Overwrite ntdll.dll's ".text" section to bypass API hooking. Getting the clean dll from disk, Knowndlls folder or a debugged process - View it on GitHub