├── README.md
├── unHookedSyscall.sln
├── unHookedSyscall
    ├── unHookedSyscall.cpp
    ├── unHookedSyscall.vcxproj
    ├── unHookedSyscall.vcxproj.filters
    ├── unHookedSyscall.vcxproj.user
    └── x64
    │   └── Debug
    │       ├── unHookedSyscall.Build.CppClean.log
    │       ├── unHookedSyscall.exe.recipe
    │       ├── unHookedSyscall.ilk
    │       ├── unHookedSyscall.log
    │       ├── unHookedSyscall.obj
    │       ├── unHookedSyscall.tlog
    │           ├── CL.command.1.tlog
    │           ├── CL.read.1.tlog
    │           ├── CL.write.1.tlog
    │           ├── link.command.1.tlog
    │           ├── link.read.1.tlog
    │           ├── link.write.1.tlog
    │           └── unHookedSyscall.lastbuildstate
    │       ├── unHookedSyscall.vcxproj.FileListAbsolute.txt
    │       ├── vc143.idb
    │       └── vc143.pdb
└── x64
    └── Debug
        ├── unHookedSyscall.exe
        └── unHookedSyscall.pdb


/README.md:
--------------------------------------------------------------------------------
 1 | # SyscallHookDetector
 2 | 
 3 | **SyscallHookDetector** is a C++ tool designed to detect hooked syscalls in the `ntdll.dll` library on Windows systems. This tool scans exported syscalls in `ntdll.dll` and checks for potential hooks or modifications by analyzing the function's prologue and common redirection instructions like `jmp` and `call`.
 4 | 
 5 | ## Features
 6 | 
 7 | - Detects hooked or modified syscalls (e.g., `Nt` or `Zw` functions).
 8 | - Compares the function's prologue with the standard syscall stub.
 9 | - Flags potential hooks using common indicators like `jmp` and `call` instructions.
10 | - Simple and efficient approach to syscall hook detection.
11 | 
12 | ## How It Works
13 | 
14 | The tool scans through the exported syscalls in `ntdll.dll` and checks the first few bytes of each function to determine whether it has been altered. A typical syscall prologue starts with:
15 | 
16 | ```assembly
17 | 4c 8b d1 b8
18 | ```
19 | 
20 | If the prologue does not match or if a redirection (`jmp` or `call`) is detected, the tool flags the function as hooked or potentially modified.
21 | 
22 | ## Usage
23 | 
24 | 1. Clone the repository:
25 | 
26 | ```bash
27 | git clone https://github.com/CyberSecurityUP/SyscallHookDetector.git
28 | ```
29 | 
30 | 2. Open the project in your preferred C++ development environment.
31 | 
32 | 3. Compile and run the program on a Windows system.
33 | 
34 | 4. The tool will output a list of syscalls and indicate whether each function is hooked or not.
35 | 
36 | ## Example Output
37 | 
38 | ```plaintext
39 | Not hooked: NtCreateFile : 0x7ffb31a3b210
40 | Hooked or modified: NtOpenProcess : 0x7ffb31a3b360
41 | ```
42 | 
43 | ## Requirements
44 | 
45 | - Windows operating system
46 | - C++ Compiler (MSVC, MinGW, etc.)
47 | - `Windows.h` for accessing Windows APIs
48 | 
49 | ## License
50 | 
51 | This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more information.
52 | 
53 | ---
54 | 
55 | ## Contribution
56 | 
57 | Contributions are welcome! Feel free to submit issues or pull requests for new features or bug fixes.
58 | 
59 | ---
60 | 
61 | ## Disclaimer
62 | 
63 | This tool is for educational and research purposes only. Use it responsibly and in compliance with local laws.
64 | 
65 | ---
66 | 
67 | ### Author
68 | 
69 | - Joas Antonio dos Santos
70 | 
71 | ---
72 | 
73 | ### References
74 | 
75 | - https://www.ired.team/offensive-security/defense-evasion/detecting-hooked-syscall-functions
76 | - https://github.com/Helixo32/SimpleEDR
77 | - https://github.com/Mr-Un1k0d3r/EDRs
78 | - https://docs.redteamleaders.com/offensive-security/windows-internals-and-api/detection-of-hooked-syscalls-in-ntdll.dll
79 | 


--------------------------------------------------------------------------------
/unHookedSyscall.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 12.00
 3 | # Visual Studio Version 17
 4 | VisualStudioVersion = 17.5.33530.505
 5 | MinimumVisualStudioVersion = 10.0.40219.1
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unHookedSyscall", "unHookedSyscall\unHookedSyscall.vcxproj", "{5B620DFF-4C84-4176-95EE-D35071F22B94}"
 7 | EndProject
 8 | Global
 9 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | 		Debug|x64 = Debug|x64
11 | 		Debug|x86 = Debug|x86
12 | 		Release|x64 = Release|x64
13 | 		Release|x86 = Release|x86
14 | 	EndGlobalSection
15 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Debug|x64.Build.0 = Debug|x64
18 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Debug|x86.ActiveCfg = Debug|Win32
19 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Debug|x86.Build.0 = Debug|Win32
20 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Release|x64.ActiveCfg = Release|x64
21 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Release|x64.Build.0 = Release|x64
22 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Release|x86.ActiveCfg = Release|Win32
23 | 		{5B620DFF-4C84-4176-95EE-D35071F22B94}.Release|x86.Build.0 = Release|Win32
24 | 	EndGlobalSection
25 | 	GlobalSection(SolutionProperties) = preSolution
26 | 		HideSolutionNode = FALSE
27 | 	EndGlobalSection
28 | 	GlobalSection(ExtensibilityGlobals) = postSolution
29 | 		SolutionGuid = {7167C567-7519-4D4E-88F8-36F154BFFBE2}
30 | 	EndGlobalSection
31 | EndGlobal
32 | 


--------------------------------------------------------------------------------
/unHookedSyscall/unHookedSyscall.cpp:
--------------------------------------------------------------------------------
 1 | #include <iostream>
 2 | #include <Windows.h>
 3 | 
 4 | bool IsHookedFunction(PVOID functionAddress)
 5 | {
 6 |     // Syscall stubs start with these bytes in ntdll
 7 |     unsigned char syscallPrologue[4] = { 0x4c, 0x8b, 0xd1, 0xb8 };
 8 | 
 9 |     // Check if the first few bytes match the expected prologue
10 |     if (memcmp(functionAddress, syscallPrologue, sizeof(syscallPrologue)) == 0)
11 |     {
12 |         return false; // Function is not hooked, matches syscall stub
13 |     }
14 | 
15 |     // If it's a JMP instruction, likely a hook
16 |     if (*(unsigned char*)functionAddress == 0xE9 || *(unsigned char*)functionAddress == 0xE8)
17 |     {
18 |         return true; // Function appears to be hooked
19 |     }
20 | 
21 |     return true; // If it doesn't match the prologue or has an unexpected instruction, it's potentially hooked
22 | }
23 | 
24 | int main()
25 | {
26 |     PDWORD functionAddress = nullptr;
27 | 
28 |     // Get ntdll base address
29 |     HMODULE libraryBase = LoadLibraryA("ntdll");
30 | 
31 |     PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)libraryBase;
32 |     PIMAGE_NT_HEADERS imageNTHeaders = (PIMAGE_NT_HEADERS)((DWORD_PTR)libraryBase + dosHeader->e_lfanew);
33 | 
34 |     // Locate export address table
35 |     DWORD_PTR exportDirectoryRVA = imageNTHeaders->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
36 |     PIMAGE_EXPORT_DIRECTORY imageExportDirectory = (PIMAGE_EXPORT_DIRECTORY)((DWORD_PTR)libraryBase + exportDirectoryRVA);
37 | 
38 |     // Offsets to list of exported functions and their names
39 |     PDWORD addressOfFunctionsRVA = (PDWORD)((DWORD_PTR)libraryBase + imageExportDirectory->AddressOfFunctions);
40 |     PDWORD addressOfNamesRVA = (PDWORD)((DWORD_PTR)libraryBase + imageExportDirectory->AddressOfNames);
41 |     PWORD addressOfNameOrdinalsRVA = (PWORD)((DWORD_PTR)libraryBase + imageExportDirectory->AddressOfNameOrdinals);
42 | 
43 |     // Iterate through exported functions of ntdll
44 |     for (DWORD i = 0; i < imageExportDirectory->NumberOfNames; i++)
45 |     {
46 |         // Resolve exported function name
47 |         DWORD functionNameRVA = addressOfNamesRVA[i];
48 |         DWORD_PTR functionNameVA = (DWORD_PTR)libraryBase + functionNameRVA;
49 |         char* functionName = (char*)functionNameVA;
50 | 
51 |         // Resolve exported function address
52 |         DWORD_PTR functionAddressRVA = addressOfFunctionsRVA[addressOfNameOrdinalsRVA[i]];
53 |         functionAddress = (PDWORD)((DWORD_PTR)libraryBase + functionAddressRVA);
54 | 
55 |         // Only interested in Nt|Zw functions
56 |         if (strncmp(functionName, "Nt", 2) == 0 || strncmp(functionName, "Zw", 2) == 0)
57 |         {
58 |             if (IsHookedFunction(functionAddress))
59 |             {
60 |                 printf("Hooked or modified: %s : %p\n", functionName, functionAddress);
61 |             }
62 |             else
63 |             {
64 |                 printf("Not hooked: %s : %p\n", functionName, functionAddress);
65 |             }
66 |         }
67 |     }
68 | 
69 |     return 0;
70 | }
71 | 


