justasmasiulis / inline_syscall Goto Github PK
View Code? Open in Web Editor NEWInline syscalls made easy for windows on clang
License: Apache License 2.0
inline_syscall's People
Contributors
Stargazers
Watchers
Forkers
fcccode wrath-debug wonderzdh fengjixuchui qiutao1204 huoji120 bb33bb tlsloves qazxsw1597532018 yuaom hzmslx ec-d hmyit chordp rifk01 anson338 2217936322 traderonedevs 5l1v3r1 pokevas matrixkung smeshing fiappy liwei1024 crackercat paskowsky besimbicer89 zhuhuibeishadiao cpkt9762 egebalci ltears okandok c3358 gavz hello-xbugs jev0n wuyadie josh0xa aperodry mfkiwl runonceex asdlei99 hecg119 nisfan antep2727 redteams l34rn hackdou darkersquirrel wisdark binguoa superuser5 ckwindowsproject sysfiles arryboom msf-ntdll gmh5225 clayne yangboyd imkk666 classic130 luchinkin lbxloom nelsonbighead jrandomsage ttkko cmjlove1 theevilroot lyingsimon ryan-cummings moriarty2016 ratandc2 victor-infosec rixoye levisre axax002 noostudent zuojunhao wbaby webstorage119 30579096 thomasxm elpsycinline_syscall's Issues
error : invalid operand for instruction
int main()
{
std::uint64_t largeImmidiateValue{ 0x1234567812345678 };
jm::detail::syscall(0, 0, 0, 0, 0, largeImmidiateValue);//error : invalid operand for instruction
}I believe it has something to do with the input constraint "rn", because if I change it to "r", then it compiles.
void return type ntapi problem
VOID RtlInitUnicodeString(
PUNICODE_STRING DestinationString,
__drv_aliasesMem PCWSTR SourceString
);
WCHAR path[MAX_PATH] = L"\\??\\\\C:\\Users\\Buntu\\Desktop\\test.txt";
PUNICODE_STRING punicodeString;
INLINE_SYSCALL(RtlInitUnicodeString)(punicodeString, path);
Ntapi with return type NTSTATUS works well, but ntapi with void does not work.
Debug break
Accidently left a debug break here:
inline_syscall/include/inline_syscall.inl
Line 211 in ca4337a
PEzor
https://iwantmore.pizza/posts/PEzor.html
I hava this problem
T_T
T_T
T_T
In file included from test.cpp:2:
In file included from ./inline_syscall/include/in_memory_init.hpp:20:
In file included from ./inline_syscall/include/inline_syscall.hpp:103:
./inline_syscall/include/inline_syscall.inl:61:28: warning: inline variables are a C++17 extension [-Wc++17-extensions]
"_sysc")]] inline static JM_INLINE_SYSCALL_ENTRY_TYPE entry{ Hash };
^
In file included from test.cpp:2:
./inline_syscall/include/in_memory_init.hpp:178:62: error: use of undeclared identifier '__readgsqword'
const auto peb = reinterpret_cast<const char*>(__readgsqword(0x30) + 0x60);
mingw usage?
hello,
i am trying to use the library with https://github.com/tpoechtrager/wclang in order to compile a PE from linux. i have tried with both clang-6 and clang-8 but i always get the following error:
$ ./x86_64-w64-mingw32-clang++ -Wall --pedantic hello.cpp -o hello.exe
In file included from hello.cpp:8:
In file included from ./inline_syscall/include/in_memory_init.hpp:20:
In file included from ./inline_syscall/include/inline_syscall.hpp:103:
./inline_syscall/include/inline_syscall.inl:61:28: warning: inline variables are a C++17 extension [-Wc++17-extensions]
"_sysc")]] inline static JM_INLINE_SYSCALL_ENTRY_TYPE entry{ Hash };
^
hello.cpp:18:24: error: implicit instantiation of undefined template 'jm::syscall_function<long long (*)()>'
NTSTATUS status = INLINE_SYSCALL(NtAllocateVirtualMemory)((HANDLE)-1, &allocation, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
^
./inline_syscall/include/inline_syscall.hpp:26:5: note: expanded from macro 'INLINE_SYSCALL'
INLINE_SYSCALL_MANUAL( \
^
./inline_syscall/include/inline_syscall.hpp:44:5: note: expanded from macro 'INLINE_SYSCALL_MANUAL'
::jm::syscall_function<decltype(function_pointer)> { syscall_id }
^
./inline_syscall/include/inline_syscall.hpp:55:11: note: template is declared here
class syscall_function;
^
1 warning and 1 error generated.
The source code of hello.cpp is the following:
#include <winternl.h>
#include <ntstatus.h>
#include <windows.h>
#include <iostream>
// This header contains the initialization function.
// If you already initialized, inline_syscall.hpp contains all you need.
#include "inline_syscall/include/in_memory_init.hpp"
int main() {
FARPROC NtAllocateVirtualMemory = GetProcAddress(GetModuleHandle("NTDLL.DLL"), "NtAllocateVirtualMemory");
// Needs to be called once at startup before INLINE_SYSCALL is used.
jm::init_syscalls_list();
// Usage of the main macro INLINE_SYSCALL
void* allocation = nullptr;
SIZE_T size = 0x1000;
NTSTATUS status = INLINE_SYSCALL(NtAllocateVirtualMemory)((HANDLE)-1, &allocation, 0, &size, MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
return 0;
}any idea on how to fix the template error?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.