Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Various cosmetic changes

Browse Source
This commit is contained in:
Maxime Meignan
2023-11-29 00:03:46 +01:00
parent 5e1d1daf6d
commit 5bfd633022
5 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Includes/WdigestOffsets.h
+14 -13
View File
@@ -12,27 +12,28 @@
enum WdigestOffsetType {
g_fParameter_UseLogonCredential = 0,
g_IsCredGuardEnabled = 1,
_SUPPORTED_WDIGEST_OFFSETS_END
g_fParameter_UseLogonCredential = 0,
g_IsCredGuardEnabled = 1,
_SUPPORTED_WDIGEST_OFFSETS_END
};
union WdigestOffsets {
// structure version of wdigest.dll's offsets
struct {
// wdigest.dll's g_fParameter_UseLogonCredential
DWORD64 g_fParameter_UseLogonCredential;
// wdigest.dll's g_IsCredGuardEnabled
DWORD64 g_IsCredGuardEnabled;
} st;
// structure version of wdigest.dll's offsets
struct {
// wdigest.dll's g_fParameter_UseLogonCredential
DWORD64 g_fParameter_UseLogonCredential;
// wdigest.dll's g_IsCredGuardEnabled
DWORD64 g_IsCredGuardEnabled;
} st;
// array version (usefull for code factoring)
DWORD64 ar[_SUPPORTED_WDIGEST_OFFSETS_END];
// array version (usefull for code factoring)
DWORD64 ar[_SUPPORTED_WDIGEST_OFFSETS_END];
};
union WdigestOffsets g_wdigestOffsets;
// Return the offsets of nt!PspCreateProcessNotifyRoutine, nt!PspCreateThreadNotifyRoutine, nt!PspLoadImageNotifyRoutine, and nt!_PS_PROTECTION for the specific Windows version in use.
// TODO : create a LoadWdigestOffsets function like LoadCiOffsets
// TODO2 : find a way to factorize all the copy-pasted code between Ci/Ntoskrnl/Wdigest/FltmgrOffsets
void LoadWdigestOffsetsFromFile(TCHAR* wdigestOffsetFilename);
void SaveWdigestOffsetsToFile(TCHAR* wdigestOffsetFilename);