mirror of
https://github.com/wavestone-cdt/EDRSandblast.git
synced 2026-06-08 16:37:12 +00:00
Update EDRSandblast_API.c - MiniFilter Callbacks not restored
The wrong function is called.
This commit is contained in:
Rafael Scheel
committed by
Maxime Meignan
Maxime Meignan
parent
c0ae62ac1d
commit
0710fad92d
@@ -425,7 +425,7 @@ EDRSB_STATUS Krnlmode_RestoreAllMonitoring(_In_ EDRSB_CONTEXT* ctx) {
|
|||||||
|
|
||||||
if (!ctx->config->actions.DontRestoreCallBacks && ctx->foundMinifilterCallbacks) {
|
if (!ctx->config->actions.DontRestoreCallBacks && ctx->foundMinifilterCallbacks) {
|
||||||
_putts_or_not(TEXT("[+] Restoring EDR's minifilter callbacks..."));
|
_putts_or_not(TEXT("[+] Restoring EDR's minifilter callbacks..."));
|
||||||
EnableEDRProcessAndThreadObjectsCallbacks(ctx->foundEDRDrivers);
|
RestoreEDRMinifilterCallbacks(ctx->foundEDRDrivers);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Renable the ETW Threat Intel provider.
|
// Renable the ETW Threat Intel provider.
|
||||||
|
|||||||
Reference in New Issue
Block a user