From a4b76ac8de5a212b31553f7d7877ab9b4149144c Mon Sep 17 00:00:00 2001
From: Filip Olszak <32537788+xinbailu@users.noreply.github.com>
Date: Tue, 6 Apr 2021 10:46:05 +0200
Subject: [PATCH 1/2] Delete .editorconfig

---
 .editorconfig | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 .editorconfig

diff --git a/.editorconfig b/.editorconfig
deleted file mode 100644
index 927deaf8..00000000
--- a/.editorconfig
+++ /dev/null
@@ -1,5 +0,0 @@
-# Rules in this file were initially inferred by Visual Studio IntelliCode from the C:\Users\olszfi\Downloads\PPLRunner-1.0\PPLRunner-1.0 codebase based on best match to current usage at 31/03/2021
-# You can modify the rules from these initially generated values to suit your own policies
-# You can learn more about editorconfig here: https://docs.microsoft.com/en-us/visualstudio/ide/editorconfig-code-style-settings-reference
-[*.cs]
-

From ddf958b4c6905be5be8e7aed569c791b3cefa814 Mon Sep 17 00:00:00 2001
From: Filip Olszak <32537788+xinbailu@users.noreply.github.com>
Date: Thu, 8 Apr 2021 17:43:08 +0200
Subject: [PATCH 2/2] Update README.md

---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index f0250aa0..a55f749a 100644
--- a/README.md
+++ b/README.md
@@ -22,3 +22,14 @@ An accompanying blog post can be found here: https://blog.redbluepurple.io/windo
 - [ ] Risk based detection lifecycle 
 
 ### Setup instructions
+Assuming you do not have a Microsoft-trusted signing certificate:
+- Put your machine in the test signing mode with bcdedit
+- Generate a self-signed certificate with ELAM and Code Signing EKU 
+- Sign TiEtwAgent.exe and your ELAM driver with the certificate 
+- ./TiEtwAgent install
+- net start TiEtwAgent
+- Look for logs, by default in C:\Windows\Temp\TiEtwAgent.txt
+
+PS. If you do not want to write an ELAM driver, you can get one from https://github.com/pathtofile/PPLRunner/tree/main/elam_driver
+
+Special thanks to @pathtofile for the post here: https://blog.tofile.dev/2020/12/16/elam.html