Remove EDR hooks established in NTDLL by EDRs.
1. Create suspended process (32 or 64 bits)
2. Parse the _PEB structure
3. Look for PE32 magic bytes
4. Iterate over all loaded modules in the suspended process.
The first will be the application (suspended) module.
The second will be the NTDLL
5. Look for .text section in the NTDLL loaded in the suspended process
6. Copy the .text section from the suspended process to the target process (implant).
7. Have fun!!