Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-11 01:41:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

[new feature] Implements EDR minifilter callbacks detection and removal

Browse Source 
Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
This commit is contained in:
Maxime Meignan
2023-11-29 14:32:35 +01:00
parent 1b1919ba8a
commit e567c488ff
12 changed files with 594 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast/EDRSandblast.vcxproj
+4
View File
@@ -171,11 +171,13 @@
<ClCompile Include="KernellandBypass\KernelCallbacks.c" />
<ClCompile Include="KernellandBypass\KernelDSE.c" />
<ClCompile Include="KernellandBypass\KernelUtils.c" />
<ClCompile Include="KernellandBypass\MinifilterCallbacks.c" />
<ClCompile Include="KernellandBypass\ObjectCallbacks.c" />
<ClCompile Include="UserlandBypass\Syscalls.c" />
<ClCompile Include="UserlandBypass\ProcessDumpDirectSyscalls.c" />
<ClCompile Include="Utils\CiOffsets.c" />
<ClCompile Include="Utils\FileUtils.c" />
<ClCompile Include="Utils\FltmgrOffsets.c" />
<ClCompile Include="Utils\HttpClient.c" />
<ClCompile Include="LSASSProtectionBypass\CredGuard.c" />
<ClCompile Include="LSASSProtectionBypass\RunAsPPL.c" />
@@ -209,7 +211,9 @@
<ClInclude Include="Includes\DriverDBUtil.h" />
<ClInclude Include="Includes\DriverGDRV.h" />
<ClInclude Include="Includes\DriverRTCore.h" />
<ClInclude Include="Includes\FltmgrOffsets.h" />
<ClInclude Include="Includes\KernelDSE.h" />
<ClInclude Include="Includes\MinifilterCallbacks.h" />
<ClInclude Include="Includes\PrintFunctions.h" />
<ClInclude Include="Includes\PdbParser.h" />
<ClInclude Include="Includes\ProcessDumpDirectSyscalls.h" />