Documentation
¶
Overview ¶
Package evade is a package that contains functions that can be used to evade detection and disrupt defender tactics.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CheckDLL ¶
CheckDLL is a similar function to ReloadDLL. This function will return 'true' and 'nil' if the contents in memory match the contents of the file on disk. Otherwise it returns false.
Always returns 'ErrNoWindows' on non-Windows devices.
func ReloadDLL ¶
ReloadDLL is a function shamelessly stolen from the sliver project. This function will read a DLL file from on-disk and rewrite over it's current in-memory contents to erase any hooks placed on function calls.
Re-mastered and refactored to be less memory hungry and easier to read :P
Orig src here:
https://github.com/BishopFox/sliver/blob/f94f0fc938ca3871390c5adfa71bf4edc288022d/implant/sliver/evasion/evasion_windows.go#L116
Always returns 'ErrNoWindows' on non-Windows devices.
func ZeroTraceEvent ¶
func ZeroTraceEvent() error
ZeroTraceEvent will attempt to zero out the NtTraceEvent function call with a NOP.
This will return an error if it fails.
This is just a wrapper for the winapi function call as we want to keep the function body in winapi for easy crypt wrapping.
Always returns 'ErrNoWindows' on non-Windows devices.
Types ¶
This section is empty.
Source Files