Kenjiro Ichise DoranekoSystems

## dump.js
const outputPath = "C::\\put_your_path\\syscall.csv";

var module = Process.getModuleByName("ntdll.dll");
var symbols = module.enumerateExports();
var csvString = "Name,Number\n";

for (var i = 0; i < symbols.length; i++) {
  const sysName = symbols[i].name;
  if (sysName.indexOf("Nt") == 0 && sysName.indexOf("Ntdll") == -1) {
    const symAddr = symbols[i].address;

## enumsymbol.js
//frida -l enumsymbol.js CalculatorApp.exe
function dump(pointer, length) {
  var buf = Memory.readByteArray(pointer, length);
  console.log(
    hexdump(buf, {
      offset: 0,
      length: length,
      header: true,
      ansi: true,
    })
	const outputPath = "C::\\put_your_path\\syscall.csv";

	var module = Process.getModuleByName("ntdll.dll");
	var symbols = module.enumerateExports();
	var csvString = "Name,Number\n";

	for (var i = 0; i < symbols.length; i++) {
	const sysName = symbols[i].name;
	if (sysName.indexOf("Nt") == 0 && sysName.indexOf("Ntdll") == -1) {
	const symAddr = symbols[i].address;
	//frida -l enumsymbol.js CalculatorApp.exe
	function dump(pointer, length) {
	var buf = Memory.readByteArray(pointer, length);
	console.log(
	hexdump(buf, {
	offset: 0,
	length: length,
	header: true,
	ansi: true,
	})