Giters

RedLectroid / APIunhooker

C++ function that will automagically unhook a specified Windows API

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

APIunhooker

C++ function that will automagically unhook a specified Windows API

Simply add the functions to whatever you need it for, and call the function with unhookAPI([APIname]);

ex. unhookAPI("NtReadVirtualMemory");

Currently it has ntdll hardcoded, but there is no reason why you couldn't use it to unhook any other API. Make sure you use the full path for the dll.

Use it as many times as needed in your code to unhook all the APIs you want/need to for whatever reason.

There are some debugging printf you might want to remove for stealth reasons, but I left them for your testing.

This tool is based off this article https://ired.team/offensive-security/defense-evasion/bypassing-cylance-and-other-avs-edrs-by-unhooking-windows-apis by @spotheplanet

About

C++ function that will automagically unhook a specified Windows API

Languages

Language:C++ 100.0%