evasion

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2023 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Rendered for windows/amd64

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Patch 

func Patch(module string, proc string, data *[]byte) (string, error)

Patch will find the target procedure and overwrite the start of its function with the provided bytes. Used to for evasion to patch things like amsi.dll!AmsiScanBuffer or ntdll.dll!EtwEvenWrite

func Read 

func Read(module string, proc string, byteLength int) ([]byte, error)

Read will find the target module and procedure address and then read its byteLength

func ReadBanana 

func ReadBanana(module string, proc string, byteLength int) ([]byte, error)

ReadBanana will find the target procedure and overwrite the start of its function with the provided bytes directly using the NtReadVirtualMemory syscall

func Write 

func Write(module string, proc string, data *[]byte) error

Write will find the target module and procedure and overwrite the start of the function with the provided bytes

func WriteBanana 

func WriteBanana(module string, proc string, data *[]byte) error

WriteBanana will find the target module and procedure and overwrite the start of the function with the provided bytes using the ZwWriteVirtualMemory syscall directly

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.