SHARE
TWEET

PS4 libkernel Syscall labeler

X41 Nov 23rd, 2017 1,223 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #include <idc.idc>
  2.  
  3. // built on cloverleafswag3s original code
  4. // modded by X41
  5. // references:
  6. //  http://www.psdevwiki.com/ps4/Syscalls
  7. //  http://fxr.watson.org/fxr/source/kern/syscalls.master
  8.  
  9. static getSyscallName(number) {
  10.     auto funcName;
  11.     funcName = form("syscall_%i", number);
  12.    
  13.     // haha x360_imports.numberc has good numbereas
  14.     if(number == 0) funcName = "nosys";
  15.     else if(number == 1) funcName = "sys_exit";
  16.     else if(number == 2) funcName = "fork";
  17.     else if(number == 3) funcName = "read";
  18.     else if(number == 4) funcName = "write";
  19.     else if(number == 5) funcName = "open";
  20.     else if(number == 6) funcName = "close";
  21.     else if(number == 7) funcName = "wait4";
  22.     else if(number == 8) funcName = "creat";
  23.     else if(number == 9) funcName = "link";
  24.     else if(number == 10) funcName = "unlink";
  25.     else if(number == 11) funcName = "execv";
  26.     else if(number == 12) funcName = "chdir";
  27.     else if(number == 13) funcName = "fchdir";
  28.     else if(number == 14) funcName = "mkd";
  29.     else if(number == 15) funcName = "chmod";
  30.     else if(number == 16) funcName = "chown";
  31.     else if(number == 17) funcName = "obreak";
  32.     else if(number == 18) funcName = "getfsstat";
  33.     else if(number == 19) funcName = "lseek";
  34.     else if(number == 20) funcName = "getpid";
  35.     else if(number == 21) funcName = "mount";
  36.     else if(number == 22) funcName = "unmount";
  37.     else if(number == 23) funcName = "setuid";
  38.     else if(number == 24) funcName = "getuid";
  39.     else if(number == 25) funcName = "geteuid";
  40.     else if(number == 26) funcName = "ptrace";
  41.     else if(number == 27) funcName = "recvmsg";
  42.     else if(number == 28) funcName = "sendmsg";
  43.     else if(number == 29) funcName = "recvfrom";
  44.     else if(number == 30) funcName = "accept";
  45.     else if(number == 31) funcName = "getpeername";
  46.     else if(number == 32) funcName = "getsockname";
  47.     else if(number == 33) funcName = "access";
  48.     else if(number == 34) funcName = "chflags";
  49.     else if(number == 35) funcName = "fchflags";
  50.     else if(number == 36) funcName = "sync";
  51.     else if(number == 37) funcName = "kill";
  52.     else if(number == 38) funcName = "stat";
  53.     else if(number == 39) funcName = "getppid";
  54.     else if(number == 40) funcName = "lstat";
  55.     else if(number == 41) funcName = "dup";
  56.     else if(number == 42) funcName = "pipe";
  57.     else if(number == 43) funcName = "getegid";
  58.     else if(number == 44) funcName = "profil";
  59.     else if(number == 45) funcName = "ktrace";
  60.     else if(number == 46) funcName = "sigaction";
  61.     else if(number == 47) funcName = "getgid";
  62.     else if(number == 48) funcName = "sigprocmask";
  63.     else if(number == 49) funcName = "getlogin";
  64.     else if(number == 50) funcName = "setlogin";
  65.     else if(number == 51) funcName = "acct";
  66.     else if(number == 52) funcName = "sigpending";
  67.     else if(number == 53) funcName = "sigaltstack";
  68.     else if(number == 54) funcName = "ioctl";
  69.     else if(number == 55) funcName = "reboot";
  70.     else if(number == 56) funcName = "revoke";
  71.     else if(number == 57) funcName = "symlink";
  72.     else if(number == 58) funcName = "readlink";
  73.     else if(number == 59) funcName = "execve";
  74.     else if(number == 60) funcName = "umask";
  75.     else if(number == 61) funcName = "chroot";
  76.     else if(number == 62) funcName = "fstat";
  77.     else if(number == 63) funcName = "getkerninfo";
  78.     else if(number == 64) funcName = "getpagesize";
  79.     else if(number == 65) funcName = "msync";
  80.     else if(number == 66) funcName = "vfork";
  81.     else if(number == 67) funcName = "vread";
  82.     else if(number == 68) funcName = "vwrite";
  83.     else if(number == 69) funcName = "sbrk";
  84.     else if(number == 70) funcName = "sstk";
  85.     else if(number == 71) funcName = "mmap";
  86.     else if(number == 72) funcName = "ovadvise";
  87.     else if(number == 73) funcName = "munmap";
  88.     else if(number == 74) funcName = "mprotect";
  89.     else if(number == 75) funcName = "madvise";
  90.     else if(number == 76) funcName = "vhangup";
  91.     else if(number == 77) funcName = "vlimit";
  92.     else if(number == 78) funcName = "mincore";
  93.     else if(number == 79) funcName = "getgroups";
  94.     else if(number == 80) funcName = "setgroups";
  95.     else if(number == 81) funcName = "getpgrp";
