Skip to content
/ ETW-Patcher Public

Bypassing Event Tracing for Windows (ETW) with CSharp

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Gurpreet06/ETW-Patcher

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

README.md

README.md

 
 

main.cpp

main.cpp

 
 

Repository files navigation

ETW-Patcher

A simple C++ script that first checks if NtProtectVirtualMemory and NtAllocateVirtualMemory are hooked or not. Then it loads the ntdll.dll with LoadLibrary and gets the address of the function EtwEventWrite using GetProcAddress. Finally, it writes the patch bytes into the process.

Usage

  • Without ETW bypass. image

  • With ETW bypass. image

About

Bypassing Event Tracing for Windows (ETW) with CSharp

Topics

hacking etw offsec offsensive-security etw-evasion etw-agent

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages