Home Explore Help
Sign In
zhensolid
/
OperatorsKit
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
OperatorsKit
/
KIT
/
SilenceSysmon
/
silencesysmon.h

silencesysmon.h 1.2 KB
Permalink History Raw

12345678910111213141516171819202122232425 
  1. #include <windows.h>  
    2. 

  2. 

  3. #pragma comment (lib, "advapi32")
    4. 

  4. #pragma comment(lib, "mscoree.lib")
    5. 

  5. 

  6. #define ENABLE 1
    7. 

  7. #define DISABLE 0
    8. 

  8. 

  9. 

  10. //SetPrivilege
    11. 

  11. DECLSPEC_IMPORT BOOL WINAPI Advapi32$OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle);
    12. 

  12. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$GetCurrentProcess();
    13. 

  13. DECLSPEC_IMPORT BOOL WINAPI Advapi32$LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid);
    14. 

  14. DECLSPEC_IMPORT BOOL WINAPI Advapi32$AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength);
    15. 

  15. DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(void);
    16. 

  16. 

  17. //SilentSysmon
    18. 

  18. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T  *lpNumberOfBytesWritten);
    19. 

  19. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$FlushInstructionCache(HANDLE hProcess, LPCVOID lpBaseAddress, SIZE_T dwSize);
    20. 

  20. 

  21. //main
    22. 

  22. DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$OpenProcess(DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId);
    23. 

  23. DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CloseHandle(HANDLE hObject);
    24. 

  24. WINBASEAPI int __cdecl MSVCRT$printf(const char * _Format,...);
    25. 

  25.