SyscallPack

Beacon Object File and Shellcode for full DLL unhooking.

Get handle to hooked DLL
Get dynamic Syscalls for NtOpenSection and NtMapViewOfSection
Load unhooked DLL from /KnownDlls/
Patch hooked functions
Unload unhooked DLL

unhook-PIC

Unhook ntdll.dll with shellcode. Only support for x64 atm! Convert pic exe to shellcode format with for i in $(objdump -d compiled/unhook-pic.exe |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo

unhook-BOF

Unhook all hooked functions for a specified DLL

Acknowledgements

Heavily inspired by Conti Locker
addresshunter.h from @ParanoidNinja
@peterwintrsmith for Parallelsyscalls

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
Images		Images
SyscallPack		SyscallPack
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

SyscallPack

unhook-PIC

unhook-BOF

Acknowledgements

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

SyscallPack

unhook-PIC

unhook-BOF

Acknowledgements

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages