github.com/iDigitalFlame/xmt@v0.5.4/device/evade.go (about) 1 // Copyright (C) 2020 - 2023 iDigitalFlame 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU General Public License as published by 5 // the Free Software Foundation, either version 3 of the License, or 6 // any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU General Public License for more details. 12 // 13 // You should have received a copy of the GNU General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 // 16 17 package device 18 19 const ( 20 // EvadeWinPatchTrace is an evasion flag that instructs the client to patch 21 // ETW tracing functions. 22 EvadeWinPatchTrace uint8 = 1 << iota 23 // EvadeWinPatchAmsi is an evasion flag that instructs the client to patch 24 // Amsi detection functions. 25 EvadeWinPatchAmsi 26 // EvadeWinHideThreads is an evasion flag that instructs the client to hide 27 // all of it's current threads from debuggers. 28 EvadeWinHideThreads 29 // EvadeEraseHeader is an evasion flag that instructs the client to hide it's 30 // binary presense and prevent debugging by zeroing out it's PE stub in memory. 31 // This should only be used if we /own/ and are the binary. 32 EvadeEraseHeader 33 // EvadeAll does exactly what it says, enables ALL Evasion functions. 34 EvadeAll uint8 = 0xFF 35 )