Windows 11 Syscall numbers. Ready to use in direct syscall. Actively maintained.
This repository contains system call tables collected from windows 11. As of now only 10.0.22000 is included, But I have planned to continue updating this table over time. I can use any help with this table and even provide more data over time.
| OS | CodeName | Edition | Build Number | Architecture | DLL | Syscall Table |
|---|---|---|---|---|---|---|
| Windows | 21H2* | Pro | 10.0.22000 | x64 | ntdll.dll | link |
*Note: For some reason Windows 11 10.0.22000 and Windows 10 10.0.19044 are both named 21H2.
For Windows versions such as 10.0.19044 (21H2) and below that check this repo: j00ru/windows-syscalls
The concept is very simple First, We look up the NtDll file for a certain OpCode which for Nt functions usually is 4C 8B D1 B8, Then the next 8 byte is the syscall number, Then we extract all those numbers in order.
You can use data from this table to do a direct system call, And skipping the call from ntdll and bypass Edr and hooking accordingly.