Home Arsenal Evasion & Stealth EDR Unhooking Library
EDR Unhooking Library
Versionv2.0
Difficulty Advanced
Downloads200
Rating (0.00)
Updated2025-02-20
CategoryEvasion & Stealth

EDR Unhooking Library

$349.99

EDR Unhooking Library

Restaura ntdll.dll limpia para eliminar hooks instalados por EDRs:

  • KnownDlls method — Carga copia limpia de ntdll desde \KnownDlls\ntdll.dll y reemplaza la .text section hookeada.
  • Disk read method — Lee ntdll.dll desde C:\Windows\System32\ y restaura bytes originales.
  • Suspended process — Crea proceso suspendido, lee su ntdll (aún no hookeada), usa esos bytes.
  • Direct syscalls fallback — Si unhooking falla, usa syscall stubs directos (Nt* functions) como alternativa.
  • Verification — Compara bytes de ntdll en memoria vs disco para confirmar que los hooks fueron removidos.
Add to Cart Buy Now

Reviews (0)

No reviews yet. Be the first!

Related Tools

AMSI Bypass Payload Generator
Evasion & Stealth

AMSI Bypass Payload Generator

$49.99
ETW Patching Module
Evasion & Stealth

ETW Patching Module

$149.99
Shellcode Loader with Sandbox Evasion
Evasion & Stealth

Shellcode Loader with Sandbox Evasion

$299.99
PowerShell Obfuscation Engine
Evasion & Stealth

PowerShell Obfuscation Engine

$79.99