--------------------------------------------------------------------------------
/unHookedSyscall/unHookedSyscall.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Release|Win32">
  9 |       <Configuration>Release</Configuration>
 10 |       <Platform>Win32</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Debug|x64">
 13 |       <Configuration>Debug</Configuration>
 14 |       <Platform>x64</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <VCProjectVersion>16.0</VCProjectVersion>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <ProjectGuid>{5b620dff-4c84-4176-95ee-d35071f22b94}</ProjectGuid>
 25 |     <RootNamespace>unHookedSyscall</RootNamespace>
 26 |     <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
 27 |   </PropertyGroup>
 28 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 29 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 30 |     <ConfigurationType>Application</ConfigurationType>
 31 |     <UseDebugLibraries>true</UseDebugLibraries>
 32 |     <PlatformToolset>v143</PlatformToolset>
 33 |     <CharacterSet>Unicode</CharacterSet>
 34 |   </PropertyGroup>
 35 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 36 |     <ConfigurationType>Application</ConfigurationType>
 37 |     <UseDebugLibraries>false</UseDebugLibraries>
 38 |     <PlatformToolset>v143</PlatformToolset>
 39 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 40 |     <CharacterSet>Unicode</CharacterSet>
 41 |   </PropertyGroup>
 42 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 43 |     <ConfigurationType>Application</ConfigurationType>
 44 |     <UseDebugLibraries>true</UseDebugLibraries>
 45 |     <PlatformToolset>v143</PlatformToolset>
 46 |     <CharacterSet>Unicode</CharacterSet>
 47 |   </PropertyGroup>
 48 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 49 |     <ConfigurationType>Application</ConfigurationType>
 50 |     <UseDebugLibraries>false</UseDebugLibraries>
 51 |     <PlatformToolset>v143</PlatformToolset>
 52 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 53 |     <CharacterSet>Unicode</CharacterSet>
 54 |   </PropertyGroup>
 55 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 56 |   <ImportGroup Label="ExtensionSettings">
 57 |   </ImportGroup>
 58 |   <ImportGroup Label="Shared">
 59 |   </ImportGroup>
 60 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 61 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 62 |   </ImportGroup>
 63 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 64 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 65 |   </ImportGroup>
 66 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 67 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 68 |   </ImportGroup>
 69 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 70 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 71 |   </ImportGroup>
 72 |   <PropertyGroup Label="UserMacros" />
 73 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 74 |     <ClCompile>
 75 |       <WarningLevel>Level3</WarningLevel>
 76 |       <SDLCheck>true</SDLCheck>
 77 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 78 |       <ConformanceMode>true</ConformanceMode>
 79 |     </ClCompile>
 80 |     <Link>
 81 |       <SubSystem>Console</SubSystem>
 82 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 83 |     </Link>
 84 |   </ItemDefinitionGroup>
 85 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <ClCompile>
 87 |       <WarningLevel>Level3</WarningLevel>
 88 |       <FunctionLevelLinking>true</FunctionLevelLinking>
 89 |       <IntrinsicFunctions>true</IntrinsicFunctions>
 90 |       <SDLCheck>true</SDLCheck>
 91 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
 92 |       <ConformanceMode>true</ConformanceMode>
 93 |     </ClCompile>
 94 |     <Link>
 95 |       <SubSystem>Console</SubSystem>
 96 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
 97 |       <OptimizeReferences>true</OptimizeReferences>
 98 |       <GenerateDebugInformation>true</GenerateDebugInformation>
 99 |     </Link>
100 |   </ItemDefinitionGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
102 |     <ClCompile>
103 |       <WarningLevel>Level3</WarningLevel>
104 |       <SDLCheck>true</SDLCheck>
105 |       <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
106 |       <ConformanceMode>true</ConformanceMode>
107 |     </ClCompile>
108 |     <Link>
109 |       <SubSystem>Console</SubSystem>
110 |       <GenerateDebugInformation>true</GenerateDebugInformation>
111 |     </Link>
112 |   </ItemDefinitionGroup>
113 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
114 |     <ClCompile>
115 |       <WarningLevel>Level3</WarningLevel>
116 |       <FunctionLevelLinking>true</FunctionLevelLinking>
117 |       <IntrinsicFunctions>true</IntrinsicFunctions>
118 |       <SDLCheck>true</SDLCheck>
119 |       <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
120 |       <ConformanceMode>true</ConformanceMode>
121 |     </ClCompile>
122 |     <Link>
123 |       <SubSystem>Console</SubSystem>
124 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
125 |       <OptimizeReferences>true</OptimizeReferences>
126 |       <GenerateDebugInformation>true</GenerateDebugInformation>
127 |     </Link>
128 |   </ItemDefinitionGroup>
129 |   <ItemGroup>
130 |     <ClCompile Include="unHookedSyscall.cpp" />
131 |   </ItemGroup>
132 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
133 |   <ImportGroup Label="ExtensionTargets">
134 |   </ImportGroup>
135 | </Project>


