GitHub

                   ___  ___  ________   ___  ___  ________  ________  ___  __       
                  |\  \|\  \|\   ___  \|\  \|\  \|\   __  \|\   __  \|\  \|\  \     
                  \ \  \\\  \ \  \\ \  \ \  \\\  \ \  \|\  \ \  \|\  \ \  \/  /|_   
                   \ \  \\\  \ \  \\ \  \ \   __  \ \  \\\  \ \  \\\  \ \   ___  \  
                    \ \  \\\  \ \  \\ \  \ \  \ \  \ \  \\\  \ \  \\\  \ \  \\ \  \ 
                     \ \_______\ \__\\ \__\ \__\ \__\ \_______\ \_______\ \__\\ \__\
                      \|_______|\|__| \|__|\|__|\|__|\|_______|\|_______|\|__| \|__|

                                -------a base lib to unhook NTDLL------

Unhook is a base lib aiming to show different techniques to unhook NTDLL & use a proper version of it.

Note

Consider using NTFUNCTIONS (Syscalls) for stealth. I only used base WinApi function for demo.

Techniques :

Read from disk : Read NTDLL from Disk.
Map from disk : Map NTDLL from Disk.
Suspended process : Retrieve NTDLL from a newly created process in SUSPENDED_MODE.

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
README.md		README.md
header.hpp		header.hpp
mapdisk.cpp		mapdisk.cpp
process.cpp		process.cpp
readdisk.cpp		readdisk.cpp

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Techniques :

About

Releases

Packages

Languages

Yekuuun/unhooking

Folders and files

Latest commit

History

Repository files navigation

Techniques :

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages