I'm reading this document: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection-reference?view=o365-worldwide
In older OS, EMET injects a DLL into the process. On latest Windows EMET is implemented by windows directly. I'm wondering which DLL implements it? I'll then look into it with IDA.
