github.com/iDigitalFlame/xmt@v0.5.4/device/evade.go (about)

     1  // Copyright (C) 2020 - 2023 iDigitalFlame
     2  //
     3  // This program is free software: you can redistribute it and/or modify
     4  // it under the terms of the GNU General Public License as published by
     5  // the Free Software Foundation, either version 3 of the License, or
     6  // any later version.
     7  //
     8  // This program is distributed in the hope that it will be useful,
     9  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    10  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11  // GNU General Public License for more details.
    12  //
    13  // You should have received a copy of the GNU General Public License
    14  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    15  //
    16  
    17  package device
    18  
    19  const (
    20  	// EvadeWinPatchTrace is an evasion flag that instructs the client to patch
    21  	// ETW tracing functions.
    22  	EvadeWinPatchTrace uint8 = 1 << iota
    23  	// EvadeWinPatchAmsi is an evasion flag that instructs the client to patch
    24  	// Amsi detection functions.
    25  	EvadeWinPatchAmsi
    26  	// EvadeWinHideThreads is an evasion flag that instructs the client to hide
    27  	// all of it's current threads from debuggers.
    28  	EvadeWinHideThreads
    29  	// EvadeEraseHeader is an evasion flag that instructs the client to hide it's
    30  	// binary presense and prevent debugging by zeroing out it's PE stub in memory.
    31  	// This should only be used if we /own/ and are the binary.
    32  	EvadeEraseHeader
    33  	// EvadeAll does exactly what it says, enables ALL Evasion functions.
    34  	EvadeAll uint8 = 0xFF
    35  )