GitHub - Axactt/SysCall_Dumper: Syscall dumper using LDR_DATA_TABLE_ENTRY structure and gs:segment offset to find base address of ntdll.dll. Then the IMAGE_EXPORT_DIRECTORY is parsed for its pEAT to match with syscall signature { 0x4c,0x8b,0xd1,0xb8 }. The matching addresses are printed on console

Axactt / SysCall_Dumper Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Syscall dumper using LDR_DATA_TABLE_ENTRY structure and gs:segment offset to find base address of ntdll.dll. Then the IMAGE_EXPORT_DIRECTORY is parsed for its pEAT to match with syscall signature { 0x4c,0x8b,0xd1,0xb8 }. The matching addresses are printed on console

0 stars 0 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
.gitattributes		.gitattributes
.gitignore		.gitignore
ReNtdll.h		ReNtdll.h
SysCall_Dumper.sln		SysCall_Dumper.sln
SysCall_Dumper.vcxproj		SysCall_Dumper.vcxproj
SysCall_Dumper.vcxproj.filters		SysCall_Dumper.vcxproj.filters
sysCaller.asm		sysCaller.asm
syscallDumper.cpp		syscallDumper.cpp