GitHub - ProcessusT/UnhookingDLL: This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

ProcessusT / UnhookingDLL Public

Notifications You must be signed in to change notification settings
Fork 11
Star 67

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

67 stars 11 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
.gitattributes		.gitattributes
README.md		README.md
UnhookingDLL.cpp		UnhookingDLL.cpp
unhooking.PNG		unhooking.PNG

Repository files navigation

C++ template for DLL Unhooking + ETW patching

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Stolen from :

- https://github.com/TheD1rkMtr
- https://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++
- https://github.com/Hagrid29/RemotePatcher/blob/main/RemotePatcher/RemotePatcher.cpp

About

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

etw shellcode bypass process-hollowing edr dll-unhooking

Report repository

Languages

C++ 100.0%