  96.     else if(number == 82) funcName = "setpgid";
  97.     else if(number == 83) funcName = "setitimer";
  98.     else if(number == 84) funcName = "wait";
  99.     else if(number == 85) funcName = "swapon";
  100.     else if(number == 86) funcName = "getitimer";
  101.     else if(number == 87) funcName = "gethostname";
  102.     else if(number == 88) funcName = "sethostname";
  103.     else if(number == 89) funcName = "getdtablesize";
  104.     else if(number == 90) funcName = "dup2";
  105.     else if(number == 91) funcName = "getdopt";
  106.     else if(number == 92) funcName = "fcntl";
  107.     else if(number == 93) funcName = "select";
  108.     else if(number == 94) funcName = "setdopt";
  109.     else if(number == 95) funcName = "fsync";
  110.     else if(number == 96) funcName = "setpriority";
  111.     else if(number == 97) funcName = "socket";
  112.     else if(number == 98) funcName = "connect";
  113.     else if(number == 99) funcName = "accept";
  114.     else if(number == 100) funcName = "getpriority";
  115.     else if(number == 101) funcName = "send";
  116.     else if(number == 102) funcName = "recv";
  117.     else if(number == 103) funcName = "sigreturn";
  118.     else if(number == 104) funcName = "bind";
  119.     else if(number == 105) funcName = "setsockopt";
  120.     else if(number == 106) funcName = "listen";
  121.     else if(number == 107) funcName = "vtimes";
  122.     else if(number == 108) funcName = "sigvec";
  123.     else if(number == 109) funcName = "sigblock";
  124.     else if(number == 110) funcName = "sigsetmask";
  125.     else if(number == 111) funcName = "sigsuspend";
  126.     else if(number == 112) funcName = "sigstack";
  127.     else if(number == 113) funcName = "recvmsg";
  128.     else if(number == 114) funcName = "sendmsg";
  129.     else if(number == 115) funcName = "vtrace";
  130.     else if(number == 116) funcName = "gettimeofday";
  131.     else if(number == 117) funcName = "getrusage";
  132.     else if(number == 118) funcName = "getsockopt";
  133.     else if(number == 119) funcName = "resuba";
  134.     else if(number == 120) funcName = "readv";
  135.     else if(number == 121) funcName = "writev";
  136.     else if(number == 122) funcName = "settimeofday";
  137.     else if(number == 123) funcName = "fchown";
  138.     else if(number == 124) funcName = "fchmod";
  139.     else if(number == 125) funcName = "recvfrom";
  140.     else if(number == 126) funcName = "setreuid";
  141.     else if(number == 127) funcName = "setregid";
  142.     else if(number == 128) funcName = "rename";
  143.     else if(number == 129) funcName = "truncate";
  144.     else if(number == 130) funcName = "ftruncate";
  145.     else if(number == 131) funcName = "flock";
  146.     else if(number == 132) funcName = "mkfifo";
  147.     else if(number == 133) funcName = "sendto";
  148.     else if(number == 134) funcName = "shutdown";
  149.     else if(number == 135) funcName = "socketpair";
  150.     else if(number == 136) funcName = "mkdir";
  151.     else if(number == 137) funcName = "rmdir";
  152.     else if(number == 138) funcName = "utimes";
  153.     else if(number == 139) funcName = "sigreturn";
  154.     else if(number == 140) funcName = "adjtime";
  155.     else if(number == 141) funcName = "getpeername";
  156.     else if(number == 142) funcName = "gethostid";
  157.     else if(number == 143) funcName = "sethostid";
  158.     else if(number == 144) funcName = "getrlimit";
  159.     else if(number == 145) funcName = "setrlimit";
  160.     else if(number == 146) funcName = "killpg";
  161.     else if(number == 147) funcName = "setsid";
  162.     else if(number == 148) funcName = "quotactl";
  163.     else if(number == 149) funcName = "quota";
  164.     else if(number == 150) funcName = "getsockname";
  165.     else if(number == 151) funcName = "sem_lock";
  166.     else if(number == 152) funcName = "sem_wakeup";
  167.     else if(number == 153) funcName = "asyncdaemon";
  168.     else if(number == 154) funcName = "nlm_syscall";
  169.     else if(number == 155) funcName = "nfssvc";
  170.     else if(number == 156) funcName = "getdirentries";
  171.     else if(number == 157) funcName = "statfs";
  172.     else if(number == 158) funcName = "fstatfs";
  173.     else if(number == 160) funcName = "lgetfh";
  174.     else if(number == 161) funcName = "getfh";
  175.     else if(number == 162) funcName = "getdomainname";
  176.     else if(number == 163) funcName = "setdomainname";
  177.     else if(number == 164) funcName = "uname";
  178.     else if(number == 165) funcName = "sysarch";
  179.     else if(number == 166) funcName = "rtprio";
  180.     else if(number == 169) funcName = "semsys";
  181.     else if(number == 170) funcName = "msgsys";
  182.     else if(number == 171) funcName = "shmsys";
  183.     else if(number == 173) funcName = "pread";
  184.     else if(number == 174) funcName = "pwrite";
  185.     else if(number == 175) funcName = "setfib";
  186.     else if(number == 176) funcName = "ntp_adjtime";
  187.     else if(number == 177) funcName = "sfork";
  188.     else if(number == 178) funcName = "getdescriptor";
  189.     else if(number == 179) funcName = "setdescriptor";
  190.     else if(number == 181) funcName = "setgid";
  191.     else if(number == 182) funcName = "setegid";
  192.     else if(number == 183) funcName = "seteuid";
  193.     else if(number == 184) funcName = "lfs_bmapv";
  194.     else if(number == 185) funcName = "lfs_markv";
  195.     else if(number == 186) funcName = "lfs_segclean";
  196.     else if(number == 187) funcName = "lfs_segwait";
  197.     else if(number == 188) funcName = "stat";
  198.     else if(number == 189) funcName = "fstat";
  199.     else if(number == 190) funcName = "lstat";
  200.     else if(number == 191) funcName = "pathconf";
  201.     else if(number == 192) funcName = "fpathconf";
  202.     else if(number == 194) funcName = "getrlimit";
  203.     else if(number == 195) funcName = "setrlimit";
  204.     else if(number == 196) funcName = "getdirentries";
  205.     else if(number == 197) funcName = "mmap";
  206.     else if(number == 198) funcName = "nosys";
  207.     else if(number == 199) funcName = "lseek";
  208.     else if(number == 200) funcName = "truncate";
  209.     else if(number == 201) funcName = "ftruncate";
  210.     else if(number == 202) funcName = "sysctl";
  211.     else if(number == 203) funcName = "mlock";
  212.     else if(number == 204) funcName = "munlock";
  213.     else if(number == 205) funcName = "undelete";
  214.     else if(number == 206) funcName = "futimes";
  215.     else if(number == 207) funcName = "getpgid";
  216.     else if(number == 208) funcName = "newreboot";
  217.     else if(number == 209) funcName = "poll";
  218.     else if(number == 220) funcName = "semctl";
  219.     else if(number == 221) funcName = "semget";
  220.     else if(number == 222) funcName = "semop";
  221.     else if(number == 223) funcName = "semconfig";
  222.     else if(number == 224) funcName = "msgctl";
  223.     else if(number == 225) funcName = "msgget";
  224.     else if(number == 226) funcName = "msgsnd";
  225.     else if(number == 227) funcName = "msgrcv";
  226.     else if(number == 228) funcName = "shmat";
  227.     else if(number == 229) funcName = "shmctl";
  228.     else if(number == 230) funcName = "shmdt";
  229.     else if(number == 231) funcName = "shmget";
  230.     else if(number == 232) funcName = "clock_gettime";
  231.     else if(number == 233) funcName = "clock_settime";
  232.     else if(number == 234) funcName = "clock_getres";
  233.     else if(number == 235) funcName = "ktimer_create";
  234.     else if(number == 236) funcName = "ktimer_delete";
  235.     else if(number == 237) funcName = "ktimer_settime";
  236.     else if(number == 238) funcName = "ktimer_gettime";
  237.     else if(number == 239) funcName = "ktimer_getoverrun";
  238.     else if(number == 240) funcName = "nasleep";
  239.     else if(number == 241) funcName = "ffclock_getcounter";
  240.     else if(number == 242) funcName = "ffclock_setestimate";
  241.     else if(number == 243) funcName = "ffclock_getestimate";
  242.     else if(number == 247) funcName = "clock_getcpuclockid2";
  243.     else if(number == 248) funcName = "ntp_gettime";
  244.     else if(number == 250) funcName = "minherit";
  245.     else if(number == 251) funcName = "rfork";
  246.     else if(number == 252) funcName = "openbsd_poll";
  247.     else if(number == 253) funcName = "issetugid";
  248.     else if(number == 254) funcName = "lchown";
  249.     else if(number == 255) funcName = "aio_read";
  250.     else if(number == 256) funcName = "aio_write";
  251.     else if(number == 257) funcName = "lio_listio";
  252.     else if(number == 272) funcName = "getdents";
  253.     else if(number == 274) funcName = "lchmod";
  254.     else if(number == 275) funcName = "lchown";
  255.     else if(number == 276) funcName = "lutimes";
  256.     else if(number == 277) funcName = "msync";
  257.     else if(number == 278) funcName = "nstat";
  258.     else if(number == 279) funcName = "nfstat";
  259.     else if(number == 280) funcName = "nlstat";
  260.     else if(number == 289) funcName = "preadv";
  261.     else if(number == 290) funcName = "pwritev";
  262.     else if(number == 297) funcName = "fhstatfs";
  263.     else if(number == 298) funcName = "fhopen";
  264.     else if(number == 299) funcName = "fhstat";
  265.     else if(number == 300) funcName = "modnext";
  266.     else if(number == 301) funcName = "modstat";
  267.     else if(number == 302) funcName = "modfnext";
  268.     else if(number == 303) funcName = "modfind";
  269.     else if(number == 304) funcName = "kldload";
  270.     else if(number == 305) funcName = "kldunload";
  271.     else if(number == 306) funcName = "kldfind";
  272.     else if(number == 307) funcName = "kldnext";
  273.     else if(number == 308) funcName = "kldstat";
  274.     else if(number == 309) funcName = "kldfirstmod";
  275.     else if(number == 310) funcName = "getsid";
  276.     else if(number == 311) funcName = "setresuid";
  277.     else if(number == 312) funcName = "setresgid";
  278.     else if(number == 313) funcName = "signasleep";
  279.     else if(number == 314) funcName = "aio_return";
  280.     else if(number == 315) funcName = "aio_suspend";
  281.     else if(number == 316) funcName = "aio_cancel";
  282.     else if(number == 317) funcName = "aio_error";
  283.     else if(number == 318) funcName = "aio_read";
  284.     else if(number == 319) funcName = "aio_write";
  285.     else if(number == 320) funcName = "lio_listio";
  286.     else if(number == 321) funcName = "yield";
  287.     else if(number == 322) funcName = "thr_sleep";
  288.     else if(number == 323) funcName = "thr_wakeup";
  289.     else if(number == 324) funcName = "mlockall";
  290.     else if(number == 325) funcName = "munlockall";
  291.     else if(number == 326) funcName = "getcwd";
  292.     else if(number == 327) funcName = "sched_setparam";
  293.     else if(number == 328) funcName = "sched_getparam";
  294.     else if(number == 329) funcName = "sched_setscheduler";
  295.     else if(number == 330) funcName = "sched_getscheduler";
  296.     else if(number == 331) funcName = "sched_yield";
  297.     else if(number == 332) funcName = "sched_get_priority_max";
  298.     else if(number == 333) funcName = "sched_get_priority_min";
  299.     else if(number == 334) funcName = "sched_rr_get_interval";
  300.     else if(number == 335) funcName = "utrace";
  301.     else if(number == 336) funcName = "sendfile";
  302.     else if(number == 337) funcName = "kldsym";
  303.     else if(number == 338) funcName = "jail";
  304.     else if(number == 339) funcName = "nnpfs_syscall";
  305.     else if(number == 340) funcName = "sigprocmask";
  306.     else if(number == 341) funcName = "sigsuspend";
  307.     else if(number == 342) funcName = "sigaction";
  308.     else if(number == 343) funcName = "sigpending";
  309.     else if(number == 344) funcName = "sigreturn";
  310.     else if(number == 345) funcName = "sigtimedwait";
  311.     else if(number == 346) funcName = "sigwaitinfo";
  312.     else if(number == 347) funcName = "acl_get_file";
  313.     else if(number == 348) funcName = "acl_set_file";
  314.     else if(number == 349) funcName = "acl_get_fd";
  315.     else if(number == 350) funcName = "acl_set_fd";
  316.     else if(number == 351) funcName = "acl_delete_file";
  317.     else if(number == 352) funcName = "acl_delete_fd";
  318.     else if(number == 353) funcName = "acl_aclcheck_file";
  319.     else if(number == 354) funcName = "acl_aclcheck_fd";
  320.     else if(number == 355) funcName = "extattrctl";
  321.     else if(number == 356) funcName = "extattr_set_file";
  322.     else if(number == 357) funcName = "extattr_get_file";
  323.     else if(number == 358) funcName = "extattr_delete_file";
  324.     else if(number == 359) funcName = "aio_waitcomplete";
  325.     else if(number == 360) funcName = "getresuid";
  326.     else if(number == 361) funcName = "getresgid";
  327.     else if(number == 362) funcName = "kqueue";
  328.     else if(number == 363) funcName = "kevent";
  329.     else if(number == 364) funcName = "cap_get_proc";
  330.     else if(number == 365) funcName = "cap_set_proc";
  331.     else if(number == 366) funcName = "cap_get_fd";
  332.     else if(number == 367) funcName = "cap_get_file";
  333.     else if(number == 368) funcName = "cap_set_fd";
  334.     else if(number == 369) funcName = "cap_set_file";
  335.     else if(number == 371) funcName = "extattr_set_fd";
  336.     else if(number == 372) funcName = "extattr_get_fd";
  337.     else if(number == 373) funcName = "extattr_delete_fd";
  338.     else if(number == 374) funcName = "setugid";
  339.     else if(number == 375) funcName = "nfsclnt";
  340.     else if(number == 376) funcName = "eaccess";
  341.     else if(number == 377) funcName = "afs3_syscall";
  342.     else if(number == 378) funcName = "nmount";
  343.     else if(number == 379) funcName = "kse_exit";
  344.     else if(number == 380) funcName = "kse_wakeup";
  345.     else if(number == 381) funcName = "kse_create";
  346.     else if(number == 382) funcName = "kse_thr_interrupt";
  347.     else if(number == 383) funcName = "kse_release";
  348.     else if(number == 384) funcName = "mac_get_proc";
  349.     else if(number == 385) funcName = "mac_set_proc";
  350.     else if(number == 386) funcName = "mac_get_fd";
