Syscalls-Extractor

Quick script for automatically extracting syscall numbers for an OS

$ python3 .\syscalls-extractor.py --help
usage: syscalls-extractor.py [-h] [-d PE_DIRECTORY]

Automatically extracts syscall numbers for an OS

optional arguments:
  -h, --help            show this help message and exit
  -d PE_DIRECTORY, --pe-directory PE_DIRECTORY

$ python3 .\syscalls-extractor.py
[*] Printing syscall numbers for ntoskrnl.exe in C:\Windows\System32

[*] 38  (0x26) = ntoskrnl.exe : ZwOpenProcess
[*] 193 (0xc1) = ntoskrnl.exe : ZwCreateThreadEx
[*] 58  (0x3a) = ntoskrnl.exe : ZwWriteVirtualMemory
[*] 24  (0x18) = ntoskrnl.exe : ZwAllocateVirtualMemory
[*] 74  (0x4a) = ntoskrnl.exe : ZwCreateSection
[*] 40  (0x28) = ntoskrnl.exe : ZwMapViewOfSection
[*] 185 (0xb9) = ntoskrnl.exe : ZwCreateProcess
[*] 80  (0x50) = ntoskrnl.exe : ZwProtectVirtualMemory

[+] Done

Adding syscalls

Add to the syscalls dict at the top of the script to add more functions to check for syscalls.

E.g.:

syscalls = {
    "ntoskrnl.exe": [
        "ZwOpenProcess",
        "ZwCreateThreadEx",
        "ZwWriteVirtualMemory",
        "ZwAllocateVirtualMemory",
        "ZwCreateSection",
        "ZwMapViewOfSection",
        "ZwCreateProcess",
        "ZwProtectVirtualMemory"
    ],
}

Native and debug symbols are checked.

Logic

This works by finding the function, locating the next jmp instruction and confirming that the instruction before hand was a mov eax. If so the value moved into eax is returned as the syscall instruction.

Quick script for automatically extracting syscall numbers for an OS

Related tags

Overview

Syscalls-Extractor

Adding syscalls

Logic

Owner

m0rv4i

Modify version of impacket wmiexec.py, get output(data,response) from registry, don't need SMB connection, also bypassing antivirus-software in lateral movement like WMIHACKER.

En este repositorio pondré archivos graciositos de python que hago de vez en cuando

School helper, helps you at your pyllabus's.

"Hacking" the (Telekom) Zyxel GPON SFP module (PMG3000-D20B)

Monochrome's API, implemented with Deta Base and Deta Drive.

An integrated library for checking email if it is registered on social media

Animations made using manim-ce

Christmas tree on the desktop.

This script can be used to get unlimited Gb for WARP.

A working roblox account generator it doesnt bypass the capcha stuff cuz these didnt showed up in my test runs

Extremely unfinished animation toolset for Blender 3.

The only purpose of a byte-sized application is to help you create .desktop entry files for downloaded applications.

Implementation of the Angular Spectrum method in Python to simulate Diffraction Patterns

Sodium is a general purpose programming language which is instruction-oriented (a new programming concept that we are developing and devising) [Still developing...]

Collection of Python scripts to perform Eikonal Tomography

A timer for bird lovers, plays a random birdcall while displaying its image and info.

Object-oriented programming (OOP) is a method of structuring a program by bundling related properties and behaviors into individual objects. In this tutorial, you’ll learn the basics of object-oriented programming in Python.

Identifies the faulty wafer before it can be used for the fabrication of integrated circuits and, in photovoltaics, to manufacture solar cells.

Taking the fight to the establishment.

A fast Python in-process signal/event dispatching system.