SyscallPack
SyscallPack copied to clipboard

Published 20 hours ago •

cube0x0

→

Metadata

BOF and Shellcode for full DLL unhooking using dynamic syscalls

Readme
Issues

SyscallPack

Beacon Object File and Shellcode for full DLL unhooking.

Get handle to hooked DLL
Get dynamic Syscalls for NtOpenSection and NtMapViewOfSection
Load unhooked DLL from /KnownDlls/
Patch hooked functions
Unload unhooked DLL

unhook-PIC

Unhook ntdll.dll with shellcode. Only support for x64 atm! Convert pic exe to shellcode format with for i in $(objdump -d compiled/unhook-pic.exe |grep "^ " |cut -f2); do echo -n '\x'$i; done; echo

unhook-BOF

Unhook all hooked functions for a specified DLL

Acknowledgements

Heavily inspired by Conti Locker
addresshunter.h from @ParanoidNinja
@peterwintrsmith for Parallelsyscalls

About

BOF and Shellcode for full DLL unhooking using dynamic syscalls

226

Stars

47

Forks

Watchers

Owner

cube0x0

← Metadata

226

Stars

47

Forks

Watchers

Owner

cube0x0

Metadata

BOF and Shellcode for full DLL unhooking using dynamic syscalls

Back

SyscallPack SyscallPack copied to clipboard

Metadata

SyscallPack

unhook-PIC

unhook-BOF

Acknowledgements

← Metadata

Owner

Metadata

SyscallPack
SyscallPack copied to clipboard