Results 1 to 4 of 4

Thread: Syscall lister

  1. #1

    Syscall lister

    I have finished (sort of) my little utility that lists all NT syscalls and matches them with appropriate native APIs. Test with care, though, I don't guarantee that it won't crash your system (although I tested it on different machines and OSes).

    Hmm, seems like last build has some problems with obtaining symbols.. I'll check it later :|

    Fixed. Duh, weirdness of symserv: it creates 2 directories with symbol files, one specified in search path, and the other named "sym". I specified "sym" in the search path, so it prolly conflicted with the second...
    Last edited by omega_red; December 15th, 2005 at 14:18.
    Vulnerant omnes, ultima necat.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Blog Entries
    Nice piece of code omega_red. I like the practical use (exploit?) of MmGetSystemAddressForMdlSafe to grab a copy of the SSDT. It worked fine on both 2K and XP. Because of the long listing I'll just add the reminder that output can be redirected to a text file with
    syscall.exe > output.txt


  3. #3
    Update: fixed bug in counting parameters.
    Vulnerant omnes, ultima necat.

  4. #4
    Update: after some poking around, I've made 64bit version (AMD64) to work (I think )
    You can get it from here:

    BTW: as FASTCALL is the default calling convention in win x64, is it possible to get syscalls parameter info like in win32? I noticed that parameter-info tables are zeroed in win x64.
    Last edited by omega_red; July 10th, 2006 at 15:27.
    Vulnerant omnes, ultima necat.

Similar Threads

  1. Windows 8 Syscall Interface and Export Table diffing fun
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: September 21st, 2011, 12:17
  2. Syscall lister
    By OpenRCE_omega_red in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts