80b6_N7GCB-WQT7K-QRHWG-TTPYD-7T%f%9XF_Retail________PowerPointRetail
|
|
16_9b4060c9-a7f5-4a66-b732-faf248b7240f_X3RT9-NDG64-VMK2M-KQ6XY-DP%f%FGV_MAK___________PowerPointVolume
|
|
16_de52bd50-9564-4adc-8fcb-a345c17f84f9_GM43N-F742Q-6JDDK-M622J-J8%f%GDV_Retail________ProPlusRetail
|
|
16_c47456e3-265d-47b6-8ca0-c30abbd0ca36_FNVK8-8DVCJ-F7X3J-KGVQB-RC%f%2QY_MAK___________ProPlusVolume
|
|
16_4e26cac1-e15a-4467-9069-cb47b67fe191_CF9DD-6CNW2-BJWJQ-CVCFX-Y7%f%TXD_OEM-Perp______ProfessionalPipcRetail
|
|
16_d64edc00-7453-4301-8428-197343fafb16_NXFTK-YD9Y7-X9MMJ-9BWM6-J2%f%QVH_Retail________ProfessionalRetail
|
|
16_2f72340c-b555-418d-8b46-355944fe66b8_WPY8N-PDPY4-FC7TF-KMP7P-KW%f%YFY_Subscription__ProjectProRetail
|
|
16_82f502b5-b0b0-4349-bd2c-c560df85b248_PKC3N-8F99H-28MVY-J4RYY-CW%f%GDH_MAK___________ProjectProVolume
|
|
16_16728639-a9ab-4994-b6d8-f81051e69833_JBNPH-YF2F7-Q9Y29-86CTG-C9%f%YGV_MAKC2R________ProjectProXVolume
|
|
16_58d95b09-6af6-453d-a976-8ef0ae0316b1_NTHQT-VKK6W-BRB87-HV346-Y9%f%6W8_Subscription__ProjectStdRetail
|
|
16_82e6b314-2a62-4e51-9220-61358dd230e6_4TGWV-6N9P6-G2H8Y-2HWKB-B4%f%G93_MAK___________ProjectStdVolume
|
|
16_431058f0-c059-44c5-b9e7-ed2dd46b6789_N3W2Q-69MBT-27RD9-BH8V3-JT%f%2C8_MAKC2R________ProjectStdXVolume
|
|
16_6e0c1d99-c72e-4968-bcb7-ab79e03e201e_WKWND-X6G9G-CDMTV-CPGYJ-6M%f%VBF_Retail________PublisherRetail
|
|
16_fcc1757b-5d5f-486a-87cf-c4d6dedb6032_9QVN2-PXXRX-8V4W8-Q7926-TJ%f%GD8_MAK___________PublisherVolume
|
|
16_9103f3ce-1084-447a-827e-d6097f68c895_6MDN4-WF3FV-4WH3Q-W699V-RG%f%CMY_PrepidBypass__SkypeServiceBypassRetail
|
|
16_971cd368-f2e1-49c1-aedd-330909ce18b6_4N4D8-3J7Y3-YYW7C-73HD2-V8%f%RHY_PrepidBypass__SkypeforBusinessEntryRetail
|
|
16_418d2b9f-b491-4d7f-84f1-49e27cc66597_PBJ79-77NY4-VRGFG-Y8WYC-CK%f%CRC_Retail________SkypeforBusinessRetail
|
|
16_03ca3b9a-0869-4749-8988-3cbc9d9f51bb_DMTCJ-KNRKR-JV8TQ-V2CR2-VF%f%TFH_MAK___________SkypeforBusinessVolume
|
|
16_4a31c291-3a12-4c64-b8ab-cd79212be45e_2FPWN-4H6CM-KD8QQ-8HCHC-P9%f%XYW_Retail________StandardRetail
|
|
16_0ed94aac-2234-4309-ba29-74bdbb887083_WHGMQ-JNMGT-MDQVF-WDR69-KQ%f%BWC_MAK___________StandardVolume
|
|
16_a56a3b37-3a35-4bbb-a036-eee5f1898eee_NVK2G-2MY4G-7JX2P-7D6F2-VF%f%QBR_Subscription__VisioProRetail
|
|
16_295b2c03-4b1c-4221-b292-1411f468bd02_NRKT9-C8GP2-XDYXQ-YW72K-MG%f%92B_MAK___________VisioProVolume
|
|
16_0594dc12-8444-4912-936a-747ca742dbdb_G98Q2-B6N77-CFH9J-K824G-XQ%f%CC4_MAKC2R________VisioProXVolume
|
|
16_980f9e3e-f5a8-41c8-8596-61404addf677_NCRB7-VP48F-43FYY-62P3R-36%f%7WK_Subscription__VisioStdRetail
|
|
16_44151c2d-c398-471f-946f-7660542e3369_XNCJB-YY883-JRW64-DPXMX-JX%f%CR6_MAK___________VisioStdVolume
|
|
16_1d1c6879-39a3-47a5-9a6d-aceefa6a289d_B2HTN-JPH8C-J6Y6V-HCHKB-43%f%MGT_MAKC2R________VisioStdXVolume
|
|
16_cacaa1bf-da53-4c3b-9700-11738ef1c2a5_P8K82-NQ7GG-JKY8T-6VHVY-88%f%GGD_Retail________WordRetail
|
|
16_c3000759-551f-4f4a-bcac-a4b42cbf1de2_YHMWC-YN6V9-WJPXD-3WQKP-TM%f%VCV_MAK___________WordVolume
|
|
:: Office 2019
|
|
16_518687bd-dc55-45b9-8fa6-f918e1082e83_WRYJ6-G3NP7-7VH94-8X7KP-JB%f%7HC_Retail________Access2019Retail
|
|
16_385b91d6-9c2c-4a2e-86b5-f44d44a48c5f_6FWHX-NKYXK-BW34Q-7XC9F-Q9%f%PX7_MAK-AE________Access2019Volume
|
|
16_22e6b96c-1011-4cd5-8b35-3c8fb6366b86_FGQNJ-JWJCG-7Q8MG-RMRGJ-9T%f%QVF_PrepidBypass__AccessRuntime2019Retail
|
|
16_c201c2b7-02a1-41a8-b496-37c72910cd4a_KBPNW-64CMM-8KWCB-23F44-8B%f%7HM_Retail________Excel2019Retail
|
|
16_05cb4e1d-cc81-45d5-a769-f34b09b9b391_8NT4X-GQMCK-62X4P-TW6QP-YK%f%PYF_MAK-AE________Excel2019Volume
|
|
16_7fe09eef-5eed-4733-9a60-d7019df11cac_QBN2Y-9B284-9KW78-K48PB-R6%f%2YT_Retail________HomeBusiness2019Retail
|
|
16_4539aa2c-5c31-4d47-9139-543a868e5741_XNWPM-32XQC-Y7QJC-QGGBV-YY%f%7JK_Retail________HomeStudent2019Retail
|
|
16_20e359d5-927f-47c0-8a27-38adbdd27124_WR43D-NMWQQ-HCQR2-VKXDR-37%f%B7H_Retail________Outlook2019Retail
|
|
16_92a99ed8-2923-4cb7-a4c5-31da6b0b8cf3_RN3QB-GT6D7-YB3VH-F3RPB-3G%f%QYB_MAK-AE________Outlook2019Volume
|
|
16_2747b731-0f1f-413e-a92d-386ec1277dd8_NMBY8-V3CV7-BX6K6-2922Y-43%f%M7T_Retail________Personal2019Retail
|
|
16_7e63cc20-ba37-42a1-822d-d5f29f33a108_HN27K-JHJ8R-7T7KK-WJYC3-FM%f%7MM_Retail________PowerPoint2019Retail
|
|
16_13c2d7bf-f10d-42eb-9e93-abf846785434_29GNM-VM33V-WR23K-HG2DT-KT%f%QYR_MAK-AE________PowerPoint2019Volume
|
|
16_a3072b8f-adcc-4e75-8d62-fdeb9bdfae57_BN4XJ-R9DYY-96W48-YK8DM-MY%f%7PY_Retail________ProPlus2019Retail
|
|
16_6755c7a7-4dfe-46f5-bce8-427be8e9dc62_T8YBN-4YV3X-KK24Q-QXBD7-T3%f%C63_MAK-AE________ProPlus2019Volume
|
|
