If you cannot use direct syscalls (e.g., due to language limitations), you can restore hooked functions:
An undetected injector should never import sensitive APIs directly in its IAT (Import Address Table). Instead: undetected dll injector
Standard injection often uses Windows APIs like OpenProcess , VirtualAllocEx , WriteProcessMemory , and CreateRemoteThread . However, these are easily monitored by security tools. "Undetected" injectors typically employ more advanced techniques: If you cannot use direct syscalls (e