From 0710fad92dbcdf373ed30c536b99012fcd46dbcc Mon Sep 17 00:00:00 2001
From: Rafael Scheel <rafael.scheel@gmail.com>
Date: Sun, 23 Jun 2024 21:30:01 +0200
Subject: [PATCH] Update EDRSandblast_API.c - MiniFilter Callbacks not restored

The wrong function is called.
---
 EDRSandblast_StaticLibrary/EDRSandblast_API.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/EDRSandblast_StaticLibrary/EDRSandblast_API.c b/EDRSandblast_StaticLibrary/EDRSandblast_API.c
index 34990a7..82c324d 100644
--- a/EDRSandblast_StaticLibrary/EDRSandblast_API.c
+++ b/EDRSandblast_StaticLibrary/EDRSandblast_API.c
@@ -425,7 +425,7 @@ EDRSB_STATUS Krnlmode_RestoreAllMonitoring(_In_ EDRSB_CONTEXT* ctx) {
 
     if (!ctx->config->actions.DontRestoreCallBacks && ctx->foundMinifilterCallbacks) {
         _putts_or_not(TEXT("[+] Restoring EDR's minifilter callbacks..."));
-        EnableEDRProcessAndThreadObjectsCallbacks(ctx->foundEDRDrivers);
+		RestoreEDRMinifilterCallbacks(ctx->foundEDRDrivers);
     }
 
     // Renable the ETW Threat Intel provider.