Quick script for automatically extracting syscall numbers for an OS

Related tags

MiscellaneousSyscalls-Extractor
Overview

Syscalls-Extractor

Quick script for automatically extracting syscall numbers for an OS

$ python3 .\syscalls-extractor.py --help
usage: syscalls-extractor.py [-h] [-d PE_DIRECTORY]

Automatically extracts syscall numbers for an OS

optional arguments:
  -h, --help            show this help message and exit
  -d PE_DIRECTORY, --pe-directory PE_DIRECTORY

$ python3 .\syscalls-extractor.py
[*] Printing syscall numbers for ntoskrnl.exe in C:\Windows\System32

[*] 38  (0x26) = ntoskrnl.exe : ZwOpenProcess
[*] 193 (0xc1) = ntoskrnl.exe : ZwCreateThreadEx
[*] 58  (0x3a) = ntoskrnl.exe : ZwWriteVirtualMemory
[*] 24  (0x18) = ntoskrnl.exe : ZwAllocateVirtualMemory
[*] 74  (0x4a) = ntoskrnl.exe : ZwCreateSection
[*] 40  (0x28) = ntoskrnl.exe : ZwMapViewOfSection
[*] 185 (0xb9) = ntoskrnl.exe : ZwCreateProcess
[*] 80  (0x50) = ntoskrnl.exe : ZwProtectVirtualMemory

[+] Done

Adding syscalls

Add to the syscalls dict at the top of the script to add more functions to check for syscalls.

E.g.:

syscalls = {
    "ntoskrnl.exe": [
        "ZwOpenProcess",
        "ZwCreateThreadEx",
        "ZwWriteVirtualMemory",
        "ZwAllocateVirtualMemory",
        "ZwCreateSection",
        "ZwMapViewOfSection",
        "ZwCreateProcess",
        "ZwProtectVirtualMemory"
    ],
}

Native and debug symbols are checked.

Logic

This works by finding the function, locating the next jmp instruction and confirming that the instruction before hand was a mov eax. If so the value moved into eax is returned as the syscall instruction.

Owner
m0rv4i
Twitter: @m0rv4i
m0rv4i
GitHub Repository
Small tool to use hero .json files created with Optolith for The Dark Eye/ Das Schwarze Auge 5 to perform talent probes.

DSA5-ProbeMaker A little tool for The Dark Eye 5th Edition (Das Schwarze Auge 5) to load .json from Optolith character generation and easily perform t

2 Jan 06, 2022
Mixtaper - Web app to make mixtapes

Mixtaper A web app which allows you to input songs in the form of youtube links

suryansh 1 Feb 14, 2022
Packaging tools for shanty services.

parcel Packaging tools for shanty services. What? Services are docker containers deployed by shanty on a hosting appliance. Each service consists of t

0 Jan 20, 2022
A python implementation of differentiable quality diversity.

Differentiable Quality Diversity This repository is the official implementation of Differentiable Quality Diversity.

ICAROS 41 Nov 30, 2022
This is an example manipulation package of for a robot manipulator based on Drake with ROS2.

This is an example manipulation package of for a robot manipulator based on Drake with ROS2.

Sotaro Katayama 1 Oct 21, 2021
A wide AOI generator tool.

Dark Generator A wide AOI generator tool. Information Installation To Install you have to have python 3.x and pip installed on your system. If you hav

Darkest Surface 12 Dec 26, 2022
Play tic-tac-toe in PowerPoint

The presentation has around 6,000 slides representing every possible game state (and some impossible ones, since I didn't check for wins or ties). You play by clicking on the squares, which are hyper

Jesse Li 3 Dec 18, 2021
Lookup for interesting stuff in SMB shares

SMBSR - what is that? Well, SMBSR is a python script which given a CIDR/IP/IP_file/HOSTNAME(s) enumerates all the SMB services listening (445) among t

Vincenzo 112 Dec 15, 2022
This is a multi-app executor that it used when we have some different task in a our applications and want to run them at the same time

This is a multi-app executor that it used when we have some different task in a our applications and want to run them at the same time. It uses SQLAlchemy for ORM and Alembic for database migrations.

Majid Iranpour 5 Apr 16, 2022
Run Python code right in your Telegram messages

Run Python code right in your Telegram messages Made with Telethon library, TGPy is a tool for evaluating expressions and Telegram API scripts. Instal

29 Nov 22, 2022
Would upload anything I do with/related to brainfuck

My Brainfu*k Repo Basically wanted to create something with Brainfu*k but realized that with the smol brain I have, I need to see the cell values real

Rafeed 1 Mar 22, 2022
pyToledo is a Python library to interact with the common virtual learning environment for the Association KU Leuven (Toledo).

pyToledo pyToledo is a Python library to interact with the common virtual learning environment for the Association KU Leuven a.k.a Toledo. Motivation

Daan Vervacke 5 Jan 03, 2022
Org agenda in the console

This Python script reads an org agenda file (i.e. a regular org file with some active dates) and displays an interactive and colored year calendar with detailed information for each day when the mous

Nicolas P. Rougier 113 Jan 03, 2023
This repository is an archive of emails that are sent by the awesome Quincy Larson every week.

Awesome Quincy Larson Email Archive This repository is an archive of emails that are sent by the awesome Quincy Larson every week. If you fi

Sourabh Joshi 912 Jan 05, 2023
Design-by-contract in Python3 with informative violation messages and inheritance

icontract icontract provides design-by-contract to Python3 with informative violation messages and inheritance. It also gives a base for a flourishing

275 Jan 02, 2023
This is the Code Institute student template for Gitpod.

Welcome AnaG0307, This is the Code Institute student template for Gitpod. We have preinstalled all of the tools you need to get started. It's perfectl

0 Feb 02, 2022
Perform oocyst segmentation in mercurochrome stained mosquito midgut

Midgut_oocyst_segmentation Perform oocyst segmentation in mercurochrome stained mosquito midguts This oocyst segmentation model also powers the webtoo

Duo Peng 3 Oct 27, 2021
Arknights gacha simulation written in Python

Welcome to arknights-gacha repository This is my shameless attempt of simulating Arknights gacha. Current supported banner types (with potential bugs)

Swyrin 3 May 07, 2022
A web-based chat application that enables multiple users to interact with one another

A web-based chat application that enables multiple users to interact with one another, in the same chat room or different ones according to their choosing.

3 Apr 22, 2022
A tool to replace all osu beatmap backgrounds at once.

OsuBgTool A tool to replace all osu beatmap backgrounds at once. Requirements You need to have python 3.6 or newer installed. That's it. How to Use Ju

Aditya Gupta 1 Oct 24, 2021