11Syscalls
11Syscalls copied to clipboard
ikermit
Windows 11 Syscall table. Ready to use in direct syscall. Actively maintained.
11Syscalls
Windows 11 Syscall numbers. Ready to use in direct syscall. Actively maintained.
This repository contains system call tables collected from windows 11. As of now only 10.0.22000 is included, But I have planned to continue updating this table over time. I can use any help with this table and even provide more data over time.
Windows versions included
| OS | CodeName | Edition | Build Number | Architecture | DLL | Syscall Table |
|---|---|---|---|---|---|---|
| Windows | 21H2* | Pro | 10.0.22000 | x64 | ntdll.dll | link |
*Note: For some reason Windows 11 10.0.22000 and Windows 10 10.0.19044 are both named 21H2.
Older windows builds
For Windows versions such as 10.0.19044 (21H2) and below that check this repo: j00ru/windows-syscalls
How i collect these data?
The concept is very simple First, We look up the NtDll file for a certain OpCode which for Nt functions usually is 4C 8B D1 B8, Then the next 8 byte is the syscall number, Then we extract all those numbers in order.
Usage
You can use data from this table to do a direct system call, And skipping the call from ntdll and bypass Edr and hooking accordingly.
ikermit