This library allows you to get the syscall ID of functions exported by ntdll.dll without using any WIN API.
What the code does:
- Accesses the Process Environment Block (PEB) to locate
ntdll.dllbase address. - Parses the export table to find function addresses.
- Extracts syscall ID from the function prologue for direct syscall usage.
- Include the header file
SysThatCode.hin your project. - Call
GetSysCode("FunctionName")with the desiredntdll.dllfunction name. - The function returns the syscall ID associated with that function.
Example:
#include "SysThatCode.h"
#include <iostream>
int main() {
std::string funcName = "NtOpenProcess";
DWORD syscallID = GetSysCode(funcName);
std::cout << "Syscall ID: " << syscallID << std::endl;
return 0;
}