16_1717c1e0-47d3-4899-a6d3-1022db7415e0_9NXDK-MRY98-2VJV8-GF73J-TQ%f%9FK_Retail________Professional2019Retail
|
|
16_0d270ef7-5aaf-4370-a372-bc806b96adb7_JDTNC-PP77T-T9H2W-G4J2J-VH%f%8JK_Retail________ProjectPro2019Retail
|
|
16_d4ebadd6-401b-40d5-adf4-a5d4accd72d1_TBXBD-FNWKJ-WRHBD-KBPHH-XD%f%9F2_MAK-AE________ProjectPro2019Volume
|
|
16_bb7ffe5f-daf9-4b79-b107-453e1c8427b5_R3JNT-8PBDP-MTWCK-VD2V8-HM%f%KF9_Retail________ProjectStd2019Retail
|
|
16_fdaa3c03-dc27-4a8d-8cbf-c3d843a28ddc_RBRFX-MQNDJ-4XFHF-7QVDR-JH%f%XGC_MAK-AE________ProjectStd2019Volume
|
|
16_f053a7c7-f342-4ab8-9526-a1d6e5105823_4QC36-NW3YH-D2Y9D-RJPC7-VV%f%B9D_Retail________Publisher2019Retail
|
|
16_40055495-be00-444e-99cc-07446729b53e_K8F2D-NBM32-BF26V-YCKFJ-29%f%Y9W_MAK-AE________Publisher2019Volume
|
|
16_b639e55c-8f3e-47fe-9761-26c6a786ad6b_JBDKF-6NCD6-49K3G-2TV79-BK%f%P73_Retail________SkypeforBusiness2019Retail
|
|
16_15a430d4-5e3f-4e6d-8a0a-14bf3caee4c7_9MNQ7-YPQ3B-6WJXM-G83T3-CB%f%BDK_MAK-AE________SkypeforBusiness2019Volume
|
|
16_f88cfdec-94ce-4463-a969-037be92bc0e7_N9722-BV9H6-WTJTT-FPB93-97%f%8MK_PrepidBypass__SkypeforBusinessEntry2019Retail
|
|
16_fdfa34dd-a472-4b85-bee6-cf07bf0aaa1c_NDGVM-MD27H-2XHVC-KDDX2-YK%f%P74_Retail________Standard2019Retail
|
|
16_beb5065c-1872-409e-94e2-403bcfb6a878_NT3V6-XMBK7-Q66MF-VMKR4-FC%f%33M_MAK-AE________Standard2019Volume
|
|
16_a6f69d68-5590-4e02-80b9-e7233dff204e_2NWVW-QGF4T-9CPMB-WYDQ9-7X%f%P79_Retail________VisioPro2019Retail
|
|
16_f41abf81-f409-4b0d-889d-92b3e3d7d005_33YF4-GNCQ3-J6GDM-J67P3-FM%f%7QP_MAK-AE________VisioPro2019Volume
|
|
16_4a582021-18c2-489f-9b3d-5186de48f1cd_263WK-3N797-7R437-28BKG-3V%f%8M8_Retail________VisioStd2019Retail
|
|
16_933ed0e3-747d-48b0-9c2c-7ceb4c7e473d_BGNHX-QTPRJ-F9C9G-R8QQG-8T%f%27F_MAK-AE________VisioStd2019Volume
|
|
16_72cee1c2-3376-4377-9f25-4024b6baadf8_JXR8H-NJ3MK-X66W8-78CWD-QR%f%VR2_Retail________Word2019Retail
|
|
16_fe5fe9d5-3b06-4015-aa35-b146f85c4709_9F36R-PNVHH-3DXGQ-7CD2H-R9%f%D3V_MAK-AE________Word2019Volume
|
|
:: Office 2021
|
|
16_f634398e-af69-48c9-b256-477bea3078b5_P286B-N3XYP-36QRQ-29CMP-RV%f%X9M_Retail________Access2021Retail
|
|
16_ae17db74-16b0-430b-912f-4fe456e271db_JBH3N-P97FP-FRTJD-MGK2C-VF%f%WG6_MAK-AE________Access2021Volume
|
|
16_fb099c19-d48b-4a2f-a160-4383011060aa_V6QFB-7N7G9-PF7W9-M8FQM-MY%f%8G9_Retail________Excel2021Retail
|
|
16_9da1ecdb-3a62-4273-a234-bf6d43dc0778_WNYR4-KMR9H-KVC8W-7HJ8B-K7%f%9DQ_MAK-AE________Excel2021Volume
|
|
16_38b92b63-1dff-4be7-8483-2a839441a2bc_JM99N-4MMD8-DQCGJ-VMYFY-R6%f%3YK_Subscription__HomeBusiness2021Retail
|
|
16_2f258377-738f-48dd-9397-287e43079958_N3CWD-38XVH-KRX2Y-YRP74-6R%f%BB2_Subscription__HomeStudent2021Retail
|
|
16_279706f4-3a4b-4877-949b-f8c299cf0cc5_NB2TQ-3Y79C-77C6M-QMY7H-7Q%f%Y8P_Retail________OneNote2021Retail
|
|
16_ecea2cfa-d406-4a7f-be0d-c6163250d126_4NCWR-9V92Y-34VB2-RPTHR-YT%f%GR7_Retail________Outlook2021Retail
|
|
16_45bf67f9-0fc8-4335-8b09-9226cef8a576_JQ9MJ-QYN6B-67PX9-GYFVY-QJ%f%6TB_MAK-AE________Outlook2021Volume
|
|
16_8f89391e-eedb-429d-af90-9d36fbf94de6_RRRYB-DN749-GCPW4-9H6VK-HC%f%HPT_Retail________Personal2021Retail
|
|
16_c9bf5e86-f5e3-4ac6-8d52-e114a604d7bf_3KXXQ-PVN2C-8P7YY-HCV88-GV%f%M96_Retail1_______PowerPoint2021Retail
|
|
16_716f2434-41b6-4969-ab73-e61e593a3875_39G2N-3BD9C-C4XCM-BD4QG-FV%f%YDY_MAK-AE________PowerPoint2021Volume
|
|
16_c2f04adf-a5de-45c5-99a5-f5fddbda74a8_8WXTP-MN628-KY44G-VJWCK-C7%f%PCF_Retail________ProPlus2021Retail
|
|
16_3f180b30-9b05-4fe2-aa8d-0c1c4790f811_RNHJY-DTFXW-HW9F8-4982D-MD%f%2CW_MAK-AE1_______ProPlus2021Volume
|
|
16_96097a68-b5c5-4b19-8600-2e8d6841a0db_JRJNJ-33M7C-R73X3-P9XF7-R9%f%F6M_MAK-AE________ProPlusSPLA2021Volume
|
|
16_711e48a6-1a79-4b00-af10-73f4ca3aaac4_DJPHV-NCJV6-GWPT6-K26JX-C7%f%PBG_Retail________Professional2021Retail
|
|
16_3747d1d5-55a8-4bc3-b53d-19fff1913195_QKHNX-M9GGH-T3QMW-YPK4Q-QR%f%WMV_Retail________ProjectPro2021Retail
|
|
16_17739068-86c4-4924-8633-1e529abc7efc_HVC34-CVNPG-RVCMT-X2JRF-CR%f%7RK_MAK-AE1_______ProjectPro2021Volume
|
|
16_4ea64dca-227c-436b-813f-b6624be2d54c_2B96V-X9NJY-WFBRC-Q8MP2-7C%f%HRR_Retail________ProjectStd2021Retail
|
|
16_84313d1e-47c8-4e27-8ced-0476b7ee46c4_3CNQX-T34TY-99RH4-C4YD2-KW%f%6WH_MAK-AE________ProjectStd2021Volume
|
|
16_b769b746-53b1-4d89-8a68-41944dafe797_CDNFG-77T8D-VKQJX-B7KT3-KK%f%28V_Retail1_______Publisher2021Retail
|
|
16_a0234cfe-99bd-4586-a812-4f296323c760_2KXJH-3NHTW-RDBPX-QFRXJ-MT%f%GXF_MAK-AE________Publisher2021Volume
|
|
16_c3fb48b2-1fd4-4dc8-af39-819edf194288_DVBXN-HFT43-CVPRQ-J89TF-VM%f%MHG_Retail________SkypeforBusiness2021Retail
|
|
