A simple C++ script that first checks if NtProtectVirtualMemory
and NtAllocateVirtualMemory
are hooked or not. Then it loads the ntdll.dll
with LoadLibrary and gets the address of the function EtwEventWrite
using GetProcAddress. Finally, it writes the patch bytes into the process.
-
Notifications
You must be signed in to change notification settings - Fork 0
Gurpreet06/ETW-Patcher
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Bypassing Event Tracing for Windows (ETW) with CSharp