detects EDR hooks and identify the "hooking" module, the code assumes the EDR (more than one actually does this) patch consists of a relative jump to a function in ntdll that is stomped with a trampoline.
-
Notifications
You must be signed in to change notification settings - Fork 0
Salto7/Detect_hooks
About
detects EDR hooks and locate the hooking module
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published