Skip to content

Instantly share code, notes, and snippets.

View kohnakagawa's full-sized avatar
🌴
On vacation

tsunekoh kohnakagawa

🌴
On vacation
111 followers · 17 following
View GitHub Profile
@kohnakagawa
kohnakagawa / syscall_number_mapper.py
Created May 18, 2020 06:30 — forked from h4z31/syscall_number_mapper.py
[rough] mapping system call numbers of Zw APIs from local ntdll.dll on Windows 10 by binaryninja
from binaryninja import *
log_to_stderr(1)
def get_syscall_no(zwf):
for b in zwf.basic_blocks:
for i in b.get_disassembly_text():
if str(i).startswith("syscall"):
eax = zwf.get_reg_value_at(i.address, "eax")
if eax.type == RegisterValueType.ConstantValue: