memN0ps/syscalls-rs memN0ps/syscalls-rs

  • Stars
    star
    212
  • Rank 186,122 (Top 4 %)
  • Language
    Rust
  • License
    MIT License
  • Created about 2 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
memN0ps/syscalls-rs
github

memN0ps

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Rusty Syscalls - A direct or indirect Syscall library in Rust using the FreshyCalls/SysWhispers technique

Syscalls - A direct or indirect Syscall library in Rust

The Rust version of Freshycalls or Syswhispers 1 or 2 or 3 diverges in its approach from the C/C++/Python versions. While it shares similar techniques, this project doesn't generate header/ASM files or output like them. Instead, it functions as a library. Inspired by a friend @janoglezcampos (@httpyxel), I created this project to explore the FreshyCalls/SysWhispers technique that rust_syscalls doesn't employ.

Usage

  1. Add the library to your Rust Cargo.toml file by setting the git repository or local path and choosing the direct or indirect system call feature by setting _DIRECT_ or _INDIRECT_ as a feature. Please note you can only choose direct _DIRECT_ or _INDIRECT_ not both.
[dependencies]
syscalls = { path = "../syscalls-rs/syscalls",  features = ["_DIRECT_"] }
[dependencies]
syscalls = { path = "../syscalls-rs/syscalls",  features = ["_INDIRECT_"] }
  1. Make use of the library
use syscalls;
  1. Dynamically retrieve the SSN and/or syscall instruction from ntdll.dll even if functions are hooked and call any function using direct and/or indirect syscall. Note that when calling a function using the syscall macro the string will be obfuscated by hashing (NtClose in this example).
unsafe { syscall!("NtClose", process_handle) };

References and Credits

More Repositories

1

eagle-rs

Rusty Rootkit - Windows Kernel Rookit in Rust (Codename: Eagle)
Rust
494
star
2

srdi-rs

Rusty Shellcode Reflective DLL Injection (sRDI) - A small reflective loader in Rust 4KB in size for generating position-independent code (PIC) in Rust.
Rust
256
star
3

mimikatz-rs

Rusty Mimikatz - Mimikatz made in Rust by ThottySploity
Rust
241
star
4

arsenal-rs

Rusty Arsenal - Process Injection / Post-Exploitation Techniques in Rust
Rust
148
star
5

ekko-rs

Rusty Ekko - Sleep Obfuscation in Rust
Rust
131
star
6

hypervisor-rs

Rusty Hypervisor - Windows Blue Pill Type-2 Hypervisor in Rust (Codename: Matrix)
Rust
114
star
7

rdi-rs

Rusty Reflective DLL Injection - A small reflective loader in Rust 4KB in size
Rust
113
star
8

psyscalls-rs

Rusty Parallel Syscalls - Parallel Syscalls library in Rust
Rust
26
star
9

mmapper-rs

Rusty Manual Mapper - Manually map DLLs inside a process using a loader in Rust
Rust
22
star
10

pemadness-rs

Rusty PEMadness - A light-weight general purpose Portable Executable (PE) Parsing Library using winapi/ntapi with no_std.
Rust
13
star
11

Process_Injection

Process Injection and Memory stuff
C++
3
star