Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added -pse mode to run a program as ProtectedProcessLight-AntiMalware #44

Merged
merged 6 commits into from
Nov 30, 2022
Merged

Added -pse mode to run a program as ProtectedProcessLight-AntiMalware #44

merged 6 commits into from
Nov 30, 2022

Conversation

pathtofile
Copy link

This enables exploration of running PPL Processes, which can do things such a interact with the Microsoft-Threat-Intelligence ETW Provider.

Also added a few fixes such as:

  • Using MFC as a static lib for easier deployment to testing machine
  • Added output folders to .gitignore to keep git tree clean
  • Explicit DLLExport of gProvTable

@hfiref0x
Copy link
Owner

Hello,

thanks for your interest in this project. You are additions are fine but I have some questions regarding some parts, would you mind answering on them?

@hfiref0x hfiref0x added the enhancement New feature or request label Nov 30, 2022
@pathtofile
Copy link
Author

Hey @hfiref0x , sorry, when I first cloned the repo I was getting missing MFC and DLL import errors, but I've re-cloned the repo and it all works fine, so I've removed all those changes

@hfiref0x hfiref0x changed the base branch from master to dev128 November 30, 2022 22:47
@hfiref0x hfiref0x merged commit 154faf7 into hfiref0x:dev128 Nov 30, 2022
@hfiref0x hfiref0x mentioned this pull request Nov 30, 2022
Merged
hfiref0x added a commit that referenced this pull request Dec 3, 2022
@hfiref0x
Merge pull request #45 from hfiref0x/dev128
4332d1a 
Added -pse mode to run a program as ProtectedProcessLight-AntiMalware (PPL-AM) #44 
Added asrdrv106 as provider 28 (CVE-2020-15368)
Added ALSysIO64 as provider 29
Internal rearrange
Readme updated
Beta 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hfiref0x hfiref0x hfiref0x left review comments

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pathtofile @hfiref0x