- Notifications
You must be signed in to change notification settings - Fork0
ikermit/11Syscalls
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Windows 11 Syscall numbers. Ready to use in direct syscall. Actively maintained.
This repository contains system call tables collected from windows 11. As of now only 10.0.22000 is included, But I have planned to continue updating this table over time.I can use any help with this table and even provide more data over time.
| OS | CodeName | Edition | Build Number | Architecture | DLL | Syscall Table |
|---|---|---|---|---|---|---|
| Windows | 21H2* | Pro | 10.0.22000 | x64 | ntdll.dll | link |
*Note: For some reason Windows 11 10.0.22000 and Windows 10 10.0.19044 are both named 21H2.
For Windows versions such as 10.0.19044 (21H2) and below that check this repo:j00ru/windows-syscalls
The concept is very simple First, We look up theNtDll file for a certainOpCode which forNt functions usually is4C 8B D1 B8, Then the next8 byte is thesyscall number, Then we extract all those numbers in order.
You can use data from this table to do a direct system call, And skipping the call from ntdll and bypass Edr and hooking accordingly.
About
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.