Skip to content
/ SysThatCode Public
forked from zawpi/SysThatCode

Library to get the syscall ID of functions exported by ntdll.dll without calling any win API

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

conspiracyrip/SysThatCode

BranchesTags
 
 

Repository files navigation

SysThatCode

This library allows you to get the syscall ID of functions exported by ntdll.dll without using any WIN API.

What the code does:

  • Accesses the Process Environment Block (PEB) to locate ntdll.dll base address.
  • Parses the export table to find function addresses.
  • Extracts syscall ID from the function prologue for direct syscall usage.

Usage

  1. Include the header file SysThatCode.h in your project.
  2. Call GetSysCode("FunctionName") with the desired ntdll.dll function name.
  3. The function returns the syscall ID associated with that function.

Example:

#include "SysThatCode.h"
#include <iostream>

int main() {
    std::string funcName = "NtOpenProcess";
    DWORD syscallID = GetSysCode(funcName);
    std::cout << "Syscall ID: " << syscallID << std::endl;
    return 0;
}

About

Library to get the syscall ID of functions exported by ntdll.dll without calling any win API

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • C++ 100.0%