16_6029109c-ceb8-4ee5-b324-f8eb2981e99a_R3FCY-NHGC7-CBPVP-8Q934-YT%f%GXG_MAK-AE________SkypeforBusiness2021Volume
|
|
16_9e7e7b8e-a0e7-467b-9749-d0de82fb7297_HXNXB-J4JGM-TCF44-2X2CV-FJ%f%VVH_Retail________Standard2021Retail
|
|
16_223a60d8-9002-4a55-abac-593f5b66ca45_2CJN4-C9XK2-HFPQ6-YH498-82%f%TXH_MAK-AE________Standard2021Volume
|
|
16_b99ba8c4-e257-4b70-a31a-8bd308ce7073_BQWDW-NJ9YF-P7Y79-H6DCT-MK%f%Q9C_MAK-AE________StandardSPLA2021Volume
|
|
16_814014d3-c30b-4f63-a493-3708e0dc0ba8_T6P26-NJVBR-76BK8-WBCDY-TX%f%3BC_Retail________VisioPro2021Retail
|
|
16_c590605a-a08a-4cc7-8dc2-f1ffb3d06949_JNKBX-MH9P4-K8YYV-8CG2Y-VQ%f%2C8_MAK-AE________VisioPro2021Volume
|
|
16_16d43989-a5ef-47e2-9ff1-272784caee24_89NYY-KB93R-7X22F-93QDF-DJ%f%6YM_Retail________VisioStd2021Retail
|
|
16_d55f90ee-4ba2-4d02-b216-1300ee50e2af_BW43B-4PNFP-V637F-23TR2-J4%f%7TX_MAK-AE________VisioStd2021Volume
|
|
16_fb33d997-4aa3-494e-8b58-03e9ab0f181d_VNCC4-CJQVK-BKX34-77Y8H-CY%f%XMR_Retail________Word2021Retail
|
|
16_0c728382-95fb-4a55-8f12-62e605f91727_BJG97-NW3GM-8QQQ7-FH76G-68%f%6XM_MAK-AE________Word2021Volume
|
|
:: Office 2024
|
|
16_8fdb1f1e-663f-4f2e-8fdb-7c35aee7d5ea_GNXWX-DF797-B2JT3-82W27-KH%f%PXT_MAK-AE________ProPlus2024Volume-Preview
|
|
16_33b11b14-91fd-4f7b-b704-e64a055cf601_X86XX-N3QMW-B4WGQ-QCB69-V2%f%6KW_MAK-AE________ProjectPro2024Volume-Preview
|
|
16_eb074198-7384-4bdd-8e6c-c3342dac8435_DW99Y-H7NT6-6B29D-8JQ8F-R3%f%QT7_MAK-AE________VisioPro2024Volume-Preview
|
|
16_e563d108-7b0e-418a-8390-20e1d133d6bb_P6NMW-JMTRC-R6MQ6-HH3F2-BT%f%HKB_Retail________Access2024Retail
|
|
16_f748e2f7-5951-4bc2-8a06-5a1fbe42f5f4_CXNJT-98HPP-92HX7-MX6GY-2P%f%VFR_MAK-AE________Access2024Volume
|
|
16_f3a5e86a-e4f8-4d88-8220-1440c3bbcefa_82CNJ-W82TW-BY23W-BVJ6W-W4%f%8GP_Retail________Excel2024Retail
|
|
16_523fbbab-c290-460d-a6c9-48e49709cb8e_7Y287-9N2KC-8MRR3-BKY82-2D%f%QRV_MAK-AE________Excel2024Volume
|
|
16_885f83e0-5e18-4199-b8be-56697d0debfb_N69X7-73KPT-899FD-P8HQ4-QG%f%TP4_Retail________Home2024Retail
|
|
16_acd4eccb-ff89-4e6a-9350-d2d56276ec69_PRKQM-YNPQR-77QT6-328D7-BD%f%223_Retail________HomeBusiness2024Retail
|
|
16_6f5fd645-7119-44a4-91b4-eccfeeb738bf_2CFK4-N44KG-7XG89-CWDG6-P7%f%P27_Retail________Outlook2024Retail
|
|
16_9a1e1bac-2d8b-4890-832f-0a68b27c16e0_NQPXP-WVB87-H3MMB-FYBW2-9Q%f%FPB_MAK-AE________Outlook2024Volume
|
|
16_da9a57ae-81a8-4cb3-b764-5840e6b5d0bf_CT2KT-GTNWH-9HFGW-J2PWJ-XW%f%7KJ_Retail________PowerPoint2024Retail
|
|
16_eca0d8a6-e21b-4622-9a87-a7103ff14012_RRXFN-JJ26R-RVWD2-V7WMP-27%f%PWQ_MAK-AE________PowerPoint2024Volume
|
|
16_295dcc21-151a-4b4d-8f50-2b627ea197f6_GNJ6P-Y4RBM-C32WW-2VJKJ-MT%f%HKK_Retail________ProjectPro2024Retail
|
|
16_2141d341-41aa-4e45-9ca1-201e117d6495_WNFMR-HK4R7-7FJVM-VQ3JC-76%f%HF6_MAK-AE1_______ProjectPro2024Volume
|
|
16_ead42f74-817d-45b4-af6b-3beeb36ba650_C2PNM-2GQFC-CY3XR-WXCP4-GX%f%3XM_Retail________ProjectStd2024Retail
|
|
16_4b6d9b9b-c16e-429d-babe-8bb84c3c27d6_F2VNW-MW8TT-K622Q-4D96H-PW%f%J8X_MAK-AE________ProjectStd2024Volume
|
|
16_db249714-bb54-4422-8c78-2cc8d4c4a19f_VWCNX-7FKBD-FHJYG-XBR4B-88%f%KC6_Retail________ProPlus2024Retail
|
|
16_d77244dc-2b82-4f0a-b8ae-1fca00b7f3e2_4YV2J-VNG7W-YGTP3-443TK-TF%f%8CP_MAK-AE1_______ProPlus2024Volume
|
|
16_3046a03e-2277-4a51-8ccd-a6609eae8c19_XKRBW-KN2FF-G8CKY-HXVG6-FV%f%Y2V_MAK-AE________SkypeforBusiness2024Volume
|
|
16_44a07f51-8263-4b2f-b2a5-70340055c646_GVG6N-6WCHH-K2MVP-RQ78V-3J%f%7GJ_MAK-AE1_______Standard2024Volume
|
|
16_282d8f34-1111-4a6f-80fe-c17f70dec567_HGRBX-N68QF-6DY8J-CGX4W-XW%f%7KP_Retail________VisioPro2024Retail
|
|
16_4c2f32bf-9d0b-4d8c-8ab1-b4c6a0b9992d_GBNHB-B2G3Q-G42YB-3MFC2-7C%f%JCX_MAK-AE________VisioPro2024Volume
|
|
16_8504167d-887a-41ae-bd1d-f849d834352d_VBXPJ-38NR3-C4DKF-C8RT7-RG%f%HKQ_Retail________VisioStd2024Retail
|
|
16_0978336b-5611-497c-9414-96effaff4938_YNFTY-63K7P-FKHXK-28YYT-D3%f%2XB_MAK-AE________VisioStd2024Volume
|
|
16_f6b24e61-6aa7-4fd2-ab9b-4046cee4230a_XN33R-RP676-GMY2F-T3MH7-GC%f%VKR_Retail________Word2024Retail
|
|
16_06142aa2-e935-49ca-af5d-08069a3d84f3_WD8CQ-6KNQM-8W2CX-2RT63-KK%f%3TP_MAK-AE________Word2024Volume
|
|
) do (
|
|
for /f "tokens=1-5 delims=_" %%A in ("%%#") do (
|
|
|
|
if %1==getinfo if not defined key (
|
|
if %oVer%==%%A if /i "%2"=="%%E" (
|
|
set key=%%C
|
|
set _actid=%%B
|
|
set _allactid=!_allactid! %%B
|
|
set _lic=%%D
|
|
if %oVer%==16 (echo "%%D" | find /i "Subscription" %nul% && set _sublic=1)
|
|
)
|
|
)
|
|
|
|
if %1==getmsiprod if %oVer%==%%A (
|
|
for /f "tokens=*" %%x in ('findstr /i /c:"%%B" "%_oBranding%"') do set "prodId=%%x"
|
|
set prodId=!prodId:"/>=!
|
|
set prodId=!prodId:~-4!