  351.     else if(number == 387) funcName = "mac_get_file";
  352.     else if(number == 388) funcName = "mac_set_fd";
  353.     else if(number == 389) funcName = "mac_set_file";
  354.     else if(number == 390) funcName = "kenv";
  355.     else if(number == 391) funcName = "lchflags";
  356.     else if(number == 392) funcName = "uuidgen";
  357.     else if(number == 393) funcName = "sendfile";
  358.     else if(number == 394) funcName = "mac_syscall";
  359.     else if(number == 395) funcName = "getfsstat";
  360.     else if(number == 396) funcName = "statfs";
  361.     else if(number == 397) funcName = "fstatfs";
  362.     else if(number == 398) funcName = "fhstatfs";
  363.     else if(number == 400) funcName = "ksem_close";
  364.     else if(number == 401) funcName = "ksem_post";
  365.     else if(number == 402) funcName = "ksem_wait";
  366.     else if(number == 403) funcName = "ksem_trywait";
  367.     else if(number == 404) funcName = "ksem_init";
  368.     else if(number == 405) funcName = "ksem_open";
  369.     else if(number == 406) funcName = "ksem_unlink";
  370.     else if(number == 407) funcName = "ksem_getvalue";
  371.     else if(number == 408) funcName = "ksem_destroy";
  372.     else if(number == 409) funcName = "mac_get_pid";
  373.     else if(number == 410) funcName = "mac_get_link";
  374.     else if(number == 411) funcName = "mac_set_link";
  375.     else if(number == 412) funcName = "extattr_set_link";
  376.     else if(number == 413) funcName = "extattr_get_link";
  377.     else if(number == 414) funcName = "extattr_delete_link";
  378.     else if(number == 415) funcName = "mac_execve";
  379.     else if(number == 416) funcName = "sigaction";
  380.     else if(number == 417) funcName = "sigreturn";
  381.     else if(number == 418) funcName = "xstat";
  382.     else if(number == 419) funcName = "xfstat";
  383.     else if(number == 420) funcName = "xlstat";
  384.     else if(number == 421) funcName = "getcontext";
  385.     else if(number == 422) funcName = "setcontext";
  386.     else if(number == 423) funcName = "swapcontext";
  387.     else if(number == 424) funcName = "swapoff";
  388.     else if(number == 425) funcName = "acl_get_link";
  389.     else if(number == 426) funcName = "acl_set_link";
  390.     else if(number == 427) funcName = "acl_delete_link";
  391.     else if(number == 428) funcName = "acl_aclcheck_link";
  392.     else if(number == 429) funcName = "sigwait";
  393.     else if(number == 430) funcName = "thr_create";
  394.     else if(number == 431) funcName = "thr_exit";
  395.     else if(number == 432) funcName = "thr_self";
  396.     else if(number == 433) funcName = "thr_kill";
  397.     else if(number == 436) funcName = "jail_attach";
  398.     else if(number == 437) funcName = "extattr_list_fd";
  399.     else if(number == 438) funcName = "extattr_list_file";
  400.     else if(number == 439) funcName = "extattr_list_link";
  401.     else if(number == 440) funcName = "kse_switchin";
  402.     else if(number == 441) funcName = "ksem_timedwait";
  403.     else if(number == 442) funcName = "thr_suspend";
  404.     else if(number == 443) funcName = "thr_wake";
  405.     else if(number == 444) funcName = "kldunloadf";
  406.     else if(number == 445) funcName = "audit";
  407.     else if(number == 446) funcName = "auditon";
  408.     else if(number == 447) funcName = "getauid";
  409.     else if(number == 448) funcName = "setauid";
  410.     else if(number == 449) funcName = "getaudit";
  411.     else if(number == 450) funcName = "setaudit";
  412.     else if(number == 451) funcName = "getaudit_addr";
  413.     else if(number == 452) funcName = "setaudit_addr";
  414.     else if(number == 453) funcName = "auditctl";
  415.     else if(number == 454) funcName = "umtx_op";
  416.     else if(number == 455) funcName = "thr_new";
  417.     else if(number == 456) funcName = "sigqueue";
  418.     else if(number == 457) funcName = "kmq_open";
  419.     else if(number == 458) funcName = "kmq_setattr";
  420.     else if(number == 459) funcName = "kmq_timedreceive";
  421.     else if(number == 460) funcName = "kmq_timedsend";
  422.     else if(number == 461) funcName = "kmq_tify";
  423.     else if(number == 462) funcName = "kmq_unlink";
  424.     else if(number == 463) funcName = "abort2";
  425.     else if(number == 464) funcName = "thr_set_name";
  426.     else if(number == 465) funcName = "aio_fsync";
  427.     else if(number == 466) funcName = "rtprio_thread";
  428.     else if(number == 469) funcName = "getpath_fromfd";
  429.     else if(number == 470) funcName = "getpath_fromaddr";
  430.     else if(number == 471) funcName = "sctp_peeloff";
  431.     else if(number == 472) funcName = "sctp_generic_sendmsg";
  432.     else if(number == 473) funcName = "sctp_generic_sendmsg_iov";
