Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed a typo in README.md

Browse Source
This commit is contained in:
Maxime Meignan
2021-12-08 10:54:51 +01:00
committed by GitHub
parent 894f58377b
commit ab6188aece
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -262,7 +262,7 @@ assembly) in order to call the corresponding OS features without actually touchi
code in `ntdll.dll`, which might be monitored by the EDR. This completely bypasses any code in `ntdll.dll`, which might be monitored by the EDR. This completely bypasses any
userland hooking done on syscall functions in `ntdll.dll`. userland hooking done on syscall functions in `ntdll.dll`.
This nevertheless has some drawbacks. First, this implies been able to know the list of This nevertheless has some drawbacks. First, this implies being able to know the list of
syscall numbers of functions the program needs, which changes for each version of syscall numbers of functions the program needs, which changes for each version of
Windows. Also, functions that are not technically syscalls Windows. Also, functions that are not technically syscalls
(e.g. `LoadLibraryX`/`LdrLoadDLL`) could be monitored as well, and cannot simply be (e.g. `LoadLibraryX`/`LdrLoadDLL`) could be monitored as well, and cannot simply be