https://github.com/evilbytecode/ssnretrieval

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
https://github.com/evilbytecode/ssnretrieval

av ebyte evasion fud ssn ssn-retrieval

Last synced: 16 days ago
JSON representation

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.

• Host: GitHub
• URL: https://github.com/evilbytecode/ssnretrieval
• Owner: EvilBytecode
• Created: 2024-08-12T18:51:05.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2024-08-12T19:01:04.000Z (9 months ago)
• Last Synced: 2025-03-26T08:37:31.902Z (about 1 month ago)
• Topics: av, ebyte, evasion, fud, ssn, ssn-retrieval
• Language: Go
• Homepage:
• Size: 6.84 KB
• Stars: 11
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# SsnRetrieval

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.

## Execution Process:

- 1st > Load the NTDLL Libary.

- 2nd > Parse the PE file to get the structure and find important directories like the export directory.

- 3rd > Extract function names and addresses, look for functions that start with "Zw", and find their System Service Numbers (SSNs).

- 4th > Collect and print the SSN, function name, and address for each "Zw" function.

# Build Process

- 1st -> ```go build main.go```

- if you want to run and test ```go run main.go```

## Enjoy - Made by EByte :Happy

# PoC

![image](https://github.com/user-attachments/assets/295d3e89-573b-43f5-8125-3199306d9adb)