Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-09 08:57:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f3147ecb8a2ebfeba17cbcbbcbf95d98fdaedf94
wavestone-cdt-edrsandblast/EDRSandblast/Includes/ETWThreatIntel.h
T
Maxime Meignan 907d6b0a87 Cleaning up some code
2021-11-10 16:19:41 +01:00

28 lines
673 B
C
Raw Blame History

/*
--- ETW Threat Intelligence operations.
--- Inspiration and credit: https://public.cnotools.studio/bring-your-own-vulnerable-kernel-driver-byovkd/exploits/data-only-attack-neutralizing-etwti-provider
*/
#pragma once
#include <Windows.h>
#include <Tchar.h>
#include <stdio.h>
#include "KernelMemoryPrimitives.h"
#include "NtoskrnlOffsets.h"
#define DISABLE_PROVIDER 0x0
#define ENABLE_PROVIDER 0x1
DWORD64 GetEtwThreatIntProvRegHandleAddress();
DWORD64 GetEtwThreatInt_ProviderEnableInfoAddress(BOOL verbose);
void DisableETWThreatIntelProvider(BOOL verbose);
void EnableETWThreatIntelProvider(BOOL verbose);
BOOL isETWThreatIntelProviderEnabled(BOOL verbose);
Reference in New Issue View Git Blame Copy Permalink