GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Dewera → Pluto

Dewera / Pluto

Licence: MIT license
A manual system call library that supports functions from both ntdll.dll and win32u.dll

Programming Languages

C#
18002 projects

Labels

reverse-engineeringsyscallwindows-internals

Projects that are alternatives of or similar to Pluto

rlimit
Resource limits
Stars: ✭ 13 (-86.46%)
Mutual labels:  syscall
SyscallExtractorAnalyzer
This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes
Stars: ✭ 19 (-80.21%)
Mutual labels:  syscall
DuckOS
Such OS; Very Duck!
Stars: ✭ 16 (-83.33%)
Mutual labels:  syscall
TripleS
Extracting Syscall Stub, Modernized
Stars: ✭ 51 (-46.87%)
Mutual labels:  syscall
libmem
Advanced Game Hacking Library for C/C++, Rust and Python (Windows/Linux/FreeBSD) (Process/Memory Hacking) (Hooking/Detouring) (Cross Platform) (x86/x64/ARM/ARM64) (DLL/SO Injection) (Internal/External)
Stars: ✭ 336 (+250%)
Mutual labels:  syscall
InlineWhispers2
Tool for working with Direct System Calls in Cobalt Strike's Beacon Object Files (BOF) via Syswhispers2
Stars: ✭ 156 (+62.5%)
Mutual labels:  syscall
EVA2
Another version of EVA using anti-debugging techs && using Syscalls
Stars: ✭ 223 (+132.29%)
Mutual labels:  syscall
Ctftool
Interactive CTF Exploration Tool
Stars: ✭ 1,563 (+1528.13%)
Mutual labels:  windows-internals
NtUtilsLibrary
Delphi library for system programming on Windows
Stars: ✭ 41 (-57.29%)
Mutual labels:  windows-internals

Pluto

A manual system call library that supports functions from both ntdll.dll and win32u.dll

Notable features

  • Dynamic resolution of syscall indices from disk
  • WOW64 and x64 support

Getting started

The example below demonstrates a basic implementation of the library

[SyscallImport("ntdll.dll")]
public delegate NtStatus NtClose(IntPtr handle);

var handle = IntPtr.Zero;

var syscall = new Syscall<NtClose>();
var status = syscall.Method(handle);

Syscall Class

Provides the functionality to syscall a function in a DLL

public sealed class Syscall<T> where T : Delegate

Constructors

Initialises an instance of the Syscall<T> class with the syscall delegate

public Syscall();

Properties

A delegate wrapping the syscall

public T Method { get; }

SyscallImportAttribute Class

Indicates that the attributed delegate represents a syscall signature

[AttributeUsage(AttributeTargets.Delegate)]
public sealed class SyscallImportAttribute : Attribute

Constructors

Initialises an instance of the SyscallImportAttribute class with the DLL name

public SyscallImportAttribute(string);
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].