Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Maxime Meignan
2022-01-07 10:02:29 +01:00
committed by GitHub
parent fa75dd9ec1
commit cd0d983525
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -132,7 +132,7 @@ the original DLL on disk and the library residing in memory, that has been poten
altered by an EDR. To perform this comparison, the following steps are followed by altered by an EDR. To perform this comparison, the following steps are followed by
EDRSandblast: EDRSandblast:
* The list of all loaded DLLs is enumerated thanks to the `InLoadOrderModuleList` located * The list of all loaded DLLs is enumerated thanks to the `InLoadOrderModuleList` located
int the `PEB` (to avoid calling any API that could be monitored and suspect) int the `PEB` (to avoid calling any API that could be monitored and suspicious)
* For each loaded DLL, its content on disk is read and its headers parsed. The * For each loaded DLL, its content on disk is read and its headers parsed. The
corresponding library, residing in memory, is also parsed to identify sections, exports, corresponding library, residing in memory, is also parsed to identify sections, exports,
etc. etc.