Skip to content
/ UnhookingDLL Public
forked from ProcessusT/UnhookingDLL

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

1 star 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nclv/UnhookingDLL

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
UnhookingDLL.cpp
UnhookingDLL.cpp
 
 
unhooking.PNG
unhooking.PNG
 
 

Repository files navigation

C++ template for DLL Unhooking + ETW patching





This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Stolen from :

- https://github.com/TheD1rkMtr
- https://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++
- https://github.com/Hagrid29/RemotePatcher/blob/main/RemotePatcher/RemotePatcher.cpp

About

This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 100.0%