SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
Install / Use
/learn @KiExitDispatcher/SsnRetrievalREADME
SsnRetrieval
Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.
Execution Process:
- 1st > Load the NTDLL Libary.
- 2nd > Parse the PE file to get the structure and find important directories like the export directory.
- 3rd > Extract function names and addresses, look for functions that start with "Zw", and find their System Service Numbers (SSNs).
- 4th > Collect and print the SSN, function name, and address for each "Zw" function.
Build Process
- 1st ->
go build main.go - if you want to run and test
go run main.go
Enjoy - Made by EByte :Happy
PoC
License
This project is licensed under the MIT License. See the LICENSE file for details.
Related Skills
node-connect
351.8kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
110.9kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
351.8kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
351.8kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
