Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-09 00:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add feature : loading unsigned driver

Browse Source
This commit is contained in:
v1k1ngfr
2022-12-25 01:07:15 +01:00
committed by Maxime Meignan
parent 0bbe76aab1
commit 7be844b518
16 changed files with 427 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/Includes/KernelCallbacks.h
+3
View File
@@ -94,3 +94,6 @@ void RemoveEDRImageNotifyCallbacks(struct FOUND_EDR_CALLBACKS* edrDrivers, BOOL
BOOL EnumEDRNotifyRoutineCallbacks(struct FOUND_EDR_CALLBACKS* edrDrivers, BOOL verbose);
void RemoveEDRNotifyRoutineCallbacks(struct FOUND_EDR_CALLBACKS* edrDrivers);
// Helps at locating some DLL in the kernel, for example CI.dll
DWORD64 GetNotifyRoutineAddress(enum NtoskrnlOffsetType nrt);