Skip to content

im-razvan/ntdllSyscallDumper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
23H2_syscalls.csv
23H2_syscalls.csv
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.cpp
main.cpp
 
 
ntdll_preview.png
ntdll_preview.png
 
 

Repository files navigation

ntdllSyscallDumper

A minimal C++ tool to extract syscall IDs from ntdll.dll on Windows x64 systems.

How does it work

ntdll preview

This tool extracts Windows x64 system call IDs by parsing ntdll.dll, detecting Nt-prefixed functions with a specific pattern (4C 8B D1 B8), and then outputs the names and IDs to syscalls.csv.

Tested on Windows 11 23H2 and 24H2.

About

A minimal C++ tool to extract syscall IDs from ntdll.dll on Windows x64 systems.

Topics

windows cpp syscall

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

1.0 Latest
Jan 23, 2025

Packages

 
 
 

Contributors

Languages