  433.     else if(number == 474) funcName = "sctp_generic_recvmsg";
  434.     else if(number == 475) funcName = "pread";
  435.     else if(number == 476) funcName = "pwrite";
  436.     else if(number == 477) funcName = "mmap";
  437.     else if(number == 478) funcName = "lseek";
  438.     else if(number == 479) funcName = "truncate";
  439.     else if(number == 480) funcName = "ftruncate";
  440.     else if(number == 481) funcName = "thr_kill2";
  441.     else if(number == 482) funcName = "shm_open";
  442.     else if(number == 483) funcName = "shm_unlink";
  443.     else if(number == 484) funcName = "cpuset";
  444.     else if(number == 485) funcName = "cpuset_setid";
  445.     else if(number == 486) funcName = "cpuset_getid";
  446.     else if(number == 487) funcName = "cpuset_getaffinity";
  447.     else if(number == 488) funcName = "cpuset_setaffinity";
  448.     else if(number == 489) funcName = "faccessat";
  449.     else if(number == 490) funcName = "fchmodat";
  450.     else if(number == 491) funcName = "fchownat";
  451.     else if(number == 492) funcName = "fexecve";
  452.     else if(number == 493) funcName = "fstatat";
  453.     else if(number == 494) funcName = "futimesat";
  454.     else if(number == 495) funcName = "linkat";
  455.     else if(number == 496) funcName = "mkdirat";
  456.     else if(number == 497) funcName = "mkfifoat";
  457.     else if(number == 498) funcName = "mkdat";
  458.     else if(number == 499) funcName = "openat";
  459.     else if(number == 500) funcName = "readlinkat";
  460.     else if(number == 501) funcName = "renameat";
  461.     else if(number == 502) funcName = "symlinkat";
  462.     else if(number == 503) funcName = "unlinkat";
  463.     else if(number == 504) funcName = "posix_openpt";
  464.     else if(number == 505) funcName = "gssd_syscall";
  465.     else if(number == 506) funcName = "jail_get";
  466.     else if(number == 507) funcName = "jail_set";
  467.     else if(number == 508) funcName = "jail_remove";
  468.     else if(number == 509) funcName = "closefrom";
  469.     else if(number == 510) funcName = "semctl";
  470.     else if(number == 511) funcName = "msgctl";
  471.     else if(number == 512) funcName = "shmctl";
  472.     else if(number == 513) funcName = "lpathconf";
  473.     else if(number == 514) funcName = "cap_new";
  474.     else if(number == 515) funcName = "cap_rights_get";
  475.     else if(number == 516) funcName = "cap_enter";
  476.     else if(number == 517) funcName = "cap_getmode";
  477.     else if(number == 518) funcName = "pdfork";
  478.     else if(number == 519) funcName = "pdkill";
  479.     else if(number == 520) funcName = "pdgetpid";
  480.     else if(number == 521) funcName = "pdwait4";
  481.     else if(number == 522) funcName = "pselect";
  482.     else if(number == 523) funcName = "getloginclass";
  483.     else if(number == 524) funcName = "setloginclass";
  484.     else if(number == 525) funcName = "rctl_get_racct";
  485.     else if(number == 526) funcName = "rctl_get_rules";
  486.     else if(number == 527) funcName = "rctl_get_limits";
  487.     else if(number == 528) funcName = "rctl_add_rule";
  488.     else if(number == 529) funcName = "rctl_remove_rule";
  489.     else if(number == 530) funcName = "posix_fallocate";
  490.     else if(number == 531) funcName = "posix_fadvise";
  491.     else if(number == 532) funcName = "sys_regmgr_call";
  492.     else if(number == 533) funcName = "sys_jitshm_create";
  493.     else if(number == 534) funcName = "sys_jitshm_alias";
  494.     else if(number == 535) funcName = "sys_dl_get_list";
  495.     else if(number == 536) funcName = "sys_dl_get_info";
  496.     else if(number == 537) funcName = "sys_dl_notify_event";
  497.     else if(number == 538) funcName = "sys_evf_create";
  498.     else if(number == 539) funcName = "sys_evf_delete";
  499.     else if(number == 540) funcName = "sys_evf_open";
  500.     else if(number == 541) funcName = "sys_evf_close";
  501.     else if(number == 542) funcName = "sys_evf_wait";
  502.     else if(number == 543) funcName = "sys_evf_trywait";
  503.     else if(number == 544) funcName = "sys_evf_set";
  504.     else if(number == 545) funcName = "sys_evf_clear";
  505.     else if(number == 546) funcName = "sys_evf_cancel";
  506.     else if(number == 547) funcName = "sys_query_memory_protection";
  507.     else if(number == 548) funcName = "sys_batch_map";
  508.     else if(number == 549) funcName = "sys_osem_create";
  509.     else if(number == 550) funcName = "sys_osem_delete";
  510.     else if(number == 551) funcName = "sys_osem_open";
  511.     else if(number == 552) funcName = "sys_osem_close";
  512.     else if(number == 553) funcName = "sys_osem_wait";
  513.     else if(number == 554) funcName = "sys_osem_trywait";
  514.     else if(number == 555) funcName = "sys_osem_post";
