A manual system call library that supports functions from both ntdll.dll and win32u.dll
- Dynamic resolution of syscall indices from disk
- WOW64 and x64 support
The example below demonstrates a basic implementation of the library
[SyscallImport("ntdll.dll")]
public delegate NtStatus NtClose(nint handle);
var handle = -1;
var syscall = new Syscall<NtClose>();
var status = syscall.Method(handle); Provides the functionality to syscall a function in a DLL
public sealed class Syscall<T> where T : DelegateInitialises an instance of the Syscall<T> class with the syscall delegate
public Syscall();A delegate wrapping the syscall
public T Method { get; }Indicates that the attributed delegate represents a syscall signature
[AttributeUsage(AttributeTargets.Delegate)]
public sealed class SyscallImportAttribute : AttributeInitialises an instance of the SyscallImportAttribute class with the DLL name
public SyscallImportAttribute(string);