Skip to content
/ c_syscalls Public

Single stub direct and indirect syscalling with runtime SSN resolving for windows.

127 stars 21 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

janoglezcampos/c_syscalls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.vscode
.vscode
 
 
data
data
 
 
scripts
scripts
 
 
src
src
 
 
README.md
README.md
 
 
makefile
makefile
 
 

Repository files navigation

C_SYSCALLS

Single stub direct and indirect syscalling with runtime SSN resolving for windows.

Features:

  • Single stub
  • One single line for all your syscalls
  • Direct or indirect sycalls
  • x86_64, WOW64 and x86 native support

How to use:

  • Include c_syscalls.h

    #include "c_syscalls.h"

  • Call Syscall(<function>, <args>)

    NTSTATUS status = Syscall(NT_CLOSE, handle);

  • Compile and link the desired .asm file and remember to compile for the correct architecture

Notes:

  • Reimplementation of the ssn fetching method used here is recommended, the one showed in this repo is really simple and can present problems with certains AV/EDRs, more complex methods has been showed before, and implementing them is out of the scope of this project.
  • For doing this, modifications to the GetSsn() function is needed, maintining its definition.

Example included in main.c

Thanks to SysWhispers3 for being a strong pilar on the development of this library, and Foliage for the implementation of the dbj2 hash, module/function addr resolving implementation and types definitions

About

Single stub direct and indirect syscalling with runtime SSN resolving for windows.

Resources

Readme
Activity

Stars

127 stars

Watchers

4 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages