search

🎫ETW Patcher (Bypassing Antivirus)

Bypassing Event Tracing for Windows (ETW) with CSharp

LogoGitHub - Gurpreet06/ETW-Patcher: Bypassing Event Tracing for Windows (ETW) with CSharpGitHubchevron-right

A simple C++ script that first checks if NtProtectVirtualMemory and NtAllocateVirtualMemory are hooked or not. Then it loads the ntdll.dll with LoadLibrary and gets the address of the function EtwEventWrite using GetProcAddress. Finally, it writes the patch bytes into the process.

hashtag
Usage

  • Without ETW bypass.

  • With ETW bypass.

PreviousHellCat (EDR-Escaper)NextPRPT (Bypassing Antivirus)

Last updated