Skip to content

Windows System Call and CSR API tables updated

Ten post nie jest dostępny w języku polskim!

{ 3 } Comments

  1. sixtyvividtails | 28-lis-13 at 13:33:57 | Permalink

    I recently decided to generate lib with all ntstubs\shadowstubs for my project, and used your tables to quickly (visually) check if there are any obvious discrepancies in my api indeces. What I noticed is you have some extra functions in your tables (like xHalGetInterruptTranslator), and some others are missing (like NtFilterTokenEx, which has index 0x00d1 in my table x64_62_9200). It’s probably not a big deal, coz discrepancies are probably present only in clashed functions (the ones which map to same useless one-line kernel functions, despite having different index), but in case you’d want to update your tables here is pack of mine (with all clashes scriptually resolved):!5t1DxI4J!XP_r0GmWFnBeDslckHs6ARmIflFur-Z3UGPJ_5gP6DM
    I generated stuff only for supported by MS nt6: 60_6002, 61_7601, 62_9200, 63_9600; x32 and x64; nt and win32k. To produce them for other OS versions, I can give you my idapython script, althought it became really messy by now ^)

  2. j00ru | 02-gru-13 at 03:08:06 | Permalink

    Hey sixtyvividtails,

    Thanks for dropping a line. I am aware of the fact that some of the system calls clash and have nonsensical names as a result (these of stub functions in the kernel), though as you mentioned, these are rare cases that only occur for syscalls that are not useful, and it’s unlikely anyone would ever want to use them (unless one wants to create a 100% accurate list of system calls). Back when generating the tables for the first time I decided to just disregard these corner cases, and resolving the clashes would probably take some time at this point. I’ll keep that in mind and try to clean up the table as soon as I have some spare time.

    The idapython script would surely come in handy to save some time. ;)


  3. sixtyvividtails | 26-gru-13 at 21:40:20 | Permalink

    Yeah, these clashed apis probably won’t be of any use, so updating tables might not be worthy the time. Anyway, I’m putting up script I’ve used with some attached description and few generated tables:!cx9iVZKZ!Cwguigsm5S0BFIQRoHhB6jAEGTwRBNwIXUzUXKjLsE4

Post a Comment

Your email is never published nor shared. Required fields are marked *