https://github.com/im-razvan/ntdllsyscalldumper

A minimal C++ tool to extract syscall IDs from ntdll.dll on Windows x64 systems.
https://github.com/im-razvan/ntdllsyscalldumper

cpp syscall windows

Last synced: about 1 year ago
JSON representation

A minimal C++ tool to extract syscall IDs from ntdll.dll on Windows x64 systems.

Host: GitHub
URL: https://github.com/im-razvan/ntdllsyscalldumper
Owner: im-razvan
License: mit
Created: 2025-01-22T19:58:14.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2025-01-23T08:46:28.000Z (over 1 year ago)
Last Synced: 2025-03-22T03:42:18.059Z (about 1 year ago)
Topics: cpp, syscall, windows
Language: C++
Homepage:
Size: 30.3 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ntdllSyscallDumper

A minimal C++ tool to extract syscall IDs from `ntdll.dll` on Windows x64 systems.

## How does it work

![ntdll preview](https://github.com/im-razvan/ntdllSyscallDumper/blob/main/ntdll_preview.png?raw=true)

This tool extracts Windows x64 system call IDs by parsing `ntdll.dll`, detecting Nt-prefixed functions with a specific pattern (`4C 8B D1 B8`), and then outputs the names and IDs to `syscalls.csv`.

---

Tested on Windows 11 23H2 and 24H2.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/im-razvan/ntdllsyscalldumper

Awesome Lists containing this project

README