evade

package
v0.3.1-b3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 16, 2022 License: GPL-3.0 Imports: 1 Imported by: 0

Documentation

Overview

Package evade is a package that contains functions that can be used to evade detection and disrupt defender tactics.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckDLL

func CheckDLL(_ string) (bool, error)

CheckDLL is a similar function to ReloadDLL. This function will return 'true' and 'nil' if the contents in memory match the contents of the file on disk. Otherwise it returns false.

Always returns 'ErrNoWindows' on non-Windows devices.

func ReloadDLL

func ReloadDLL(_ string) error

ReloadDLL is a function shamelessly stolen from the sliver project. This function will read a DLL file from on-disk and rewrite over it's current in-memory contents to erase any hooks placed on function calls.

Re-mastered and refactored to be less memory hungry and easier to read :P

Orig src here:

https://github.com/BishopFox/sliver/blob/f94f0fc938ca3871390c5adfa71bf4edc288022d/implant/sliver/evasion/evasion_windows.go#L116

Always returns 'ErrNoWindows' on non-Windows devices.

func ZeroTraceEvent added in v0.2.0

func ZeroTraceEvent() error

ZeroTraceEvent will attempt to zero out the NtTraceEvent function call with a NOP.

This will return an error if it fails.

This is just a wrapper for the winapi function call as we want to keep the function body in winapi for easy crypt wrapping.

Always returns 'ErrNoWindows' on non-Windows devices.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL