After continuing to see new tools emerging, which rely on extracting the NTDLL syscall IDs from "mov eax, X" instruction, I wanted to remind everyone that syscall IDs can easily be calculated by sorting the addresses of Nt*/Zw* functions in NTDLL from lowest to highest. 🍻