Skip to content
/ EventLogBypass Public

Terminate the eventlog thread to disable the windows eventlog

20 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hack2fun/EventLogBypass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
EventLogBypass.go
EventLogBypass.go
 
 
README.md
README.md
 
 
img.gif
img.gif
 
 

Repository files navigation

EventLogBypass

Terminate the thread of the log service to disable the system log function, but the log service is still running

Usage

You can run the following command to get the PID of the corresponding process svchost.exe of eventlog service

powershell -c "Get-WmiObject -Class win32_service -Filter \"name = 'eventlog'\" | select -exp ProcessId"

EventLogBypass.exe pid

gif

Restore Eventlog Service

taskkill /F /pid pid && net start eventlog

Reference

Learn from 3gstudent's blog

https://github.com/3gstudent/Windows-EventLog-Bypass

About

Terminate the eventlog thread to disable the windows eventlog

Resources

Readme
Activity

Stars

20 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages