09dc67bc65
v1.0 of the pypdb parser: completely removed the radare2 dependency
2023-10-31 17:06:20 +01:00
d38b84d179
starting removing the PE parsing in ExtractOffsets.py to get rid of r2
2023-10-27 16:18:42 +02:00
aa408ced60
tweaking configuration files
2023-10-19 11:20:41 +02:00
4d2789b21b
added a PE_find_static_relative_reference function (not used yet)
...
Function that can be used to find cross-references of a global variable
or a function
2023-10-19 11:20:30 +02:00
1e8713cfb5
removed useless macros
2023-10-11 11:16:57 +02:00
f1fc3a8d04
Update README.md (thanking v1k1ngfr)
2023-10-10 17:39:50 +02:00
02490ec4ca
Merge pull request #17 from nuts7/new-edr-drivers
...
New EDR drivers
2023-10-10 16:18:42 +02:00
4d414edb77
Implements a check on PDB files to avoid using an invalid one and crash the machine
...
When loading a PDB that was already on disk (not downloaded) for a specific PE,
verifies that the PDB file is indeed for the current version of the target PE.
(Did I just started to write a PDB file parser ?)
2023-10-10 15:44:20 +02:00
482ab84a11
CLI: adding a small todo regarding DSE bypass
2023-10-10 15:44:20 +02:00
c9ee91eaa8
CLI: added the correct flags for DSE bypass
2023-10-10 15:44:08 +02:00
7590a11389
CiOptions: Simplifies the way CI.dll base address is recovered
...
Instead of using the kernel R/W primitive, uses userland API to enumerate
kernel modules
2023-10-09 16:30:36 +02:00
0a817fea93
g_CiOptions patching: fixed a crash
2023-10-09 14:59:10 +02:00
0b0086ea92
cosmetic changes & compiler warnings fixes
2023-10-09 14:57:49 +02:00
43cea1f08b
small cleanup in header files
2023-10-06 16:12:52 +02:00
7be844b518
Add feature : loading unsigned driver
2023-10-06 12:48:29 +02:00
0bbe76aab1
New BYOVD-driver support: GDRV.sys (GigaByte)
2023-10-06 12:45:28 +02:00
9939301140
ExtractOffsets.py: added safety check in version number recovery
2023-10-06 11:46:25 +02:00
a49f69b122
ExtractOffsets.py: adds an optionnal control on number of threads
2023-10-06 11:46:25 +02:00
e479bef8f5
Merge pull request #14 from v1k1ngfr/g_CiOptionExtract
...
Add g_CiOptions offset extract "feature"
2023-10-06 10:33:17 +02:00
5f82ba2efe
ExtractOffsets.py: minor syntactic, cosmetic and safety changes
2023-10-06 10:31:26 +02:00
75b0168045
Merge branch 'master' into g_CiOptionExtract
2023-10-06 10:24:05 +02:00
a561976b5d
Fix version parsing issue in offsets extractor
...
Now finding version information in the nested json file to prevent some
crashes and potentially retrieving more ntoskrnl.exe files
2023-10-05 15:11:16 +02:00
45d3ff5486
Fix concurrency issues in offsets extractor
...
Fixes the following:
* The progress not showing correctly when downloading and processing files.
I had to remove some verbose information to avoid the progress being rewritten
* Introducing locks when downloading files to prevent any race when printing
2023-10-05 14:34:58 +02:00
3ed5638366
New EDR drivers
...
This commit add some EDR drivers: BDSandBox.sys (BitDefender), MfeEEFF.sys mfprom.sys hdlpflt.sys (McAfee Inc.), TmFileEncDmk.sys (Trend Micro Inc.), psepfilter.sys (Absolute Software), cve.sys (Absolute Software Corp.), medlpflt.sys dsfa.sys cposfw.sys (Check Point Software), cpbak.sys (Checkpoint Software), SISIPSFileFilter.sys (Symantec Corp.), cbstream.sys cbk7.sys (Carbon Black) and dgdmk.sys (Verdasys Inc)
2023-09-22 16:14:11 +02:00
bafddfbced
Fixed a radare2 version parsing error in extractoffsets.py
2023-04-17 16:07:09 +02:00
7572f09ae3
[Bugfix] _fputts did not add a LF
2023-03-16 16:41:29 +01:00
a3966d34b3
Update CiOffsets.csv
2022-12-28 17:08:06 +01:00
919ec7dea1
Add CiOffsets.csv
...
It contains g_CiOptions offset for several ci.dll version
2022-12-11 11:02:21 +01:00
5f2734a888
Add g_CiOptions offset extract "feature"
...
Here is an example :
ExtractOffsets.py ci -i C:\Windows\System32\ci.dll
2022-12-06 18:13:53 +01:00
f760cd20bf
Remove possibility of crash when giving a malformed CSV
2022-11-15 16:38:40 +01:00
fe4ab633da
Ensure retrocompatibility with Windows XP->Windows 7
...
Replaced PathCch* function with Path* functions
2022-11-15 16:05:05 +01:00
5ac077e81f
Change compilation options to fix Debug build profile
2022-11-15 16:03:46 +01:00
f1a4d1c38c
Fixes a relative/absolute driver path problem with service registering
2022-11-07 16:29:38 +01:00
1dab1efdd6
Changed enum names in API
2022-08-22 10:45:23 +02:00
49fbc5d924
Updated README with ObRegisterCallbacks and offsets retrieval info
2022-08-19 22:20:46 +02:00
48a75a7029
D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more
...
Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com >
2022-08-13 09:23:48 -07:00
2e037a379b
Merge pull request #8 from xalicex/master
...
Add new Tehtris driver name
2022-06-17 18:26:24 +02:00
0109de4937
add new Tehtris driver
...
new name for the Tehtris driver
2022-06-15 11:36:31 +02:00
487047f9db
clarifies some parts of the README
2022-01-27 14:20:06 +01:00
e8671c36b7
Fixes a few typos in README & "usage" message
2022-01-27 11:37:20 +01:00
31df6f1db8
Fixes an error in CLI handling
2022-01-27 11:03:37 +01:00
744754ae04
Fixes typos in ExtractOffsets script
2022-01-17 23:51:05 +01:00
d29986ab80
Improved error verbosity
2022-01-17 17:19:21 +01:00
c058ff312a
[Offsets] adds new ntoskrnl offsets
2022-01-07 12:29:08 +01:00
cd0d983525
Update README.md
2022-01-07 10:02:29 +01:00
fa75dd9ec1
Header inclusion feng-shui (each file only includes what it needs)
2021-12-31 17:29:14 +01:00
4ae1872ae9
userland hooking audit: add an option to load arbitrary DLL before auditing
2021-12-31 16:02:50 +01:00
3c81bd4f26
execute userland hook removal before kerneland tampering activity
2021-12-31 15:52:28 +01:00
d676ff82f5
Added some safety check in hook resolving code
2021-12-08 18:24:27 +01:00
7587511330
Merge pull request #2 from JohnLaTwC/patch-1
...
Fix potential buffer overrun in credguard disable
2021-12-08 18:18:19 +01:00
Maxime Meignan