{"id":17383515,"url":"https://github.com/processust/unhookingdll","last_synced_at":"2025-10-16T02:05:56.086Z","repository":{"id":82910295,"uuid":"604351258","full_name":"ProcessusT/UnhookingDLL","owner":"ProcessusT","description":"This script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing","archived":false,"fork":false,"pushed_at":"2024-02-11T18:12:34.000Z","size":46,"stargazers_count":68,"open_issues_count":0,"forks_count":12,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-03-28T19:07:25.278Z","etag":null,"topics":["bypass","dll-unhooking","edr","etw","process-hollowing","shellcode"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ProcessusT.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-20T21:55:19.000Z","updated_at":"2025-03-24T02:27:31.000Z","dependencies_parsed_at":null,"dependency_job_id":"41bbd3a8-1f04-4a9f-9855-6062e12aa89d","html_url":"https://github.com/ProcessusT/UnhookingDLL","commit_stats":null,"previous_names":["processust/unhookingdll","processus-thief/unhookingdll"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FUnhookingDLL","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FUnhookingDLL/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FUnhookingDLL/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ProcessusT%2FUnhookingDLL/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ProcessusT","download_url":"https://codeload.github.com/ProcessusT/UnhookingDLL/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249048713,"owners_count":21204305,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass","dll-unhooking","edr","etw","process-hollowing","shellcode"],"created_at":"2024-10-16T07:43:00.912Z","updated_at":"2025-10-16T02:05:56.014Z","avatar_url":"https://github.com/ProcessusT.png","language":"C++","readme":"\u003ch2\u003e C++ template for DLL Unhooking + ETW patching \u003c/h2\u003e\n\n\u003cbr /\u003e\n\n\n\u003cdiv align=\"center\" width=\"100%\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/ProcessusT/UnhookingDLL/main/unhooking.PNG\" width=\"70%;\"\u003e\n\u003c/div\u003e\n\n\u003cbr /\u003e\u003cbr /\u003e\n\u003chr /\u003e\n\u003cbr /\u003e\nThis script is used to bypass DLL Hooking using a fresh mapped copy of ntdll file, patch the ETW and trigger a shellcode with process hollowing\n\u003cbr /\u003e\u003cbr /\u003e\nStolen from :\u003cbr /\u003e\n\u003cbr /\u003e\n- \u003ca href=\"https://github.com/TheD1rkMtr\"\u003ehttps://github.com/TheD1rkMtr\u003c/a\u003e\u003cbr /\u003e\n- \u003ca href=\"https://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++\"\u003ehttps://www.ired.team/offensive-security/defense-evasion/how-to-unhook-a-dll-using-c++\u003c/a\u003e\u003cbr /\u003e\n- \u003ca href=\"https://github.com/Hagrid29/RemotePatcher/blob/main/RemotePatcher/RemotePatcher.cpp\"\u003ehttps://github.com/Hagrid29/RemotePatcher/blob/main/RemotePatcher/RemotePatcher.cpp\u003c/a\u003e\u003cbr /\u003e\u003cbr /\u003e\n\u003cbr /\u003e\n\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprocessust%2Funhookingdll","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fprocessust%2Funhookingdll","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fprocessust%2Funhookingdll/lists"}