Native call wrapper

[Guy]

Download:

To view the content, you need to sign in or register

Description: You can now use over 200 native calls, without needing to import any outside function! View source code for a live demo with NtTerminateProcess being used.

The library supports all service packs for the following platforms (X86 and X86-64 alike):

- Windows NT 4.X
- Windows 2000 (Server/Workstation)
- Windows XP
- Windows 2003 Server
- Windows Vista
- Windows 2008 Server
- Windows 7 RC2

EDIT: Bugfix added.

 

[Aimed]

ugh make a desc. for newbz cuz they dunno sh!t about this (me neither lol)

--edit--
oohdamn i see there IS a description xD
Still don't know what this is for though

 

[Guy]

Obfuscation trick:

FunctionY PROC
ADD ESP, 4
LEA EDX, [ESP + 4]
MOV ECX, FunctionX
ADD ECX, 1
JMP ECX
FunctionY

FunctionX PROC
DB 233
DB 205
DB 226
DB 4
DB 0
RETN
FunctionX ENDP

In this sample, Function X appears to be (For most disassemblers):

JMP 0044F3ED
RETN

However, thanks to the way it's accessed, it is actually:

INT 0x2E
ADD AL, 0
RETN

This is fairly straight forward to integrate; feel free!

 

[ThievingSix]

I shall, be translating this =P

 

[Guy]

I shall, be translating this =P

Baha; I forgot to mention the syscalls added were for Windows 7RC2, not RTM