-
-
Save gmh5225/f20ea7cc5d8159f85ee8e190f701f586 to your computer and use it in GitHub Desktop.
Generate windows syscall csv with Frida
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const outputPath = "C::\\put_your_path\\syscall.csv"; | |
var module = Process.getModuleByName("ntdll.dll"); | |
var symbols = module.enumerateExports(); | |
var csvString = "Name,Number\n"; | |
for (var i = 0; i < symbols.length; i++) { | |
const sysName = symbols[i].name; | |
if (sysName.indexOf("Nt") == 0 && sysName.indexOf("Ntdll") == -1) { | |
const symAddr = symbols[i].address; | |
const sysNumber = symAddr.add(0x04).readUInt().toString(16); | |
csvString += `${sysName},0x${sysNumber}\n`; | |
} | |
} | |
csvString = csvString.slice(0, -1); | |
var file_handle = new File(outputPath, "w"); | |
file_handle.write(csvString); | |
file_handle.flush(); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment