patch

package
v0.0.0-...-823cc7c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2022 License: GPL-3.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var PatchCmd = &cobra.Command{
	Use:   "patch",
	Short: "Patch the specified function",
	Long:  ``,
	Run: func(cmd *cobra.Command, args []string) {

		if ppid {
			fmt.Printf("PPID: %d\n", os.Getppid())
			os.Exit(0)
		}

		if pid == 0 {
			cmd.Help()
			fmt.Println("\n[!] Required flag \"pid\" not set")
			os.Exit(0)
		}

		m := strings.ToLower(method)
		if m == "amsi" {
			err := PatchAmsi(pid)
			if err != nil {
				fmt.Println(err)
				os.Exit(1)
			}

			fmt.Printf("Successfully patched AMSI.AmsiOpenSession in remote process with PID: %d\n", pid)
		} else if m == "etw" {
			err := PatchETW(pid)
			if err != nil {
				fmt.Println(err)
				os.Exit(1)
			}

			fmt.Printf("Successfully patched NTDLL.EtwEventWrite in remote process with PID: %d\n", pid)
		} else {
			fmt.Printf("Invalid method provided: %s\n", method)
		}
	},
}

PatchCmd represents the patch command

Functions

func PatchAmsi 

func PatchAmsi(pid int) error

Amsi bypass by injecting into the provided PID and overwriting the AMSI.AmsiOpenSession function

func PatchETW 

func PatchETW(pid int) error

ETW bypass by injecting into the provided PID and overwriting the NTDLL.EtwEventWrite function

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.