|
|
reg query "%2\Registration\{%%B}" /v ProductCode %nul2% | find /i "-!prodId!-" %nul% && (
|
|
reg query "%2\Common\InstalledPackages" %nul2% | find /i "-!prodId!-" %nul% && (
|
|
if defined _oIds (set _oIds=!_oIds! %%E) else (set _oIds=%%E)
|
|
)
|
|
)
|
|
)
|
|
|
|
if %1==findactivated if %oVer%==%%A (
|
|
echo "!_FsortIds!" | find /i "-%%E-" %nul% && (
|
|
set actiProds%oVer%=!actiProds%oVer%! -%%E-
|
|
)
|
|
)
|
|
|
|
)
|
|
)
|
|
exit /b
|
|
|
|
::========================================================================================================================================
|
|
|
|
:: This code is used to modify the timestamp value of sppc dll file in order to change checksums
|
|
:: It's done to lower the potential false positive detection by antivirus's. On each install, it will install a unique sppc dll file
|
|
|
|
:oh_extractdll
|
|
|
|
set b=
|
|
%psc% "$f=[io.file]::ReadAllText('!_batp!') -split ':%_hook%\:.*';$encoded = ($f[1]) -replace '-', 'A' -replace '_', 'a';$bytes = [Con%b%vert]::FromBas%b%e64String($encoded); $PePath='%1'; $offset='%2'; $m=[io.file]::ReadAllText('!_batp!') -split ':hexedit\:.*';iex ($m[1]);" %nul2% | find /i "Error found" %nul1% && set hasherror=1
|
|
exit /b
|
|
|
|
:hexedit:
|
|
# Use a MemoryStream to perform operations on the bytes
|
|
$MemoryStream = New-Object System.IO.MemoryStream
|
|
$Writer = New-Object System.IO.BinaryWriter($MemoryStream)
|
|
$Writer.Write($bytes)
|
|
|
|
# Define dynamic assembly, module, and type
|
|
$AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1)
|
|
$ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False)
|
|
$TypeBuilder = $ModuleBuilder.DefineType(0)
|
|
|
|
# Define P/Invoke method
|
|
[void]$TypeBuilder.DefinePInvokeMethod('MapFileAndCheckSum', 'imagehlp.dll', 'Public, Static', [Reflection.CallingConventions]::Standard, [int], @([string], [int].MakeByRefType(), [int].MakeByRefType()), [Runtime.InteropServices.CallingConvention]::Winapi, [Runtime.InteropServices.CharSet]::Auto)
|
|
|
|
# Create the type
|
|
$Imagehlp = $TypeBuilder.CreateType()
|
|
|
|
# Offset information
|
|
$timestampOffset = 136
|
|
$exportTimestampOffset = $offset
|
|
$checkSumOffset = 216
|
|
|
|
# Calculate timestamp
|
|
$currentTimestamp = [DateTime]::UtcNow
|
|
$unixTimestamp = [int]($currentTimestamp - (Get-Date -Year 1970 -Month 1 -Day 1 -Hour 0 -Minute 0 -Second 0)).TotalSeconds
|
|
|
|
# Change timestamps
|
|
$Writer.BaseStream.Position = $timestampOffset
|
|
$Writer.Write($unixTimestamp)
|
|
|
|
$Writer.BaseStream.Position = $exportTimestampOffset
|
|
$Writer.Write($unixTimestamp)
|
|
|
|
$Writer.Flush()
|
|
|
|
# Write the current state of the MemoryStream to a temporary file
|
|
$tempFilePath = [System.IO.Path]::Combine($env:windir, "Temp", [System.IO.Path]::GetRandomFileName())
|
|
[System.IO.File]::WriteAllBytes($tempFilePath, $MemoryStream.ToArray())
|
|
|
|
# Update hash using the temporary file
|
|
[int]$HeaderSum = 0
|
|
[int]$CheckSum = 0
|
|
[void]$Imagehlp::MapFileAndCheckSum($tempFilePath, [ref]$HeaderSum, [ref]$CheckSum)
|
|
|
|
# If the checksums don't match, update the checksum in the MemoryStream
|
|
if ($HeaderSum -ne $CheckSum) {
|
|
$Writer.BaseStream.Position = $checkSumOffset
|
|
$Writer.Write($CheckSum)
|
|
$Writer.Flush()
|
|
} else {
|
|
Write-host Error found
|
|
}
|
|
|
|
# Delete the temporary file
|
|
Remove-Item -Path $tempFilePath -Force
|
|
|
|
# Get the modified bytes
|
|
$modifiedBytes = $MemoryStream.ToArray()
|
|
|
|
# Write the modified bytes to the final file
|
|
[System.IO.File]::WriteAllBytes($PePath, $modifiedBytes)
|
|
|
|
[void]$Imagehlp::MapFileAndCheckSum($PePath, [ref]$HeaderSum, [ref]$CheckSum)
|
|
if ($HeaderSum -ne $CheckSum) {
|
|
Write-host Error found
|
|
}
|
|
|
|
$MemoryStream.Close()
|
|
:hexedit:
|
|
|
|
::========================================================================================================================================
|
|
::
|
|
:: This below blocks of text is encoded in base64 format
|
|
:: The blocks in labels "sppc32.dll" and "sppc64.dll" contains below files
|
|
::
|
|
:: 09865ea5993215965e8f27a74b8a41d15fd0f60f5f404cb7a8b3c7757acdab02 *sppc32.dll
|
|
:: 393a1fa26deb3663854e41f2b687c188a9eacd87b23f17ea09422c4715cb5a9f *sppc64.dll
|
|
::
|
|
:: The files are encoded in base64 to make AIO version.
|
|
::
|
|
:: mass grave[.]dev/ohook
|
|
:: Here you can find the files source code and info on how to rebuild the identical sppc.dll files
|
|
::
|
|
:: stackoverflow.com/a/35335273
|
|
:: Here you can check how to extract sppc.dll files from base64
|
|
::
|
|
:: For any further question, feel free to contact us on mass grave[.]dev/contactus
|
|
::
|
|
::========================================================================================================================================
|
|
|
|
:: Replace "-" with "A" and "_" with "a" before base64 conversion
|
|
:: It was changed to prevent antiviruses from detecting and flagging base64 encoding
|
|
|
|
:sppc32.dll:
|
|
TVqQ--M----E----//8--Lg---------Q-----------------------------------------------g-----4fug4-t-nNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g_W4gRE9TIG1vZGUuDQ0KJ---------BQRQ--T-EH-MDc0GQ----------O--
