Inline syscalls made for MSVC supporting x64 and WOW64
-
Updated
Jul 10, 2023 - C++
Inline syscalls made for MSVC supporting x64 and WOW64
A Dropper POC with a focus on aiding in EDR evasion, NTDLL Unhooking followed by loading ntdll in-memory, which is present as shellcode (using pe2shc by @hasherezade). Payload encryption via SystemFucntion033 NtApi and No new thread via Fiber
Bypass the Event Trace Windows(ETW) and unhook ntdll.
Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder, a debugged process or a URL
Add a description, image, and links to the ntdll-unhooking topic page so that developers can more easily learn about it.
To associate your repository with the ntdll-unhooking topic, visit your repo's landing page and select "manage topics."