[new feature] Implements EDR minifilter callbacks detection and removal

Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
2026-06-11 01:41:20 +00:00 · 2023-11-29 14:32:35 +01:00
parent 1b1919ba8a
commit e567c488ff
12 changed files with 594 additions and 11 deletions
@@ -129,6 +129,12 @@
    <ClCompile Include="Utils\PdbParser.c">
      <Filter>Source Files</Filter>
    </ClCompile>
+    <ClCompile Include="KernellandBypass\MinifilterCallbacks.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="Utils\FltmgrOffsets.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
  </ItemGroup>
  <ItemGroup>
    <ClInclude Include="Includes\CredGuard.h">
@@ -254,6 +260,12 @@
    <ClInclude Include="Includes\PdbParser.h">
      <Filter>Header Files</Filter>
    </ClInclude>
+    <ClInclude Include="Includes\MinifilterCallbacks.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="Includes\FltmgrOffsets.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
  </ItemGroup>
  <ItemGroup>
    <MASM Include="Utils\SW2_Syscalls_stubs.x64.asm">