|
|
DiML-QIo--I----e--------RxE----Q----------C-_g-Q-----g--B-----E----G----------CQ----B---+dY---I-Q-E--C---B------E---E--------B------Q---jR----Bg---Y-Q---H---HgD-------------------------I---BQ---------
|
|
----------------------------------------------------------BsY---H------------------------------------C50ZXh0----c-E----Q-----g----Q------------------C---G-ucmRhdGE--Bg-----I-----I----G----------------
|
|
--B---B-LmVoX2ZyYW2------D-----C----C-------------------Q---QC5lZGF0YQ--jR----B-----Eg----o------------------E---E-u_WRhdGE--BgB----Y-----I----c------------------B---D-LnJzcmM---B4-w---H-----E----Hg--
|
|
----------------Q---wC5yZWxvYw--F-----C------g---CI------------------E---EI-----------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------FWJ5VZTjUXwg+wwx0Xw-----IlEJBSNRfSJ
|
|
RCQQi0UMx0QkD-----CJRCQEi0UIx0QkC--ggGqJBCTHRfQ-----6-oB--CLNXhggGqD7BiFwInDi0Xwd-qJBCQx2//WUesyi1X0x0QkB-oggGqJBCSJVCQI/xW-YIBqg+wMhcCLRfCJBCR0Cv/WuwE---BS6wP/1lCNZfiJ2FteXcNVieVXVlOD7DyLRRiLdRyJRCQQ
|
|
i0UUiXQkFIlEJ-yLRRCJRCQIi0UMiUQkBItFCIkEJOiE----McmD7BiJx4X-dVyLRRg5CHZV_9koiwYB2IN4E-B0RYlEJ-SLRQiJTeSJBCTo+/7//4tN5IX-dSwDHsdDE-E---DHQxQ-----x0MY-----MdDH-----DHQy------x0Mk-----EHrpI1l9In4W15fXcIY
|
|
-LgB----wgw-kP8lcGC-_pCQ/yVsYIBqkJD/////-----P////8-----------------------------------------------------------------------------------------------------------------------------------------------------
|
|
------------------------------------------------TgBh-G0-ZQ---Ec-cgBh-GM-ZQ------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
-----------------------------------------------------------------------------------------------------------------------------------U----------F6Ug-Bf-gBGwwEBIgB---k----H----ODf//+d-----EEOCIUCQg0FSIYD
|
|
gwQCj8NBxkHFD-QEK----EQ---BV4P//qg----BBDgiF-kINBU_H-4YEgwUCm8NBxkHHQcUMB-QQ----c----NPg//8I------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
------------------D-3NBk-----MZC---B----Qw---EM----oQ---NEE--EBC--DPQg--70I---VD---pQw--XUM--KFD--DpQw--F0Q--DVE--BnR---nUQ--ONE---tRQ--YUU--J9F--DTRQ--DUY--DtG--BxRg--r0Y--M9G--D7Rg--nR---FFH--BvRw--
|
|
n0c--NNH---RS---TUg--G9I--ClS---zUg---VJ--BBSQ--bUk--KdJ--C7SQ--+0k--DlK--BPSg--dUo--J1K--DTSg--B0s--D1L--BpSw--pUs--ONL---NT---OUw--IlM--DRT---EU0--FlN--CjTQ--8U0--BtO--BHTg--h04--LtO--DnTg--K08--FtP
|
|
--C1Tw--608--CdQ--BdU---4kI--P1C---_Qw--RkM--IJD--DIQw---0Q--ClE--BRR---hUQ--MNE---LRQ--SkU--INF--C8RQ--80U--CdG--BZRg--k0Y--MJG--DoRg--GUc--DFH--BjRw--ikc--LxH--D1Rw--Mkg--GFI--CNS---vEg--OxI---mSQ--
|
|
Wkk--I1J--C0SQ--3kk--B1K--BHSg--ZUo--IxK--C7Sg--8Eo--CVL--BWSw--iks--MdL--D7Sw--Jkw--GRM--CwT---9Ew--DhN--CBTQ--zU0---lO---0Tg--_k4--KRO--DUTg--DE8--EZP--CLTw--008---xQ--BFU---eF-------Q-C--M-B--F--Y-
|
|
Bw-I--k-Cg-L--w-DQ-O--8-E--R-BI-Ew-U-BU-Fg-X-Bg-GQ-_-Bs-H--d-B4-Hw-g-CE-Ig-j-CQ-JQ-m-Cc-K--p-Co-Kw-s-C0-Lg-v-D--MQ-y-DM-N--1-DY-Nw-4-Dk-Og-7-Dw-PQ-+-D8-Q-BB-EI-c3BwYy5kbGw-U1BQQ1MuU0xDYWxsU2VydmVy-FNM
|
|
Q2FsbFNlcnZlcgBTUFBDUy5TTENsb3Nl-FNMQ2xvc2U-U1BQQ1MuU0xDb25zdW1lUmln_HQ-U0xDb25zdW1lUmln_HQ-U1BQQ1MuU0xEZXBvc2l0TWlncmF0_W9uQmxvYgBTTERlcG9z_XRN_WdyYXRpb25CbG9i-FNQUENTLlNMRGVwb3NpdE9mZmxpbmVDb25m_XJt
|
|
YXRpb25JZ-BTTERlcG9z_XRPZmZs_W5lQ29uZmlybWF0_W9uSWQ-U1BQQ1MuU0xEZXBvc2l0T2ZmbGluZUNvbmZpcm1hdGlvbklkRXg-U0xEZXBvc2l0T2ZmbGluZUNvbmZpcm1hdGlvbklkRXg-U1BQQ1MuU0xEZXBvc2l0U3RvcmVUb2tlbgBTTERlcG9z_XRTdG9y
|
|
ZVRv_2Vu-FNQUENTLlNMRmlyZUV2ZW50-FNMRmlyZUV2ZW50-FNQUENTLlNMR2F0_GVyTWlncmF0_W9uQmxvYgBTTEdhdGhlck1pZ3JhdGlvbkJsb2I-U1BQQ1MuU0xHYXRoZXJN_WdyYXRpb25CbG9iRXg-U0xHYXRoZXJN_WdyYXRpb25CbG9iRXg-U1BQQ1MuU0xH
|
|
ZW5lcmF0ZU9mZmxpbmVJbnN0YWxsYXRpb25JZ-BTTEdlbmVyYXRlT2ZmbGluZUluc3RhbGxhdGlvbklk-FNQUENTLlNMR2VuZXJhdGVPZmZs_W5lSW5zdGFsbGF0_W9uSWRFe-BTTEdlbmVyYXRlT2ZmbGluZUluc3RhbGxhdGlvbklkRXg-U1BQQ1MuU0xHZXRBY3Rp
|
|
dmVM_WNlbnNlSW5mbwBTTEdldEFjdGl2ZUxpY2Vuc2VJbmZv-FNQUENTLlNMR2V0QXBwbGljYXRpb25JbmZvcm1hdGlvbgBTTEdldEFwcGxpY2F0_W9uSW5mb3JtYXRpb24-U1BQQ1MuU0xHZXRBcHBs_WNhdGlvblBvbGljeQBTTEdldEFwcGxpY2F0_W9uUG9s_WN5
|
|
-FNQUENTLlNMR2V0QXV0_GVudGljYXRpb25SZXN1bHQ-U0xHZXRBdXRoZW50_WNhdGlvblJlc3Vsd-BTUFBDUy5TTEdldEVuY3J5cHRlZFBJREV4-FNMR2V0RW5jcnlwdGVkUElERXg-U1BQQ1MuU0xHZXRHZW51_W5lSW5mb3JtYXRpb24-U0xHZXRHZW51_W5lSW5m
|
|
b3JtYXRpb24-U1BQQ1MuU0xHZXRJbnN0YWxsZWRQcm9kdWN0S2V5SWRz-FNMR2V0SW5zdGFsbGVkUHJvZHVjdEtleUlkcwBTUFBDUy5TTEdldExpY2Vuc2U-U0xHZXRM_WNlbnNl-FNQUENTLlNMR2V0TGljZW5zZUZpbGVJZ-BTTEdldExpY2Vuc2VG_WxlSWQ-U1BQ
|
|
Q1MuU0xHZXRM_WNlbnNlSW5mb3JtYXRpb24-U0xHZXRM_WNlbnNlSW5mb3JtYXRpb24-U0xHZXRM_WNlbnNpbmdTdGF0dXNJbmZvcm1hdGlvbgBTUFBDUy5TTEdldFBLZXlJZ-BTTEdldFBLZXlJZ-BTUFBDUy5TTEdldFBLZXlJbmZvcm1hdGlvbgBTTEdldFBLZXlJ
|
|
bmZvcm1hdGlvbgBTUFBDUy5TTEdldFBvbGljeUluZm9ybWF0_W9u-FNMR2V0UG9s_WN5SW5mb3JtYXRpb24-U1BQQ1MuU0xHZXRQb2xpY3lJbmZvcm1hdGlvbkRXT1JE-FNMR2V0UG9s_WN5SW5mb3JtYXRpb25EV09SR-BTUFBDUy5TTEdldFByb2R1Y3RT_3VJbmZv
|
|
cm1hdGlvbgBTTEdldFByb2R1Y3RT_3VJbmZvcm1hdGlvbgBTUFBDUy5TTEdldFNMSURM_XN0-FNMR2V0U0xJRExpc3Q-U1BQQ1MuU0xHZXRTZXJ2_WNlSW5mb3JtYXRpb24-U0xHZXRTZXJ2_WNlSW5mb3JtYXRpb24-U1BQQ1MuU0xJbnN0YWxsTGljZW5zZQBTTElu
|
|
c3RhbGxM_WNlbnNl-FNQUENTLlNMSW5zdGFsbFByb29mT2ZQdXJj_GFzZQBTTEluc3RhbGxQcm9vZk9mUHVyY2hhc2U-U1BQQ1MuU0xJbnN0YWxsUHJvb2ZPZlB1cmNoYXNlRXg-U0xJbnN0YWxsUHJvb2ZPZlB1cmNoYXNlRXg-U1BQQ1MuU0xJc0dlbnVpbmVMb2Nh