  515.     else if(number == 556) funcName = "sys_osem_cancel";
  516.     else if(number == 557) funcName = "sys_namedobj_create";
  517.     else if(number == 558) funcName = "sys_namedobj_delete";
  518.     else if(number == 559) funcName = "sys_set_vm_container";
  519.     else if(number == 560) funcName = "sys_debug_init";
  520.     else if(number == 561) funcName = "sys_suspend_process";
  521.     else if(number == 562) funcName = "sys_resume_process";
  522.     else if(number == 563) funcName = "sys_opmc_enable";
  523.     else if(number == 564) funcName = "sys_opmc_disable";
  524.     else if(number == 565) funcName = "sys_opmc_set_ctl";
  525.     else if(number == 566) funcName = "sys_opmc_set_ctr";
  526.     else if(number == 567) funcName = "sys_opmc_get_ctr";
  527.     else if(number == 568) funcName = "sys_budget_create";
  528.     else if(number == 569) funcName = "sys_budget_delete";
  529.     else if(number == 570) funcName = "sys_budget_get";
  530.     else if(number == 571) funcName = "sys_budget_set";
  531.     else if(number == 572) funcName = "sys_virtual_query";
  532.     else if(number == 573) funcName = "sys_mdbg_call";
  533.     else if(number == 574) funcName = "sys_sblock_create";
  534.     else if(number == 575) funcName = "sys_sblock_delete";
  535.     else if(number == 576) funcName = "sys_sblock_enter";
  536.     else if(number == 577) funcName = "sys_sblock_exit";
  537.     else if(number == 578) funcName = "sys_sblock_xenter";
  538.     else if(number == 579) funcName = "sys_sblock_xexit";
  539.     else if(number == 580) funcName = "sys_eport_create";
  540.     else if(number == 581) funcName = "sys_eport_delete";
  541.     else if(number == 582) funcName = "sys_eport_trigger";
  542.     else if(number == 583) funcName = "sys_eport_open";
  543.     else if(number == 584) funcName = "sys_eport_close";
  544.     else if(number == 585) funcName = "sys_is_in_sandbox";
  545.     else if(number == 586) funcName = "sys_dmem_container";
  546.     else if(number == 587) funcName = "sys_get_authinfo";
  547.     else if(number == 588) funcName = "sys_mname";
  548.     else if(number == 589) funcName = "sys_dynlib_dlopen";
  549.     else if(number == 590) funcName = "sys_dynlib_dlclose";
  550.     else if(number == 591) funcName = "sys_dynlib_dlsym";
  551.     else if(number == 592) funcName = "sys_dynlib_get_list";
  552.     else if(number == 593) funcName = "sys_dynlib_get_info";
  553.     else if(number == 594) funcName = "sys_dynlib_load_prx";
  554.     else if(number == 595) funcName = "sys_dynlib_unload_prx";
  555.     else if(number == 596) funcName = "sys_dynlib_do_copy_relocations";
  556.     else if(number == 597) funcName = "sys_dynlib_prepare_dlclose";
  557.     else if(number == 598) funcName = "sys_dynlib_get_proc_param";
  558.     else if(number == 599) funcName = "sys_dynlib_process_needed_and_relocate";
  559.     else if(number == 600) funcName = "sys_sandbox_path";
  560.     else if(number == 601) funcName = "sys_mdbg_service";
  561.     else if(number == 602) funcName = "sys_randomized_path";
  562.     else if(number == 603) funcName = "sys_rdup";
  563.     else if(number == 604) funcName = "sys_dl_get_metadata";
  564.     else if(number == 605) funcName = "sys_workaround8849";
  565.     else if(number == 606) funcName = "sys_is_development_mode";
  566.     else if(number == 607) funcName = "sys_get_self_auth_info";
  567.     else if(number == 608) funcName = "sys_dynlib_get_info_ex";
  568.     else if(number == 609) funcName = "sys_budget_getid";
  569.     else if(number == 610) funcName = "sys_budget_get_ptype";
  570.     else if(number == 611) funcName = "sys_get_paging_stats_of_all_threads";
  571.     else if(number == 612) funcName = "sys_get_proc_type_info";
  572.     else if(number == 613) funcName = "sys_get_resident_count";
  573.     else if(number == 614) funcName = "sys_prepare_to_suspend_process";
  574.     else if(number == 615) funcName = "sys_get_resident_fmem_count";
  575.     else if(number == 616) funcName = "sys_thr_get_name";
  576.     else if(number == 617) funcName = "sys_set_gpo";
  577.     else if(number == 618) funcName = "sys_get_paging_stats_of_all_objects";
  578.     else if(number == 619) funcName = "sys_test_debug_rwmem";
  579.     else if(number == 620) funcName = "sys_free_stack";
  580.     else if(number == 621) funcName = "sys_suspend_system";
  581.     else if(number == 622) funcName = "sys_ipmimgr_call";
  582.     else if(number == 623) funcName = "sys_get_gpo";
  583.     else if(number == 624) funcName = "sys_get_vm_map_timestamp";
  584.     else if(number == 625) funcName = "sys_opmc_set_hw";
  585.     else if(number == 626) funcName = "sys_opmc_get_hw";
  586.     else if(number == 627) funcName = "sys_get_cpu_usage_all";
  587.     else if(number == 628) funcName = "sys_mmap_dmem";
