Uses p/invoke

ProgramAmsiEtwPatch also patches AmsiScanBuffer and EtwEventWrite

Tested with Meterpreter staged rev HTTPS payload (encode_shellcode.cs or py version is the code I used to encode the raw one)

ProgramAmsiEtwPatch.cs against SentinelOne (used Babel .net obfuscator - free version - twice on the resulting exe)

Program.cs against Defender