--------------------------------------------------------------------------------
/unHookedSyscall/unHookedSyscall.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClCompile Include="unHookedSyscall.cpp">
19 |       <Filter>Source Files</Filter>
20 |     </ClCompile>
21 |   </ItemGroup>
22 | </Project>


--------------------------------------------------------------------------------
/unHookedSyscall/unHookedSyscall.vcxproj.user:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3 |   <PropertyGroup />
4 | </Project>


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.Build.CppClean.log:
--------------------------------------------------------------------------------
 1 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\vc143.pdb
 2 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\vc143.idb
 3 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.obj
 4 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.ilk
 5 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.exe
 6 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.pdb
 7 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\cl.command.1.tlog
 8 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\cl.read.1.tlog
 9 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\cl.write.1.tlog
10 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\link.command.1.tlog
11 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\link.read.1.tlog
12 | c:\users\operator\desktop\packt\hookedsyscall\unhookedsyscall\unhookedsyscall\x64\debug\unhookedsyscall.tlog\link.write.1.tlog
13 | 


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.exe.recipe:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project>
 3 |   <ProjectOutputs>
 4 |     <ProjectOutput>
 5 |       <FullPath>C:\Users\Operator\Desktop\Packt\HookedSyscall\unHookedSyscall\x64\Debug\unHookedSyscall.exe</FullPath>
 6 |     </ProjectOutput>
 7 |   </ProjectOutputs>
 8 |   <ContentFiles />
 9 |   <SatelliteDlls />
10 |   <NonRecipeFileRefs />
11 | </Project>


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.ilk:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.ilk


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.log:
--------------------------------------------------------------------------------
1 |   unHookedSyscall.cpp
2 |   unHookedSyscall.vcxproj -> C:\Users\Operator\Desktop\Packt\HookedSyscall\unHookedSyscall\x64\Debug\unHookedSyscall.exe
3 | 


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.obj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.obj


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.command.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.read.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/CL.write.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.command.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.read.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/link.write.1.tlog


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.tlog/unHookedSyscall.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native64Bit:VCToolsVersion=14.35.32215:TargetPlatformVersion=10.0.22000.0:
2 | Debug|x64|C:\Users\Operator\Desktop\Packt\HookedSyscall\unHookedSyscall\|
3 | 


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/unHookedSyscall.vcxproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/unHookedSyscall.vcxproj.FileListAbsolute.txt


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/vc143.idb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/vc143.idb


--------------------------------------------------------------------------------
/unHookedSyscall/x64/Debug/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/unHookedSyscall/x64/Debug/vc143.pdb


--------------------------------------------------------------------------------
/x64/Debug/unHookedSyscall.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/x64/Debug/unHookedSyscall.exe


--------------------------------------------------------------------------------
/x64/Debug/unHookedSyscall.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CyberSecurityUP/SyscallHookDetector/8cf40c7d9670c2326cdab30bc95efcceb9514d6e/x64/Debug/unHookedSyscall.pdb


--------------------------------------------------------------------------------