HalosUnhooker
Halos Gate-based NTAPI Unhooker
Install / Use
/learn @GetRektBoy724/HalosUnhookerREADME
HalosUnhooker
HalosUnhooker is an unhooker that will help you to remove AVs/EDRs hooks from NT API. Whats special about HalosUnhooker is that it uses Halo's Gate technique to get the original syscall ID of a hooked NT API which will be used to restore the NT API stub, effectively removing the hooks. Because HalosUnhooker uses Halo's Gate technique to get the original syscall ID, it doesnt touch anything from disk. The only way to break HalosUnhooker is to modify the NTDLL using SyscallShuffler since Halo's Gate technique relies on sorting/walking through the neighbouring syscall stubs, if the syscall stubs are shuffled, it cant get the correct syscall ID.
Demonstration
We're going to use NiceTryDLL's NtReadFile hook in this demonstration.
https://user-images.githubusercontent.com/41237415/164456259-32b37028-1efa-4543-b318-dd5cc1594ffa.mp4
As you can see, HalosUnhooker successfully removed the NiceTryDLL's hook on NtReadFile without getting caught by the NiceTryDLL itself since HalosUnhooker doesnt read anything from disk.
Related Skills
node-connect
337.4kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
83.2kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
337.4kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
commit-push-pr
83.2kCommit, push, and open a PR