|
|
bEV4-FNMSXNHZW51_W5lTG9jYWxFe-BTUFBDUy5TTExvYWRBcHBs_WNhdGlvblBvbGlj_WVz-FNMTG9hZEFwcGxpY2F0_W9uUG9s_WNpZXM-U1BQQ1MuU0xPcGVu-FNMT3BlbgBTUFBDUy5TTFBlcnNpc3RBcHBs_WNhdGlvblBvbGlj_WVz-FNMUGVyc2lzdEFwcGxp
|
|
Y2F0_W9uUG9s_WNpZXM-U1BQQ1MuU0xQZXJz_XN0UlRTUGF5bG9hZE92ZXJy_WRl-FNMUGVyc2lzdFJUU1BheWxvYWRPdmVycmlkZQBTUFBDUy5TTFJlQXJt-FNMUmVBcm0-U1BQQ1MuU0xSZWdpc3RlckV2ZW50-FNMUmVn_XN0ZXJFdmVud-BTUFBDUy5TTFJlZ2lz
|
|
dGVyUGx1Z2lu-FNMUmVn_XN0ZXJQbHVn_W4-U1BQQ1MuU0xTZXRBdXRoZW50_WNhdGlvbkRhdGE-U0xTZXRBdXRoZW50_WNhdGlvbkRhdGE-U1BQQ1MuU0xTZXRDdXJyZW50UHJvZHVjdEtleQBTTFNldEN1cnJlbnRQcm9kdWN0S2V5-FNQUENTLlNMU2V0R2VudWlu
|
|
ZUluZm9ybWF0_W9u-FNMU2V0R2VudWluZUluZm9ybWF0_W9u-FNQUENTLlNMVW5pbnN0YWxsTGljZW5zZQBTTFVu_W5zdGFsbExpY2Vuc2U-U1BQQ1MuU0xVbmluc3RhbGxQcm9vZk9mUHVyY2hhc2U-U0xVbmluc3RhbGxQcm9vZk9mUHVyY2hhc2U-U1BQQ1MuU0xV
|
|
bmxvYWRBcHBs_WNhdGlvblBvbGlj_WVz-FNMVW5sb2FkQXBwbGljYXRpb25Qb2xpY2llcwBTUFBDUy5TTFVucmVn_XN0ZXJFdmVud-BTTFVucmVn_XN0ZXJFdmVud-BTUFBDUy5TTFVucmVn_XN0ZXJQbHVn_W4-U0xVbnJlZ2lzdGVyUGx1Z2lu-FNQUENTLlNMcEF1
|
|
dGhlbnRpY2F0ZUdlbnVpbmVU_WNrZXRSZXNwb25zZQBTTHBBdXRoZW50_WNhdGVHZW51_W5lVGlj_2V0UmVzcG9uc2U-U1BQQ1MuU0xwQmVn_W5HZW51_W5lVGlj_2V0VHJhbnNhY3Rpb24-U0xwQmVn_W5HZW51_W5lVGlj_2V0VHJhbnNhY3Rpb24-U1BQQ1MuU0xw
|
|
Q2xlYXJBY3RpdmF0_W9uSW5Qcm9ncmVzcwBTTHBDbGVhckFjdGl2YXRpb25JblByb2dyZXNz-FNQUENTLlNMcERlcG9z_XREb3dubGV2ZWxHZW51_W5lVGlj_2V0-FNMcERlcG9z_XREb3dubGV2ZWxHZW51_W5lVGlj_2V0-FNQUENTLlNMcERlcG9z_XRUb2tlbkFj
|
|
dGl2YXRpb25SZXNwb25zZQBTTHBEZXBvc2l0VG9rZW5BY3RpdmF0_W9uUmVzcG9uc2U-U1BQQ1MuU0xwR2VuZXJhdGVUb2tlbkFjdGl2YXRpb25D_GFsbGVuZ2U-U0xwR2VuZXJhdGVUb2tlbkFjdGl2YXRpb25D_GFsbGVuZ2U-U1BQQ1MuU0xwR2V0R2VudWluZUJs
|
|
b2I-U0xwR2V0R2VudWluZUJsb2I-U1BQQ1MuU0xwR2V0R2VudWluZUxvY2Fs-FNMcEdldEdlbnVpbmVMb2Nhb-BTUFBDUy5TTHBHZXRM_WNlbnNlQWNxdWlz_XRpb25JbmZv-FNMcEdldExpY2Vuc2VBY3F1_XNpdGlvbkluZm8-U1BQQ1MuU0xwR2V0TVNQ_WRJbmZv
|
|
cm1hdGlvbgBTTHBHZXRNU1BpZEluZm9ybWF0_W9u-FNQUENTLlNMcEdldE1hY2hpbmVVR1VJR-BTTHBHZXRNYWNo_W5lVUdVSUQ-U1BQQ1MuU0xwR2V0VG9rZW5BY3RpdmF0_W9uR3JhbnRJbmZv-FNMcEdldFRv_2VuQWN0_XZhdGlvbkdyYW50SW5mbwBTUFBDUy5T
|
|
THBJQUFjdGl2YXRlUHJvZHVjd-BTTHBJQUFjdGl2YXRlUHJvZHVjd-BTUFBDUy5TTHBJc0N1cnJlbnRJbnN0YWxsZWRQcm9kdWN0S2V5RGVmYXVsdEtleQBTTHBJc0N1cnJlbnRJbnN0YWxsZWRQcm9kdWN0S2V5RGVmYXVsdEtleQBTUFBDUy5TTHBQcm9jZXNzVk1Q
|
|
_XBlTWVzc2FnZQBTTHBQcm9jZXNzVk1Q_XBlTWVzc2FnZQBTUFBDUy5TTHBTZXRBY3RpdmF0_W9uSW5Qcm9ncmVzcwBTTHBTZXRBY3RpdmF0_W9uSW5Qcm9ncmVzcwBTUFBDUy5TTHBUcmlnZ2VyU2VydmljZVdvcmtlcgBTTHBUcmlnZ2VyU2VydmljZVdvcmtlcgBT
|
|
UFBDUy5TTHBWTEFjdGl2YXRlUHJvZHVjd-BTTHBWTEFjdGl2YXRlUHJvZHVjd-------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
-------------------------------------------------------------------------------------------------------------------------------------------------------------FBg-------------Ohg--BsY---XG--------------
|
|
+G---Hhg--BkY--------------MYQ--gG------------------------------iG---Kpg--------yG--------DUY--------Ihg--CqY--------Mhg--------1G---------C-FNMR2V0TGljZW5z_W5nU3RhdHVzSW5mb3JtYXRpb24--QBTTEdldFByb2R1
|
|
Y3RT_3VJbmZvcm1hdGlvbg--3QNMb2NhbEZyZWU-RwFTdHJTdHJOSVc--G----Bg--BzcHBjcy5kbGw----UY---S0VSTkVMMzIuZGxs-----Chg--BTSExXQVBJLmRsb-----------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
-----------------------------------------------------------B-B-----Y--C--------------------B--E----w--C--------------------B--kE--BI----WH---BwD-------------BwDN----FY-UwBf-FY-RQBS-FM-SQBP-E4-XwBJ-E4-
|
|
RgBP------C9BO/+---B--U---------BQ--------------------Q-B--C--------------------f-I---E-UwB0-HI-_QBu-Gc-RgBp-Gw-ZQBJ-G4-ZgBv----W-I---E-M--0-D--OQ-w-DQ-RQ-0----eg-t--E-QwBv-G0-c-Bh-G4-eQBO-GE-bQBl----
|
|
--BB-G4-bwBt-GE-b-Bv-HU-cw-g-FM-bwBm-HQ-dwBh-HI-ZQ-g-EQ-ZQB0-GU-cgBp-G8-cgBh-HQ-_QBv-G4-I-BD-G8-cgBw-G8-cgBh-HQ-_QBv-G4------D4-Cw-B-EY-_QBs-GU-R-Bl-HM-YwBy-Gk-c-B0-Gk-bwBu------Bv-Gg-bwBv-Gs-I-BT-F--
|
|
U-BD-------w--g--QBG-Gk-b-Bl-FY-ZQBy-HM-_QBv-G4------D--Lg-1-C4-M--u-D-----q--U--QBJ-G4-d-Bl-HI-bgBh-Gw-TgBh-G0-ZQ---HM-c-Bw-GM------Iw-N--B-Ew-ZQBn-GE-b-BD-G8-c-B5-HI-_QBn-Gg-d----Kk-I--y-D--Mg-0-C--
|
|
QQBu-G8-bQBh-Gw-bwB1-HM-I-BT-G8-ZgB0-Hc-YQBy-GU-I-BE-GU-d-Bl-HI-_QBv-HI-YQB0-Gk-bwBu-C--QwBv-HI-c-Bv-HI-YQB0-Gk-bwBu----Og-J--E-TwBy-Gk-ZwBp-G4-YQBs-EY-_QBs-GU-bgBh-G0-ZQ---HM-c-Bw-GM-LgBk-Gw-b-------
|
|
L--G--E-U-By-G8-Z-B1-GM-d-BO-GE-bQBl------Bv-Gg-bwBv-Gs----0--g--QBQ-HI-bwBk-HU-YwB0-FY-ZQBy-HM-_QBv-G4----w-C4-NQ-u-D--Lg-w----R-----E-VgBh-HI-RgBp-Gw-ZQBJ-G4-ZgBv-------k--Q---BU-HI-YQBu-HM-b-Bh-HQ-
|
|
_QBv-G4-------kE5-Q-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
-------Q---U----MzBIMGkwdjBSMVox------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
----------------------------------------------------------------------------------------
|
|
:sppc32.dll:
|
|
|
|
:========================================================================================================================================
|
|
|
|
:: Replace "-" with "A" and "_" with "a" before base64 conversion
|
|
:: It was changed to prevent antiviruses from detecting and flagging base64 encoding
|
|
|
|
:sppc64.dll:
|
|
TVqQ--M----E----//8--Lg---------Q-----------------------------------------------g-----4fug4-t-nNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4g_W4gRE9TIG1vZGUuDQ0KJ---------BQRQ--ZIYH-MDc0GQ----------P--
