Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change Syscall Stub Generation to sort by system call address #19

Open
TheWover opened this issue Jan 8, 2021 · 1 comment
Open

Change Syscall Stub Generation to sort by system call address #19

TheWover opened this issue Jan 8, 2021 · 1 comment
Assignees
@TheWover
Labels
enhancement New feature or request
Milestone
2.0

Comments

@TheWover
Copy link
Owner

TheWover commented Jan 8, 2021

Use the technique described by modexp in https://www.mdsec.co.uk/2020/12/bypassing-user-mode-hooks-and-direct-invocation-of-system-calls-for-red-teams/ and implemented in SysWhispers2 to derive syscall IDs by sorting the addresses of Zw* exports in ntdll.
@TheWover TheWover added the enhancement New feature or request label Jan 8, 2021
@TheWover TheWover added this to the 1.1 milestone Jan 8, 2021
@TheWover TheWover self-assigned this Jan 8, 2021
@TheWover TheWover modified the milestones: 1.1, 2.0 Jan 10, 2021
@TheWover
Copy link
Owner Author

Looks like there is a version of SysWhispers2 for x86/WOW64 processes: https://github.com/mai1zhi2/SysWhispers2_x86

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TheWover TheWover

Labels
enhancement New feature or request
Projects
None yet
Milestone
2.0
Development

No branches or pull requests
1 participant
@TheWover