search

Xacone / BestEdrOfTheMarket

Little user-mode AV/EDR evasion lab for training & learning purposes
https://xacone.github.io/BestEdrOfTheMarketV2.html
MIT License
947 stars 103 forks source link

Routines not catched in call stack monitoring mode #8

Closed Xacone closed 3 months ago

Xacone commented 6 months ago

Some routines aren't catched despite having specified them.

Xacone commented 6 months ago

I'm aware of that problem which will be fully fixed in the next release by totally revisiting the way call stacks monitoring is done.

Xacone commented 3 months ago

Threads stack anaysis will be trigerred from instrumentation callbacks pipe in beotm 1.1.0

https://github.com/Xacone/BestEdrOfTheMarket/commit/005b9a0ad0c78c00e2160a35787b167794889c22