Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleaning up some code

Browse Source
This commit is contained in:
Maxime Meignan
2021-11-10 16:19:41 +01:00
parent 9957b7a38e
commit 907d6b0a87
15 changed files with 23 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/EDRSandblast.c
+3 -1
View File
@@ -38,6 +38,8 @@ Actions mode:\n\
\t4 Loads an additional version of ntdll library into memory, and use the (hopefully\n\
\t unmonitored) version of NtProtectVirtualMemory present in this library to remove all\n\
\t present userland hooks.\n\
\t5 Allocates a shellcode that uses a direct syscall to call NtProtectVirtualMemory,\n\
\t and uses it to remove all detected hooks\n\
\n\
Other options:\n\
\n\
@@ -492,7 +494,7 @@ Other options:\n\
status = UninstallVulnerableDriver();
if (status == FALSE) {
_tprintf(TEXT("[!] An error occured while attempting to uninstall the vulnerable driver\n"));
_tprintf(TEXT("[*] The service should be manually deleted: cmd /c sc delete %s\n"), serviceName);
_tprintf(TEXT("[*] The service should be manually deleted: cmd /c sc delete %s\n"), GetServiceName());
lpExitCode = EXIT_FAILURE;
}
else {