mirror of
https://github.com/wavestone-cdt/EDRSandblast.git
synced 2026-06-08 16:37:12 +00:00
Qazeer
24 lines
506 B
C
24 lines
506 B
C
/*
|
|
* Primitives to check if a binary or driver belongs to an EDR product.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <Windows.h>
|
|
#include <Tchar.h>
|
|
|
|
#include "SignatureOps.h"
|
|
|
|
TCHAR const* EDR_SIGNATURE_KEYWORDS[];
|
|
TCHAR const* EDR_BINARIES[];
|
|
TCHAR const* EDR_DRIVERS[];
|
|
|
|
BOOL isFileSignatureMatchingEDR(TCHAR* filePath);
|
|
|
|
BOOL isBinaryNameMatchingEDR(TCHAR* binaryName);
|
|
|
|
BOOL isBinaryPathMatchingEDR(TCHAR* binaryPath);
|
|
|
|
BOOL isDriverNameMatchingEDR(TCHAR* driverName);
|
|
|
|
BOOL isDriverPathMatchingEDR(TCHAR* driverPath); |