Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Various cosmetic changes

Browse Source
This commit is contained in:
Maxime Meignan
2023-11-29 00:03:46 +01:00
parent 5e1d1daf6d
commit 5bfd633022
5 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast_CLI/EDRSandblast.c
+3 -2
View File
@@ -446,8 +446,8 @@ Dump options:\n\
PathAppend(ntoskrnlOffsetCSVPath, offsetCSVName);
}
_putts_or_not(TEXT("[+] Setting up prerequisites for the kernel read/write primitives..."));
// Initialize the global variable containing ntoskrnl.exe Notify Routines', _PS_PROTECTION and ETW TI functions offsets.
_putts_or_not(TEXT("[+] Loading required offsets for ntoskrnl.exe..."));
if (FileExists(ntoskrnlOffsetCSVPath)) {
_putts_or_not(TEXT("[+] Loading kernel related offsets from the CSV file"));
LoadNtoskrnlOffsetsFromFile(ntoskrnlOffsetCSVPath);
@@ -518,6 +518,7 @@ Dump options:\n\
_putts_or_not(TEXT("[!] Couldn't allocate memory to enumerate the drivers in Kernel callbacks"));
return EXIT_FAILURE;
}
foundNotifyRoutineCallbacks = EnumEDRNotifyRoutineCallbacks(foundEDRDrivers, verbose);
if (foundNotifyRoutineCallbacks) {
isSafeToExecutePayloadKernelland = FALSE;