{"id":28383899,"url":"https://github.com/aeverj/nimsyscalls","last_synced_at":"2025-08-03T12:06:29.817Z","repository":{"id":126275423,"uuid":"454333624","full_name":"aeverj/NimSyscalls","owner":"aeverj","description":"Direct system calls by nim","archived":false,"fork":false,"pushed_at":"2022-03-15T15:22:11.000Z","size":29,"stargazers_count":14,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-10T21:39:54.194Z","etag":null,"topics":["bypass-antivirus","nim","offensive","syscalls"],"latest_commit_sha":null,"homepage":"","language":"Nim","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aeverj.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-02-01T09:52:36.000Z","updated_at":"2025-02-22T02:12:24.000Z","dependencies_parsed_at":"2023-06-16T02:30:37.892Z","dependency_job_id":null,"html_url":"https://github.com/aeverj/NimSyscalls","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aeverj/NimSyscalls","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimSyscalls","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimSyscalls/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimSyscalls/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimSyscalls/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aeverj","download_url":"https://codeload.github.com/aeverj/NimSyscalls/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeverj%2FNimSyscalls/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268540867,"owners_count":24266624,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-03T02:00:12.545Z","response_time":2577,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bypass-antivirus","nim","offensive","syscalls"],"created_at":"2025-05-30T07:38:14.593Z","updated_at":"2025-08-03T12:06:29.809Z","avatar_url":"https://github.com/aeverj.png","language":"Nim","readme":"# NimSysCalls\n从挂起进程内存中获取干净的ntdll副本，使用syscall绕过AV/EDR\n\n\n简体中文说明 | [English README](https://github.com/aeverj/NimSyscalls/blob/master/README_EN.md)\n\n# 更新\n* 20220315：获取ntdll中syscall地址，然后调用。能够绕过对syscall指令执行的位置的检查\n\n# 介绍\n1. 创建一个挂起的进程\n2. 获取ntdll的基址\n3. 从挂起的进程中获取ntdll内容复制到本进程\n4. 保存syscall的调用代码\n5. 执行syscall调用\n\n# 如何使用\n1. 下载仓库到本地\n2. 将需要syscall调用的函数写到 `functions.txt`文件中\n3. 执行 `python3 NimSysCalls.py` 生成一个`syscalls.nim`文件\n4. 编译并执行，例子在`example.nim`.\n# 实例\n```cmd\n\u003e\u003e nim c -d:strip --opt:size -d:release -f -r example.nim\n[*] Create process notepad.exe\n[*] Read clean copy of ntdll from notepad.exe and kill the process\n[*] Get export function from clean copy of ntdll\n[*] Start create C:\\Users\\pw.log\n[*] Syscall code: 85\n[*] NtCreateFile return: 0\n[*] Create file C:\\Users\\pw.log success\n```\n# 引用\n- [Peruns-Fart](https://github.com/plackyhacker/Peruns-Fart.git)\n- [NimlineWhispers2](https://github.com/ajpc500/NimlineWhispers2)","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeverj%2Fnimsyscalls","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faeverj%2Fnimsyscalls","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeverj%2Fnimsyscalls/lists"}