Signal-Labs / iat_unhook_sample

(First Public?) Sample of unhooking ntdll (All Exports & IAT imports) hooks in Rust using in-memory disassembly, avoiding direct syscalls and all hooked functions (incl. hooked NtProtectVirtualMemory)

Signal-Labs/iat_unhook_sample Stargazers