Skip to content
/ SsnRetrieval Public

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.

10 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

EvilBytecode/SsnRetrieval

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
main.go
main.go
 
 

Repository files navigation

SsnRetrieval

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.

Execution Process:

  • 1st > Load the NTDLL Libary.
  • 2nd > Parse the PE file to get the structure and find important directories like the export directory.
  • 3rd > Extract function names and addresses, look for functions that start with "Zw", and find their System Service Numbers (SSNs).
  • 4th > Collect and print the SSN, function name, and address for each "Zw" function.

Build Process

  • 1st -> go build main.go
  • if you want to run and test go run main.go

Enjoy - Made by EByte :Happy

PoC

image

About

Loads NTDLL, parses the PE file, extracts "Zw" functions, retrieves their System Service Numbers (SSNs), and prints each function’s name, SSN, and address.

Topics

av evasion fud ssn ebyte ssn-retrieval

Resources

Readme
Activity

Stars

10 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages