Quick script for automatically extracting syscall numbers for an OS

Related tags

MiscellaneousSyscalls-Extractor
Overview

Syscalls-Extractor

Quick script for automatically extracting syscall numbers for an OS

$ python3 .\syscalls-extractor.py --help
usage: syscalls-extractor.py [-h] [-d PE_DIRECTORY]

Automatically extracts syscall numbers for an OS

optional arguments:
  -h, --help            show this help message and exit
  -d PE_DIRECTORY, --pe-directory PE_DIRECTORY

$ python3 .\syscalls-extractor.py
[*] Printing syscall numbers for ntoskrnl.exe in C:\Windows\System32

[*] 38  (0x26) = ntoskrnl.exe : ZwOpenProcess
[*] 193 (0xc1) = ntoskrnl.exe : ZwCreateThreadEx
[*] 58  (0x3a) = ntoskrnl.exe : ZwWriteVirtualMemory
[*] 24  (0x18) = ntoskrnl.exe : ZwAllocateVirtualMemory
[*] 74  (0x4a) = ntoskrnl.exe : ZwCreateSection
[*] 40  (0x28) = ntoskrnl.exe : ZwMapViewOfSection
[*] 185 (0xb9) = ntoskrnl.exe : ZwCreateProcess
[*] 80  (0x50) = ntoskrnl.exe : ZwProtectVirtualMemory

[+] Done

Adding syscalls

Add to the syscalls dict at the top of the script to add more functions to check for syscalls.

E.g.:

syscalls = {
    "ntoskrnl.exe": [
        "ZwOpenProcess",
        "ZwCreateThreadEx",
        "ZwWriteVirtualMemory",
        "ZwAllocateVirtualMemory",
        "ZwCreateSection",
        "ZwMapViewOfSection",
        "ZwCreateProcess",
        "ZwProtectVirtualMemory"
    ],
}

Native and debug symbols are checked.

Logic

This works by finding the function, locating the next jmp instruction and confirming that the instruction before hand was a mov eax. If so the value moved into eax is returned as the syscall instruction.

Owner
m0rv4i
Twitter: @m0rv4i
m0rv4i
GitHub Repository
DRF magic links

drf-magic-links Installation pip install drf-magic-links Add URL patterns # urls.py

Dmitry Kalinin 1 Nov 07, 2021
pythonOS: An operating system kernel made in python and assembly

pythonOS An operating system kernel made in python and assembly Wait what? It uses a custom compiler called snek that implements a part of python3.9 (

Abbix 69 Dec 23, 2022
Binjago - Set of tools aiding in analysis of stripped Golang binaries with Binary Ninja

Binjago 🥷 Set of tools aiding in analysis of stripped Golang binaries with Bina

W3ndige 2 Jul 23, 2022
0xFalcon - 0xFalcon Tool For Python

0xFalcone Installation Install 0xFalcone Tool: apt install git git clone https:/

Alharb7 6 Sep 24, 2022
This repo contains scripts that add functionality to xbar.

xbar-custom-plugins This repo contains scripts that add functionality to xbar. Usage You have to add scripts to xbar plugin folder. If you don't find

osman uygar 1 Jan 10, 2022
データサイエンスチャレンジ2021 サンプル

データサイエンスチャレンジ2021 サンプル 概要 線形補間と Catmull–Rom Spline 補間のサンプル Python スクリプトです。 データサイエンスチャレンジ2021の出題意図としましては、訓練用データ(train.csv)から機械学習モデルを作成して、そのモデルに推論させてモーシ

Bandai Namco Research Inc. 5 Oct 17, 2022
A patch and keygen tools for typora.

A patch and keygen tools for typora.

Mason Shi 1.4k Apr 12, 2022
Discovering local read-level DNA methylation patterns and DNA methylation heterogeneity in intermediately methylated regions

Discovering local read-level DNA methylation patterns and DNA methylation heterogeneity in intermediately methylated regions

1 Jan 11, 2022
The calculator on Python.

Calculator Contributors: Delitanast An official website. Information Hello! I am Damir. It`s my first Python project. I think you want see this. I imp

3 Mar 13, 2022
This repo presents you the official code of "VISTA: Boosting 3D Object Detection via Dual Cross-VIew SpaTial Attention"

VISTA VISTA: Boosting 3D Object Detection via Dual Cross-VIew SpaTial Attention Shengheng Deng, Zhihao Liang, Lin Sun and Kui Jia* (*) Corresponding a

104 Dec 29, 2022
Check is a integer is even

Is Even Check if interger is even using isevenapi. https://isevenapi.xyz/ Main features: cache memoization api retry handler hide ads Install pip inst

Rosiney Gomes Pereira 45 Dec 19, 2022
Ghost source since the developer of the project quit due to reasons

👻 Ghost Selfbot The official code for Ghost which was recently discontinued and released to the public. Feel free to use any of the code found in thi

xannyy 2 Mar 24, 2022
A not exist cat image generator python package

A not exist cat image generator python package

Fayas Noushad 2 Dec 03, 2021
Python-Kite: Simple python code to make kite pattern

Python-Kite Simple python code to make kite pattern. Getting Started These instr

Anoint 0 Mar 22, 2022
Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Microsoft Sentinel Welcome to the Microsoft Sentinel repository! This repository contains out of the box detections, exploration queries, hunting quer

Microsoft Azure 2.9k Jan 02, 2023
A tool to quickly create codeforces contest directories with templates.

Codeforces Template Tool I created this tool to help me quickly set up codeforces contests/singular problems with templates. Tested for windows, shoul

1 Jun 02, 2022
A Github Action for sending messages to a Matrix Room.

matrix-commit A Github Action for sending messages to a Matrix Room. Screenshot: Example Usage: # .github/workflows/matrix-commit.yml on: push:

3 Sep 11, 2022
a pull switch (or BYO button) that gets you out of video calls, quick

zoomout a pull switch (or BYO button) that gets you out of video calls, quick. As seen on Twitter System compatibility Tested on macOS Catalina (10.15

Brian Moore 422 Dec 30, 2022
A subleq VM/interpreter created by me for no reason

What is Dumbleq? Dumbleq is a dumb Subleq VM/interpreter implementation created by me for absolutely no reason at all. What is Subleq? If you haven't

Phu Minh 2 Nov 13, 2022
Mnemosyne: efficient learning with powerful digital flash-cards.

Mnemosyne: Optimized Flashcards and Research Project Mnemosyne is: a free, open-source, spaced-repetition flashcard program that helps you learn as ef

359 Dec 24, 2022