mirror of
https://github.com/wavestone-cdt/EDRSandblast.git
synced 2026-06-08 16:37:12 +00:00
Maxime Meignan
7590a11389
Instead of using the kernel R/W primitive, uses userland API to enumerate kernel modules
9 lines
355 B
C
9 lines
355 B
C
#pragma once
|
|
#include <Windows.h>
|
|
|
|
DWORD64 FindNtoskrnlBaseAddress(void);
|
|
DWORD64 FindKernelModuleAddressByName(_In_ LPTSTR name);
|
|
TCHAR* FindDriverName(DWORD64 address, _Out_opt_ PDWORD64 offset);
|
|
TCHAR* FindDriverPath(DWORD64 address);
|
|
DWORD64 GetKernelFunctionAddress(LPCSTR function);
|
|
TCHAR* FindDriverName(DWORD64 address, _Out_opt_ PDWORD64 offset); |