Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/aigptcode/no-logs-no-crime-fuck-etw

Python version Bypass the Event Trace Windows(ETW) and unhook ntdll.
https://github.com/aigptcode/no-logs-no-crime-fuck-etw

fud fud-crypter fud-rat fud-stealer hack hacking hacking-tool hidden log malware malwares openai python python3 ransomeware rat trojan windows worm

Last synced: 6 days ago
JSON representation

Python version Bypass the Event Trace Windows(ETW) and unhook ntdll.

Host: GitHub
URL: https://github.com/aigptcode/no-logs-no-crime-fuck-etw
Owner: AiGptCode
Created: 2023-09-27T12:41:41.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-12-13T03:46:39.000Z (about 2 months ago)
Last Synced: 2024-12-13T04:25:55.112Z (about 2 months ago)
Topics: fud, fud-crypter, fud-rat, fud-stealer, hack, hacking, hacking-tool, hidden, log, malware, malwares, openai, python, python3, ransomeware, rat, trojan, windows, worm
Language: Python
Homepage:
Size: 24.4 KB
Stars: 10
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        ## NO LOGS NO CRIME ! 

 

# 「⚙️」python version Bypass ETW & Ntdll Unhooking

Bypass the Event Trace Windows(ETW) and unhook ntdll.

 

```

         _______           _______  _        _______ _________

        (  ____ \|\     /|(  ____ \| \    /\(  ____ \\__   __/|\     /|

        | (    \/| )   ( || (    \/|  \  / /| (    \/   ) (   | )   ( |

        | (__    | |   | || |      |  (_/ / | (__       | |   | | _ | |

        |  __)   | |   | || |      |   _ (  |  __)      | |   | |( )| |

        | (      | |   | || |      |  ( \ \ | (         | |   | || || |

        | )      | (___) || (____/\|  /  \ \| (____/\   | |   | () () |

        |/       (_______)(_______/|_/    \/(_______/   )_(   (_______)

                                

                                        [v1.0]

 

[i] Hooked Ntdll Base Address : 0x00007FFA9A110000

[i] Unhooked Ntdll Base Address: 0x00007FF7C970F000

[+] PID Of The Current Proccess: [1956]

[#] Ready For ETW Patch.

[+] Press  To Patch ETW ...

[+] ETW Patched, No Logs No Crime !

```

1. Displays a banner and initializes variables.

2. Opens the ntdll.dll file using `CreateFileA`.

3. Creates a file mapping using `CreateFileMappingA` with the `PAGE_READONLY` and `SEC_IMAGE` flags.

4. Maps the file into memory using `MapViewOfFile`.

5. Calls the `UnhookNTDLL` function to unhook the Ntdll.dll library.

6. Displays the address of the unhooked Ntdll base.

7. Cleans up the mapped file and handles.

8. Displays the current process ID and waits for user input.

9. Calls the `FuckEtw` function to patch the ETW.

10. Displays a message indicating that the ETW has been patched.