|
|
LiIL-gIo--I----e--------ExE----Q-----JIx-g-----Q-----g--B----------G----------CQ----B---LeY---I-Y-E--C---------Q-----------Q--------E--------------Q-----F---I0Q----c---U-E---C---B4-w---D---CQ---------
|
|
--------------------------------------------------------------------------------iH---Dg------------------------------------udGV4d----H-B----E-----I----E-------------------g--BgLnJkYXRh---g-----C-----C
|
|
----Bg------------------Q---QC5wZGF0YQ--J------w-----g----g------------------E---E-ueGRhdGE--CQ-----Q-----I----K------------------B---B-LmVkYXRh--CNE----F-----S----D-------------------Q---QC5pZGF0YQ--
|
|
U-E---Bw-----g---B4------------------E---M-ucnNyYw---HgD----g-----Q----g------------------B---D---------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
---------------------------------------------------------------------------------------------------------------------------------------------------------------------EFUU0iD7EhFMclMjQXvDw--SI1EJDjHRCQ0
|
|
-----EiJRCQoSI1EJDRIiUQkIEjHRCQ4-----OgF-Q--SItMJDhIix1ZY---hcBBicR0B//TRTHk6yhEi0QkNEiNF_kP--D/FUlg--BIi0wkOEiFwHQK/9NBv-E---Dr-v/TRIngSIPESFtBXMNBVUFUVVdWU0iD7Dgx9kyLrCSQ----SIusJJg---BMiWwkIEiJz0iJ
|
|
bCQo6J----BBicSFwHVEQTl1-HY+SGveKEiLVQBI-dqDeh--dChIifnoIv///4X-dRxI-10-SMdDE-E---BIx0MY-----EjHQy------SP/G67xEieBIg8Q4W15fXUFcQV3Du-E---DDkJCQkJCQkP8lel8--JCQDx+E------D/JXpf--CQk-8fh-------/yVKXw--
|
|
kJD/JTpf--CQkP//////////----------D//////////w----------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
------------------------------------------------TgBh-G0-ZQ---Ec-cgBh-GM-ZQ------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
------------------------------------------------------------------------------------------------------------------------------------E---iB----B---CIE---ExE---x----TEQ--GRE--CB-------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------EH-w-HggMw-s----EMBw-MYggwB2-Gc-VQBM-C0----Q----------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
-----------------------------------------------------------------------------------------------------MDc0GQ-----xlI---E---BD----Qw---ChQ---0UQ--QFI--M9S--DvUg--BVM--ClT--BdUw--oVM--OlT---XV---NVQ--GdU
|
|
--CdV---41Q--C1V--BhVQ--n1U--NNV---NVg--O1Y--HFW--CvVg--z1Y--PtW--CIE---UVc--G9X--CfVw--01c--BFY--BNW---b1g--KVY--DNW---BVk--EFZ--BtWQ--p1k--LtZ--D7WQ--OVo--E9_--B1Wg--nVo--NN_---HWw--PVs--Glb--ClWw--
|
|
41s---1c---5X---iVw--NFc---RXQ--WV0--KNd--DxXQ--G14--Ede--CHXg--u14--Ode---rXw--W18--LVf--DrXw--J2---F1g--DiUg--/VI--BpT--BGUw--glM--MhT---DV---KVQ--FFU--CFV---w1Q---tV--BKVQ--g1U--LxV--DzVQ--J1Y--FlW
|
|
--CTVg--wlY--OhW---ZVw--MVc--GNX--CKVw--vFc--PVX---yW---YVg--I1Y--C8W---7Fg--CZZ--B_WQ--jVk--LRZ--DeWQ--HVo--Ed_--BlWg--jFo--Lt_--DwWg--JVs--FZb--CKWw--x1s--Ptb---mX---ZFw--LBc--D0X---OF0--IFd--DNXQ--
|
|
CV4--DRe--BqXg--pF4--NRe---MXw--Rl8--Itf--DTXw--DG---EVg--B4Y------B--I--w-E--U-Bg-H--g-CQ-K--s-D--N--4-Dw-Q-BE-Eg-T-BQ-FQ-W-Bc-G--Z-Bo-Gw-c-B0-Hg-f-C--IQ-i-CM-J--l-CY-Jw-o-Ck-Kg-r-Cw-LQ-u-C8-M--x-DI-
|
|
Mw-0-DU-Ng-3-Dg-OQ-6-Ds-P--9-D4-PwB--EE-QgBzcHBjLmRsb-BTUFBDUy5TTENhbGxTZXJ2ZXI-U0xDYWxsU2VydmVy-FNQUENTLlNMQ2xvc2U-U0xDbG9zZQBTUFBDUy5TTENvbnN1bWVS_Wdod-BTTENvbnN1bWVS_Wdod-BTUFBDUy5TTERlcG9z_XRN_Wdy
|
|
YXRpb25CbG9i-FNMRGVwb3NpdE1pZ3JhdGlvbkJsb2I-U1BQQ1MuU0xEZXBvc2l0T2ZmbGluZUNvbmZpcm1hdGlvbklk-FNMRGVwb3NpdE9mZmxpbmVDb25m_XJtYXRpb25JZ-BTUFBDUy5TTERlcG9z_XRPZmZs_W5lQ29uZmlybWF0_W9uSWRFe-BTTERlcG9z_XRP
|
|
ZmZs_W5lQ29uZmlybWF0_W9uSWRFe-BTUFBDUy5TTERlcG9z_XRTdG9yZVRv_2Vu-FNMRGVwb3NpdFN0b3JlVG9rZW4-U1BQQ1MuU0xG_XJlRXZlbnQ-U0xG_XJlRXZlbnQ-U1BQQ1MuU0xHYXRoZXJN_WdyYXRpb25CbG9i-FNMR2F0_GVyTWlncmF0_W9uQmxvYgBT
|
|
UFBDUy5TTEdhdGhlck1pZ3JhdGlvbkJsb2JFe-BTTEdhdGhlck1pZ3JhdGlvbkJsb2JFe-BTUFBDUy5TTEdlbmVyYXRlT2ZmbGluZUluc3RhbGxhdGlvbklk-FNMR2VuZXJhdGVPZmZs_W5lSW5zdGFsbGF0_W9uSWQ-U1BQQ1MuU0xHZW5lcmF0ZU9mZmxpbmVJbnN0
|
|
YWxsYXRpb25JZEV4-FNMR2VuZXJhdGVPZmZs_W5lSW5zdGFsbGF0_W9uSWRFe-BTUFBDUy5TTEdldEFjdGl2ZUxpY2Vuc2VJbmZv-FNMR2V0QWN0_XZlTGljZW5zZUluZm8-U1BQQ1MuU0xHZXRBcHBs_WNhdGlvbkluZm9ybWF0_W9u-FNMR2V0QXBwbGljYXRpb25J
|
|
bmZvcm1hdGlvbgBTUFBDUy5TTEdldEFwcGxpY2F0_W9uUG9s_WN5-FNMR2V0QXBwbGljYXRpb25Qb2xpY3k-U1BQQ1MuU0xHZXRBdXRoZW50_WNhdGlvblJlc3Vsd-BTTEdldEF1dGhlbnRpY2F0_W9uUmVzdWx0-FNQUENTLlNMR2V0RW5jcnlwdGVkUElERXg-U0xH
|
|
ZXRFbmNyeXB0ZWRQSURFe-BTUFBDUy5TTEdldEdlbnVpbmVJbmZvcm1hdGlvbgBTTEdldEdlbnVpbmVJbmZvcm1hdGlvbgBTUFBDUy5TTEdldEluc3RhbGxlZFByb2R1Y3RLZXlJZHM-U0xHZXRJbnN0YWxsZWRQcm9kdWN0S2V5SWRz-FNQUENTLlNMR2V0TGljZW5z
|
|
ZQBTTEdldExpY2Vuc2U-U1BQQ1MuU0xHZXRM_WNlbnNlRmlsZUlk-FNMR2V0TGljZW5zZUZpbGVJZ-BTUFBDUy5TTEdldExpY2Vuc2VJbmZvcm1hdGlvbgBTTEdldExpY2Vuc2VJbmZvcm1hdGlvbgBTTEdldExpY2Vuc2luZ1N0YXR1c0luZm9ybWF0_W9u-FNQUENT
|
|
LlNMR2V0UEtleUlk-FNMR2V0UEtleUlk-FNQUENTLlNMR2V0UEtleUluZm9ybWF0_W9u-FNMR2V0UEtleUluZm9ybWF0_W9u-FNQUENTLlNMR2V0UG9s_WN5SW5mb3JtYXRpb24-U0xHZXRQb2xpY3lJbmZvcm1hdGlvbgBTUFBDUy5TTEdldFBvbGljeUluZm9ybWF0
|
|
_W9uRFdPUkQ-U0xHZXRQb2xpY3lJbmZvcm1hdGlvbkRXT1JE-FNQUENTLlNMR2V0UHJvZHVjdFNrdUluZm9ybWF0_W9u-FNMR2V0UHJvZHVjdFNrdUluZm9ybWF0_W9u-FNQUENTLlNMR2V0U0xJRExpc3Q-U0xHZXRTTElETGlzd-BTUFBDUy5TTEdldFNlcnZpY2VJ
|
|
