Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-10 17:31:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Userland hooks: ignore api-ms-* DLLs

Browse Source
This commit is contained in:
Maxime Meignan
2023-11-03 16:17:59 +01:00
parent bf749f54c7
commit 3c3cc307ce
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/UserlandBypass/UserlandHooks.c
+3
View File
@@ -426,6 +426,9 @@ _Ret_notnull_ HOOK* searchHooks(const char* csvFileName) {
if (dll_name.Buffer == NULL) { if (dll_name.Buffer == NULL) {
continue; continue;
} }
if (!_wcsnicmp(dll_name.Buffer, L"api-ms", 6)) {
continue;
}
WCHAR* moduleName = currentModuleEntry->FullDllName.Buffer; WCHAR* moduleName = currentModuleEntry->FullDllName.Buffer;
if (!hooksFoundInLastModule) { if (!hooksFoundInLastModule) {