SyscallProvider is a feature available from Windows 11 22H2, that allows for inline hooking of syscalls.
This unfinished research was done on Windows 11 22H2. The feature is fully undocumented at the moment and it looks like it's locked to Microsoft-signed drivers.
All of the information here was gathered by manual reverse engineering of securekernel.exe, skci.dll and ntoskrnl.exe.
The kernel exports three functions to work with the new feature: PsRegisterSyscallProvider, PsQuerySyscallProviderInformation, PsUnregisterSyscallProvider.
This writeup will explore how this feature is initialized, how it works internally, and how to interact with it and use it.
Cr4sh
/ SyscallProvider.md
Created
May 27, 2025 07:35
— forked from Kristal-g/SyscallProvider.md
Cr4sh
/ guide-change-imei-snapdragon.md
Created
October 16, 2024 18:31
— forked from Proxy13/guide-change-imei-snapdragon.md
[GUIDE] How to change IMEI on Snapdragon devices
FOR EDUCATIONAL PURPOSE ONLY, CHANGING IMEI IS ILLEGAL IN MOST COUNTRIES, MAKE SURE YOU CONVINCE YOUR ACTIONS BEFORE DOING THIS.
I DON'T RESPONSIBLE IF YOUR DEVICE IS BROKEN OR THE IMEI IS NOT CHANGED CAUSED BY YOU DIDN'T FOLLOW THE STEPS CAREFULLY OR HAVING A DIFFERENT EFS PARTITION SCHEME.
This guide was tested on Google Pixel 3, different device may also have a different EFS partition scheme, please make sure you adjust it with this guide. Other Google Pixel devices may use this guide without adjusting.
Cr4sh
/ gist:fdd62b94315deed78beb3ec4b6fa95d4
Created
July 23, 2019 22:35
— forked from tai2/gist:1104429
UPnP Port Mapper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # UPnP Port Mapper | |
| import os | |
| import sys | |
| import re | |
| import urllib2 | |
| from xml import sax | |
| from xml.sax import handler | |
| from xml.sax.handler import feature_namespaces | |
| import socket |