Skip to content
/ Pluto Public

A manual system call library that supports functions from both ntdll.dll and win32u.dll

License

Notifications You must be signed in to change notification settings

Dewera/Pluto

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Pluto

A manual system call library that supports functions from both ntdll.dll and win32u.dll


Notable features

  • Dynamic resolution of syscall indices from disk
  • WOW64 and x64 support

Getting started

The example below demonstrates a basic implementation of the library

[SyscallImport("ntdll.dll")]
public delegate NtStatus NtClose(nint handle);

var handle = -1;

var syscall = new Syscall<NtClose>();
var status = syscall.Method(handle); 

Syscall Class

Provides the functionality to syscall a function in a DLL

public sealed class Syscall<T> where T : Delegate

Constructors

Initialises an instance of the Syscall<T> class with the syscall delegate

public Syscall();

Properties

A delegate wrapping the syscall

public T Method { get; }

SyscallImportAttribute Class

Indicates that the attributed delegate represents a syscall signature

[AttributeUsage(AttributeTargets.Delegate)]
public sealed class SyscallImportAttribute : Attribute

Constructors

Initialises an instance of the SyscallImportAttribute class with the DLL name

public SyscallImportAttribute(string);

About

A manual system call library that supports functions from both ntdll.dll and win32u.dll

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages