Skip to content

Commit

Permalink
Merge branch 'master' of https://github.com/xinbailu/TiEtwAgent
Browse files Browse the repository at this point in the history
  • Loading branch information
Filip Olszak committed Apr 8, 2021
2 parents 6db0251 + ddf958b commit 1f0a54c
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 5 deletions.
5 changes: 0 additions & 5 deletions .editorconfig
View file

This file was deleted.

11 changes: 11 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,14 @@ An accompanying blog post can be found here: https://blog.redbluepurple.io/windo
- [ ] Risk based detection lifecycle

### Setup instructions
Assuming you do not have a Microsoft-trusted signing certificate:
- Put your machine in the test signing mode with bcdedit
- Generate a self-signed certificate with ELAM and Code Signing EKU
- Sign TiEtwAgent.exe and your ELAM driver with the certificate
- ./TiEtwAgent install
- net start TiEtwAgent
- Look for logs, by default in C:\Windows\Temp\TiEtwAgent.txt

PS. If you do not want to write an ELAM driver, you can get one from https://github.com/pathtofile/PPLRunner/tree/main/elam_driver

Special thanks to @pathtofile for the post here: https://blog.tofile.dev/2020/12/16/elam.html

0 comments on commit 1f0a54c

Please sign in to comment.