  588.     else if(number == 629) funcName = "sys_physhm_open";
  589.     else if(number == 630) funcName = "sys_physhm_unlink";
  590.     else if(number == 631) funcName = "sys_resume_internal_hdd";
  591.     else if(number == 632) funcName = "sys_thr_suspend_ucontext";
  592.     else if(number == 633) funcName = "sys_thr_resume_ucontext";
  593.     else if(number == 634) funcName = "sys_thr_get_ucontext";
  594.     else if(number == 635) funcName = "sys_thr_set_ucontext";
  595.     else if(number == 636) funcName = "sys_set_timezone_info";
  596.     else if(number == 637) funcName = "sys_set_phys_fmem_limit";
  597.     else if(number == 638) funcName = "sys_utc_to_localtime";
  598.     else if(number == 639) funcName = "sys_localtime_to_utc";
  599.     else if(number == 640) funcName = "sys_set_uevt";
  600.     else if(number == 641) funcName = "sys_get_cpu_usage_proc";
  601.     else if(number == 642) funcName = "sys_get_map_statistics";
  602.     else if(number == 643) funcName = "sys_set_chicken_switches";
  603.     else if(number == 644) funcName = "sys_#644";
  604.     else if(number == 645) funcName = "sys_#645";
  605.     else if(number == 646) funcName = "sys_get_kernel_mem_statistics";
  606.     else if(number == 647) funcName = "sys_get_sdk_compiled_version";
  607.     else if(number == 648) funcName = "sys_app_state_change";
  608.     else if(number == 649) funcName = "sys_dynlib_get_obj_member";
  609.     else if(number == 650) funcName = "sys_budget_get_ptype_of_budget";
  610.     else if(number == 651) funcName = "sys_prepare_to_resume_process";
  611.     else if(number == 652) funcName = "sys_process_terminate";
  612.     else if(number == 653) funcName = "sys_blockpool_open";
  613.     else if(number == 654) funcName = "sys_blockpool_map";
  614.     else if(number == 655) funcName = "sys_blockpool_unmap";
  615.     else if(number == 656) funcName = "sys_dynlib_get_info_for_libdbg";
  616.     else if(number == 657) funcName = "sys_blockpool_batch";
  617.     else if(number == 658) funcName = "sys_fdatasync";
  618.     else if(number == 659) funcName = "sys_dynlib_get_list2";
  619.     else if(number == 660) funcName = "sys_dynlib_get_info2";
  620.     else if(number == 661) funcName = "sys_aio_submit";
  621.     else if(number == 662) funcName = "sys_aio_multi_delete";
  622.     else if(number == 663) funcName = "sys_aio_multi_wait";
  623.     else if(number == 664) funcName = "sys_aio_multi_poll";
  624.     else if(number == 665) funcName = "sys_aio_get_data";
  625.     else if(number == 666) funcName = "sys_aio_multi_cancel";
  626.     else if(number == 667) funcName = "sys_get_bio_usage_all";
  627.     else if(number == 668) funcName = "sys_aio_create";
  628.     else if(number == 669) funcName = "sys_aio_submit_cmd";
  629.     else if(number == 670) funcName = "sys_aio_init";
  630.     else if(number == 671) funcName = "sys_get_page_table_stats";
  631.     else if(number == 672) funcName = "sys_dynlib_get_list_for_libdbg";
  632.     return funcName;   
  633. }
  634.  
  635. static main() {
  636.     auto i, address, syscall;
  637.    
  638.     Message("[syscall syscall] created by cloverleafswag3\n");
  639.    
  640.    
  641.     address = FindBinary(0, SEARCH_DOWN, "48 C7  C0 ?? ?? 00 00 49 89 CA 0F 05");
  642.     syscall = Dword(address + 3);
  643.  
  644.     // Word function is not working! ill use Dword & 0xFFFFF, clear upper 16 bits
  645.     // check if valnumber
  646.     if(syscall < 1000 && ((Dword(address + 0x0A) & 0xFFFF) == 0x050F)) {
  647.         Message("[syscall syscall] address: 0x%X syscall: %i\n", address, syscall);
  648.         MakeNameEx(address, getSyscallName(syscall), 0);
  649.         MakeFunction(address, address + 0x18);
  650.         MakeQword(address + 0x18); // the nops
  651.     }
  652.  
  653.  
  654.  
  655.     // we should have less than 1k syscalls, so just do this a few times
  656.     for(i = 0; i < 1000; i = i + 1) {
  657.         address = FindBinary(address, 3, "48 C7  C0 ?? ?? 00 00 49 89 CA 0F 05");
  658.         if(address == 0xFFFFFFFFFFFFFFFF){ return;} // untill we hit the bottom, then just fuckin' quit
  659.         syscall = Dword(address + 3);
  660.  
  661.        
  662.         // Word function is not working! ill use Dword & 0xFFFFF, clear upper 16 bits
  663.         // check if valnumber
  664.         if(syscall < 1000 && ((Dword(address + 0x0A) & 0xFFFF) == 0x050F)) {
  665.             Message("[syscall syscall] address: 0x%X syscall: %i\n", address, syscall);
  666.             MakeNameEx(address, getSyscallName(syscall), 0);
  667.             MakeFunction(address, address + 0x18);
  668.             MakeQword(address + 0x18); // the nops
  669.         }
  670.     }
  671. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top