The initial output (
syscalls-asm.h) are created as an example for WdToggle.
Additional guidance can be found in this blog post: https://outflank.nl/blog/?p=1592
Raphael Mudge (the creator of Cobalt Strike) created a tutorial video on how to use this tool: https://www.youtube.com/watch?v=mZyMs2PP38w
What is this repository for?
Demonstrate the ability to easily use syscalls using inline assembly in BOFs.
How do I set this up?
- (Optionally) Install SysWhispers
git clone https://github.com/jthuraisamy/SysWhispers.git
pip3 install -r .\requirements.txt
py .\syswhispers.py --versions 7,8,10 -o syscallswas used to generate the included
- Clone this repository.
- Update which functions are required in
functions.txtto include only necessary functions from syscalls.asm.
- Run the
python InlineWhispers.pycommand to generate the inline assembly (
syscalls-asm.h) header file.
- Remove function definitions in
Syscalls.hthat are not included.
Syscalls.hin your project.
Syscalls.hheader file provided includes many extern function definitions by default. This can lead to compilation without actually having the function included in your object (if not removed).
- Inline assembly is only supported by Mingw-w64. Visual Studio does not support inline assembly.