mirror of
https://github.com/cocateh/wausyscall.git
synced 2024-06-29 18:32:57 +00:00
updated readme
This commit is contained in:
parent
453b61e481
commit
60fb7018df
11
README.md
11
README.md
@ -1,11 +1,12 @@
|
||||
# Overview
|
||||
|
||||
`wausyscall` is a tool for extracting Windows syscall numbers from ntdll.dll
|
||||
file on system. Should work fine on win32k.sys but haven't tested.
|
||||
`wausyscall` is a tool for extracting Windows syscall numbers from usermode
|
||||
syscall wrapper dlls such as ntdll.dll or win32u.dll
|
||||
|
||||
It supports only x86 Windows but can be easily ported to other architectures,
|
||||
due to PE file portability, if provided with length of instructions prior to
|
||||
syscall number move instruction.
|
||||
syscall number move instruction, given that syscall wrapper function format is
|
||||
the same.
|
||||
|
||||
# Usage & Installation
|
||||
|
||||
@ -14,13 +15,15 @@ syscall number move instruction.
|
||||
`cargo install --git <url to git repo>`
|
||||
|
||||
```
|
||||
Usage: wausyscall <path to ntdll.dll> (function name)
|
||||
Usage: wausyscall <path> (function name) [--only-erroneus] [--help]
|
||||
```
|
||||
|
||||
Invoking `wausyscall` on Windows with no arguments should work fine, and
|
||||
default to system provided ntdll.dll file. If running on other system,
|
||||
a path to the file should be provided.
|
||||
|
||||
`--only-erroneus` prints opcodes that are most likely improperly parsed.
|
||||
|
||||
`Function name` argument is not required. When provided, it looks up syscall
|
||||
number for the specified function name, but then on Windows, providing
|
||||
a path to the dll is required.
|
||||
|
Loading…
Reference in New Issue
Block a user