Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 13, 20262026-05-13T10:07:38+00:00 2026-05-13T10:07:38+00:00

How do you find out what number each sys call is? Like on SP3

0

How do you find out what number each sys call is? Like on SP3 ZwCreateFile is

ZwCreateFile:
    mov eax, 0x25
    mov edx, 0x7ffe0300
    call [edx]
    retn 0x2c

How do you find out that ZwCreateFile is 0x25?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-13T10:07:38+00:00Added an answer on May 13, 2026 at 10:07 am
Windows System Call Table (NT/2000/XP/2003/Vista) says that NtCreateFile (the same function as ZwCreateFile, see MSDN and many others) is

Windows NT Windows 2000 Windows XP W2K3 Vista SP3 SP4 SP5 SP6 SP0 SP1 SP2 SP3 SP4 SP0 SP1 SP2 SP0 SP1 SP0 0x17 0x17 0x17 0x17 0x20 0x20 0x20 0x20 0x20 0x25 0x25 0x25 0x27 0x27 0x3b

You can easily discover these for yourself by dumping the syscall table nt!KiServiceTable using kd or WinDbg.

Information from the Sysinternals forums.
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report