AI Architecture Analysis
This repository is indexed by RepoMind. By analyzing hfiref0x/NtCall64 in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.
Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context on-demand, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.
Embed this Badge
Showcase RepoMind's analysis directly in your repository's README.
Repository Overview (README excerpt)
Crawler viewNTCALL64 Windows NT x64 syscall fuzzer NTCALL64 is a syscall fuzzer for 64-bit Windows NT 6+ (Windows 7 and later), based on the original NtCall by Peter Kosyh. Its purpose is to port and extend the functionality of NtCall for x64 Windows, enabling researchers to fuzz system call tables ( and optionally ) for vulnerabilities and stability issues. --- Table of Contents • System Requirements • Usage • Configuration • Build • Warnings • Bugs Found with NtCall64 • Authors --- System Requirements • x64 version of Windows 10 or 11 • Administrative privileges recommended for full functionality --- Usage **Options:** | Option | Description | |-----------------|-------------------------------------------------------------------------------------------------------------| | | Show help information | | | Fuzz the win32k graphical subsystem service table (aka Shadow SSDT); default is ntoskrnl table | | | Enable logging of call parameters (reduces performance) | | | Output log destination (COM port name like , , or file name, default: if omitted)| | | Fuzz only the syscall with the supplied numeric ID (from any table); disables blacklists | | | Set number of passes for each syscall (default: 65536) | | | Set thread wait timeout in seconds (default: 30; if logging, timeout is 240) | | | Start fuzzing from the specified syscall table index (default: 0) | | | Enable heuristics when building syscall parameters | | | Attempt to run program from LocalSystem account | **Examples:** **Notes:** • If run without parameters, fuzzes all ntoskrnl ( ) services. • When using , blacklists are ignored and the thread timeout is set to infinite. • Logging can be sent to a serial port or a file. COM port logging is for hardware debugging. --- Configuration You can blacklist specific services using the configuration file. Add service names (case-sensitive) to the appropriate or section. **Example (snippet):** --- Build NTCALL64 is written in C with minimal assembler use. You need Microsoft Visual Studio 2017 or later. **Instructions:** • Open the solution in Visual Studio. • Set the Platform Toolset: • v141 for VS 2017 • v142 for VS 2019 • v143 for VS 2022 • Set the Target Platform Version: • 8.1 for v140 • 10 for v141 and above • Minimum required Windows SDK version: 8.1 --- Warnings > **This tool is for research and development. It may crash your system, cause instability, or data loss.** > > Use only in a controlled environment. > **You are responsible for any damage caused by running NtCall64.** **Tip:** Before using, set up crash dump settings (see MSDN docs) for easier debugging. --- Bugs Found with NtCall64 • win32k!NtGdiDdDDISetHwProtectionTeardownRecovery • win32k!NtUserCreateActivationObject • win32k!NtUserOpenDesktop • win32k!NtUserSetWindowsHookEx • win32k!NtUserInitialize → win32kbase!Win32kBaseUserInitialize • win32k!NtUserRegisterCoreMessagingEndPoint • nt!NtLoadEnclaveData • nt!NtCreateIoRing • nt!NtQueryInformationCpuPartition --- Support If you find this project interesting, you can buy me a coffee BTC (Bitcoin): bc1qzkvtpa0053cagf35dqmpvv9k8hyrwl7krwdz84q39mcpy68y6tmqsju0g4 --- Authors (c) 2016 - 2026 NTCALL64 Project Original NtCall by Peter Kosyh aka Gloomy (c) 2001, gl00my.chat.ru ---