https://github.com/tadghh/windows-api-playground

Powershell and Win32 apis an attempt to covertly modify lastwritetime on files
https://github.com/tadghh/windows-api-playground

Last synced: 3 months ago
JSON representation

Powershell and Win32 apis an attempt to covertly modify lastwritetime on files

Host: GitHub
URL: https://github.com/tadghh/windows-api-playground
Owner: tadghh
Created: 2023-12-09T21:36:23.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-12-09T21:49:01.000Z (over 1 year ago)
Last Synced: 2025-01-13T05:43:02.156Z (5 months ago)
Language: PowerShell
Homepage:
Size: 7.81 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Windows API Covert lastwritetime

I was trying to follow along with the following blog https://gtworek.github.io/PSBits/lastwritetime.html to modify the last write time without evidence appearing in the NTFS journal

A majority of the method declarations are ChatGPT goop mixed with Pinvoke https://www.pinvoke.net/

I'm not sure which of my method definitions are incorrect, could just be WriteFile or all of them. Pinvoke hasnt been maintined either and has a lot of graffiti

Main file is testRaw

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/tadghh/windows-api-playground

Awesome Lists containing this project

README