 Maxime Meignan
|
3ee6780751
|
add documentation for minifilter-related functions
|
2023-11-29 14:35:23 +01:00 |
|
|
Maxime Meignan
|
e567c488ff
|
[new feature] Implements EDR minifilter callbacks detection and removal
Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
|
2023-11-29 14:32:35 +01:00 |
|
|
Maxime Meignan
|
4c2449cfd4
|
Changed the way found callbacks are stored (removed the size limit)
|
2023-11-29 14:25:39 +01:00 |
|
|
Maxime Meignan
|
5bfd633022
|
Various cosmetic changes
|
2023-11-29 00:03:46 +01:00 |
|
|
Maxime Meignan
|
f15471d12c
|
DSE bypass : implemented "callback swapping" method
The new default method for unsigned driver loading uses a KDP compatible
technique, since it does not overwrite the protected variable g_CiOptions.
Based on the work of: https://github.com/0mWindyBug/KDP-compatible-driver-loader
Co-authored-by: Windy Bug <139051196+0mWindyBug@users.noreply.github.com>
|
2023-11-03 15:13:36 +01:00 |
|
|
Maxime Meignan
|
7590a11389
|
CiOptions: Simplifies the way CI.dll base address is recovered
Instead of using the kernel R/W primitive, uses userland API to enumerate
kernel modules
|
2023-10-09 16:30:36 +02:00 |
|
|
Maxime Meignan
|
0b0086ea92
|
cosmetic changes & compiler warnings fixes
|
2023-10-09 14:57:49 +02:00 |
|
|
Maxime Meignan
|
43cea1f08b
|
small cleanup in header files
|
2023-10-06 16:12:52 +02:00 |
|
|
v1k1ngfr
|
7be844b518
|
Add feature : loading unsigned driver
|
2023-10-06 12:48:29 +02:00 |
|
|
Maxime Meignan
|
49fbc5d924
|
Updated README with ObRegisterCallbacks and offsets retrieval info
|
2022-08-19 22:20:46 +02:00 |
|
|
Qazeer
|
48a75a7029
|
D3FC0N 30 release: Obj callbacks, firewalling, symbols w/ internet, and more
Co-authored-by: Maxime Meignan <maxime.meignan@wavestone.com>
|
2022-08-13 09:23:48 -07:00 |
|