Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added directions when the vulnerable driver does not unload correctly

Browse Source
This commit is contained in:
Maxime Meignan
2023-11-03 16:23:17 +01:00
parent 3c3cc307ce
commit eadbeaaad0
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
EDRSandblast_StaticLibrary/EDRSandblast_API.c
+5 -1
View File
@@ -755,7 +755,11 @@ VOID EDRSB_CleanUp(_Inout_ EDRSB_CONTEXT* ctx) {
BOOL status = UninstallVulnerableDriver();
if (status == FALSE) {
_putts_or_not(TEXT("[!] An error occured while attempting to uninstall the vulnerable driver"));
_tprintf_or_not(TEXT("[*] The service should be manually deleted: cmd /c sc delete %s\n"), GetDriverServiceName());
_tprintf_or_not(TEXT("[*] Executing: cmd /c sc delete %s\n"), GetDriverServiceName());
TCHAR cmd[MAX_PATH] = { 0 };
wsprintf(cmd, TEXT("cmd /c sc delete %s"), GetDriverServiceName());
_wsystem(cmd);
_putts_or_not(TEXT("[!] Please restart the machine for the uninstallation to be complete"));
}
}
}