bmZvcm1hdGlvbgBTTEdldFNlcnZpY2VJbmZvcm1hdGlvbgBTUFBDUy5TTEluc3RhbGxM_WNlbnNl-FNMSW5zdGFsbExpY2Vuc2U-U1BQQ1MuU0xJbnN0YWxsUHJvb2ZPZlB1cmNoYXNl-FNMSW5zdGFsbFByb29mT2ZQdXJj_GFzZQBTUFBDUy5TTEluc3RhbGxQcm9v
|
|
Zk9mUHVyY2hhc2VFe-BTTEluc3RhbGxQcm9vZk9mUHVyY2hhc2VFe-BTUFBDUy5TTElzR2VudWluZUxvY2FsRXg-U0xJc0dlbnVpbmVMb2NhbEV4-FNQUENTLlNMTG9hZEFwcGxpY2F0_W9uUG9s_WNpZXM-U0xMb2FkQXBwbGljYXRpb25Qb2xpY2llcwBTUFBDUy5T
|
|
TE9wZW4-U0xPcGVu-FNQUENTLlNMUGVyc2lzdEFwcGxpY2F0_W9uUG9s_WNpZXM-U0xQZXJz_XN0QXBwbGljYXRpb25Qb2xpY2llcwBTUFBDUy5TTFBlcnNpc3RSVFNQYXlsb2FkT3ZlcnJpZGU-U0xQZXJz_XN0UlRTUGF5bG9hZE92ZXJy_WRl-FNQUENTLlNMUmVB
|
|
cm0-U0xSZUFybQBTUFBDUy5TTFJlZ2lzdGVyRXZlbnQ-U0xSZWdpc3RlckV2ZW50-FNQUENTLlNMUmVn_XN0ZXJQbHVn_W4-U0xSZWdpc3RlclBsdWdpbgBTUFBDUy5TTFNldEF1dGhlbnRpY2F0_W9uRGF0YQBTTFNldEF1dGhlbnRpY2F0_W9uRGF0YQBTUFBDUy5T
|
|
TFNldEN1cnJlbnRQcm9kdWN0S2V5-FNMU2V0Q3VycmVudFByb2R1Y3RLZXk-U1BQQ1MuU0xTZXRHZW51_W5lSW5mb3JtYXRpb24-U0xTZXRHZW51_W5lSW5mb3JtYXRpb24-U1BQQ1MuU0xVbmluc3RhbGxM_WNlbnNl-FNMVW5pbnN0YWxsTGljZW5zZQBTUFBDUy5T
|
|
TFVu_W5zdGFsbFByb29mT2ZQdXJj_GFzZQBTTFVu_W5zdGFsbFByb29mT2ZQdXJj_GFzZQBTUFBDUy5TTFVubG9hZEFwcGxpY2F0_W9uUG9s_WNpZXM-U0xVbmxvYWRBcHBs_WNhdGlvblBvbGlj_WVz-FNQUENTLlNMVW5yZWdpc3RlckV2ZW50-FNMVW5yZWdpc3Rl
|
|
ckV2ZW50-FNQUENTLlNMVW5yZWdpc3RlclBsdWdpbgBTTFVucmVn_XN0ZXJQbHVn_W4-U1BQQ1MuU0xwQXV0_GVudGljYXRlR2VudWluZVRpY2tldFJlc3BvbnNl-FNMcEF1dGhlbnRpY2F0ZUdlbnVpbmVU_WNrZXRSZXNwb25zZQBTUFBDUy5TTHBCZWdpbkdlbnVp
|
|
bmVU_WNrZXRUcmFuc2FjdGlvbgBTTHBCZWdpbkdlbnVpbmVU_WNrZXRUcmFuc2FjdGlvbgBTUFBDUy5TTHBDbGVhckFjdGl2YXRpb25JblByb2dyZXNz-FNMcENsZWFyQWN0_XZhdGlvbkluUHJvZ3Jlc3M-U1BQQ1MuU0xwRGVwb3NpdERvd25sZXZlbEdlbnVpbmVU
|
|
_WNrZXQ-U0xwRGVwb3NpdERvd25sZXZlbEdlbnVpbmVU_WNrZXQ-U1BQQ1MuU0xwRGVwb3NpdFRv_2VuQWN0_XZhdGlvblJlc3BvbnNl-FNMcERlcG9z_XRUb2tlbkFjdGl2YXRpb25SZXNwb25zZQBTUFBDUy5TTHBHZW5lcmF0ZVRv_2VuQWN0_XZhdGlvbkNoYWxs
|
|
ZW5nZQBTTHBHZW5lcmF0ZVRv_2VuQWN0_XZhdGlvbkNoYWxsZW5nZQBTUFBDUy5TTHBHZXRHZW51_W5lQmxvYgBTTHBHZXRHZW51_W5lQmxvYgBTUFBDUy5TTHBHZXRHZW51_W5lTG9jYWw-U0xwR2V0R2VudWluZUxvY2Fs-FNQUENTLlNMcEdldExpY2Vuc2VBY3F1
|
|
_XNpdGlvbkluZm8-U0xwR2V0TGljZW5zZUFjcXVpc2l0_W9uSW5mbwBTUFBDUy5TTHBHZXRNU1BpZEluZm9ybWF0_W9u-FNMcEdldE1TUGlkSW5mb3JtYXRpb24-U1BQQ1MuU0xwR2V0TWFj_GluZVVHVUlE-FNMcEdldE1hY2hpbmVVR1VJR-BTUFBDUy5TTHBHZXRU
|
|
b2tlbkFjdGl2YXRpb25HcmFudEluZm8-U0xwR2V0VG9rZW5BY3RpdmF0_W9uR3JhbnRJbmZv-FNQUENTLlNMcElBQWN0_XZhdGVQcm9kdWN0-FNMcElBQWN0_XZhdGVQcm9kdWN0-FNQUENTLlNMcElzQ3VycmVudEluc3RhbGxlZFByb2R1Y3RLZXlEZWZhdWx0S2V5
|
|
-FNMcElzQ3VycmVudEluc3RhbGxlZFByb2R1Y3RLZXlEZWZhdWx0S2V5-FNQUENTLlNMcFByb2Nlc3NWTVBpcGVNZXNzYWdl-FNMcFByb2Nlc3NWTVBpcGVNZXNzYWdl-FNQUENTLlNMcFNldEFjdGl2YXRpb25JblByb2dyZXNz-FNMcFNldEFjdGl2YXRpb25JblBy
|
|
b2dyZXNz-FNQUENTLlNMcFRy_WdnZXJTZXJ2_WNlV29y_2Vy-FNMcFRy_WdnZXJTZXJ2_WNlV29y_2Vy-FNQUENTLlNMcFZMQWN0_XZhdGVQcm9kdWN0-FNMcFZMQWN0_XZhdGVQcm9kdWN0--------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
|
|
----------------------------------------UH--------------IHE--Ihw--Boc--------------wcQ--oH---Hhw-------------ERx--Cwc-----------------------------D-c--------OJw--------------------cQ------------------
|
|
DHE------------------MBw--------4n--------------------Bx-------------------McQ-------------------gBTTEdldExpY2Vuc2luZ1N0YXR1c0luZm9ybWF0_W9u--E-U0xHZXRQcm9kdWN0U2t1SW5mb3JtYXRpb24--OgDTG9jYWxGcmVl-FEB
|
|
U3RyU3RyTklX--Bw----c---c3BwY3MuZGxs----FH---EtFUk5FTDMyLmRsb------oc---U0hMV0FQSS5kbGw-----------------------------------------------------------------------------------------------------------------
|
|
----------------------------------------------------------------------------------------------------------------------------------------------E-E----Bg--I--------------------E--Q---D---I--------------
|
|
------E-CQQ--Eg---BYg---H-M-------------H-M0----VgBT-F8-VgBF-FI-UwBJ-E8-TgBf-Ek-TgBG-E8------L0E7/4---E-BQ---------F--------------------B--E--I-------------------B8-g---QBT-HQ-cgBp-G4-ZwBG-Gk-b-Bl-Ek-
|
|
bgBm-G8---BY-g---Q-w-DQ-M--5-D--N-BF-DQ---B6-C0--QBD-G8-bQBw-GE-bgB5-E4-YQBt-GU------EE-bgBv-G0-YQBs-G8-dQBz-C--UwBv-GY-d-B3-GE-cgBl-C--R-Bl-HQ-ZQBy-Gk-bwBy-GE-d-Bp-G8-bg-g-EM-bwBy-H--bwBy-GE-d-Bp-G8-
|
|
bg------Pg-L--E-RgBp-Gw-ZQBE-GU-cwBj-HI-_QBw-HQ-_QBv-G4------G8-_-Bv-G8-_w-g-FM-U-BQ-EM------D--C--B-EY-_QBs-GU-VgBl-HI-cwBp-G8-bg------M--u-DU-Lg-w-C4-M----Co-BQ-B-Ek-bgB0-GU-cgBu-GE-b-BO-GE-bQBl----
|
|
cwBw-H--Yw------j--0--E-T-Bl-Gc-YQBs-EM-bwBw-Hk-cgBp-Gc-_-B0----qQ-g-DI-M--y-DQ-I-BB-G4-bwBt-GE-b-Bv-HU-cw-g-FM-bwBm-HQ-dwBh-HI-ZQ-g-EQ-ZQB0-GU-cgBp-G8-cgBh-HQ-_QBv-G4-I-BD-G8-cgBw-G8-cgBh-HQ-_QBv-G4-
|
|
---6--k--QBP-HI-_QBn-Gk-bgBh-Gw-RgBp-Gw-ZQBu-GE-bQBl----cwBw-H--Yw-u-GQ-b-Bs-------s--Y--QBQ-HI-bwBk-HU-YwB0-E4-YQBt-GU------G8-_-Bv-G8-_w---DQ-C--B-F--cgBv-GQ-dQBj-HQ-VgBl-HI-cwBp-G8-bg---D--Lg-1-C4-
|
|
M--u-D----BE-----QBW-GE-cgBG-Gk-b-Bl-Ek-bgBm-G8------CQ-B----FQ-cgBh-G4-cwBs-GE-d-Bp-G8-bg------CQTkB---------------------------------------------------------------------------------------------------
|
|
----------------------------------------------------------------------------------------
|
|
:sppc64.dll:
|
|
|
|
::========================================================================================================================================
|
|
:: Leave empty line below
|