Awesome

Doge-ReMap

Unhook full dll by Section ReMap

NtCreateFile
NtCreateSection
NtMapViewOfSection

Ref

偶然看到了个代码: https://github.com/slaeryan/AQUARMOURY/blob/master/Shellycoat/Src/SectionRemap.h

想到大佬的文章: https://idiotc4t.com/defense-evasion/load-ntdll-too

便动手写了个golang的