cocateh/wausyscall
1
0
Fork 0
mirror of https://github.com/cocateh/wausyscall.git synced 2024-06-29 18:32:57 +00:00
Code Issues Projects Releases Wiki Activity

updated readme

Browse Source
This commit is contained in:
cocateh 2021-11-28 14:35:30 +01:00 committed by Michał Lach
parent 453b61e481
commit 60fb7018df
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@ -1,11 +1,12 @@
# Overview
`wausyscall` is a tool for extracting Windows syscall numbers from ntdll.dll
file on system. Should work fine on win32k.sys but haven't tested.
`wausyscall` is a tool for extracting Windows syscall numbers from usermode
syscall wrapper dlls such as ntdll.dll or win32u.dll
It supports only x86 Windows but can be easily ported to other architectures,
due to PE file portability, if provided with length of instructions prior to
syscall number move instruction.
syscall number move instruction, given that syscall wrapper function format is
the same.
# Usage & Installation
@ -14,13 +15,15 @@ syscall number move instruction.
`cargo install --git <url to git repo>`
```
Usage: wausyscall <path to ntdll.dll> (function name)
Usage: wausyscall <path> (function name) [--only-erroneus] [--help]
```
Invoking `wausyscall` on Windows with no arguments should work fine, and
default to system provided ntdll.dll file. If running on other system,
a path to the file should be provided.
`--only-erroneus` prints opcodes that are most likely improperly parsed.
`Function name` argument is not required. When provided, it looks up syscall
number for the specified function name, but then on Windows, providing
a path to the dll is required.