Skip to content
/ Fuck-Etw Public

Bypass the Event Trace Windows(ETW) and unhook ntdll.

92 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

unkvolism/Fuck-Etw

BranchesTags

Repository files navigation

「⚙️」Bypass ETW & Ntdll Unhooking

Bypass the Event Trace Windows(ETW) and unhook ntdll.

         _______           _______  _        _______ _________
        (  ____ \|\     /|(  ____ \| \    /\(  ____ \\__   __/|\     /|
        | (    \/| )   ( || (    \/|  \  / /| (    \/   ) (   | )   ( |
        | (__    | |   | || |      |  (_/ / | (__       | |   | | _ | |
        |  __)   | |   | || |      |   _ (  |  __)      | |   | |( )| |
        | (      | |   | || |      |  ( \ \ | (         | |   | || || |
        | )      | (___) || (____/\|  /  \ \| (____/\   | |   | () () |
        |/       (_______)(_______/|_/    \/(_______/   )_(   (_______)

                                [Made by sorahed]
                                        [v1.0]



[i] Hooked Ntdll Base Address : 0x00007FFA9A110000
[i] Unhooked Ntdll Base Address: 0x00007FF7C970F000

[+] PID Of The Current Proccess: [1956]

[#] Ready For ETW Patch.
[+] Press <Enter> To Patch ETW ...


[+] ETW Patched, No Logs No Crime !

About

Bypass the Event Trace Windows(ETW) and unhook ntdll.

Topics

malware evasion red-team etw-evasion ntdll-unhooking

Resources

Readme
Activity

Stars

92 stars

Watchers

1 watching

Forks

12 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages