Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implements a check on PDB files to avoid using an invalid one and crash the machine

Browse Source 
When loading a PDB that was already on disk (not downloaded) for a specific PE,
verifies that the PDB file is indeed for the current version of the target PE.

(Did I just started to write a PDB file parser ?)
This commit is contained in:
Maxime Meignan
2022-08-23 19:59:47 +02:00
parent 482ab84a11
commit 4d414edb77
6 changed files with 146 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/EDRSandblast.vcxproj
+2
View File
@@ -178,6 +178,7 @@
<ClCompile Include="LSASSProtectionBypass\CredGuard.c" />
<ClCompile Include="LSASSProtectionBypass\RunAsPPL.c" />
<ClCompile Include="Utils\ListUtils.c" />
<ClCompile Include="Utils\PdbParser.c" />
<ClCompile Include="Utils\RemotePEBBrowser.c" />
<ClCompile Include="Utils\PdbSymbols.c" />
<ClCompile Include="UserlandBypass\Firewalling.c" />
@@ -208,6 +209,7 @@
<ClInclude Include="Includes\DriverRTCore.h" />
<ClInclude Include="Includes\KernelDSE.h" />
<ClInclude Include="Includes\PrintFunctions.h" />
<ClInclude Include="Includes\PdbParser.h" />
<ClInclude Include="Includes\ProcessDumpDirectSyscalls.h" />
<ClInclude Include="Includes\FileUtils.h" />
<ClInclude Include="Includes\HttpClient.h" />