Skip to content
/ IndirectUnhook Public

NTDLL unhooking from suspended process via indirect syscalls.

License

GPL-3.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jakobfriedl/IndirectUnhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
IndirectUnhook
IndirectUnhook
 
 
.gitignore
.gitignore
 
 
IndirectUnhook.png
IndirectUnhook.png
 
 
IndirectUnhook.sln
IndirectUnhook.sln
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

IndirectUnhook

NTDLL Unhooking via retrieving a clean version of ntdll.dll from a suspended process, utilizing indirect syscalls using the HellsHall technique.

Features

  • NTDLL Unhooking from suspended process
  • Full implementation using indirect syscalls with HellsHall
  • Process creation using NtCreateUserProcess
  • API Hashing

Screenshots

Testing with hooked NtProtectVirtualMemory function:

IndirectUnhook

About

NTDLL unhooking from suspended process via indirect syscalls.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages