Skip to content

trickster0/LdrLoadDll-Unhooking

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 

Repository files navigation

LdrLoadDll-Unhooking

This is a proof of concept of bypassing(unhooking) the hook of potential EDRs, in using an unhooked version of LdrLoadDll to load DLLs.
This is basically a reroute of the initial instruction of LdrLoadDll that will be executed in private memory and then reroute back into the normal code of LdrLoadDll,
Which is better for OPSEC since, all the calls looks like they are coming directly from the NTDLL anyway.
Why did I make this? Certain NTDLL export functions do not follow the SYSCALL procedure, hence this specific function like a few others need to be handled in a different manner.

About

LdrLoadDll Unhooking

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages