Here's my version of that, which gets it from the ntoskrnl and win32k PE & PDB directly – you can actually also get the number of args for each function too via KiArgumentTable:https://github.com/moyix/pdbparse/blob/master/examples/pdb_get_syscall_table.py …
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.