Mirrors/wavestone-cdt-edrsandblast
1
0
Fork 0
mirror of https://github.com/wavestone-cdt/EDRSandblast.git synced 2026-06-08 16:37:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f760cd20bf3d1ee5f736ad94fb2e22010ffd0718
wavestone-cdt-edrsandblast/EDRSandblast/Includes/ETWThreatIntel.h
T

23 lines
569 B
C
Raw Blame History

/*
--- ETW Threat Intelligence operations.
--- Inspiration and credit: https://public.cnotools.studio/bring-your-own-vulnerable-kernel-driver-byovkd/exploits/data-only-attack-neutralizing-etwti-provider
*/
#pragma once
#include <Windows.h>
#define DISABLE_PROVIDER 0x0
#define ENABLE_PROVIDER 0x1
DWORD64 GetEtwThreatIntProvRegHandleAddress();
DWORD64 GetEtwThreatInt_ProviderEnableInfoAddress(BOOL verbose);
void DisableETWThreatIntelProvider(BOOL verbose);
void EnableETWThreatIntelProvider(BOOL verbose);
BOOL isETWThreatIntelProviderEnabled(BOOL verbose);
Reference in New Issue View Git Blame Copy Permalink