https://github.com/dk0m/syswhispersd

Implementation Of SysWhispers Direct / Indirect System Call Technique In D.
https://github.com/dk0m/syswhispersd

dlang edr-evasion evasion malware syswhispers windows windows-internals

Last synced: about 1 year ago
JSON representation

Implementation Of SysWhispers Direct / Indirect System Call Technique In D.

• Host: GitHub
• URL: https://github.com/dk0m/syswhispersd
• Owner: dk0m
• License: mit
• Created: 2024-07-24T16:40:17.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-05-29T00:04:50.000Z (about 1 year ago)
• Last Synced: 2025-06-07T08:17:18.979Z (about 1 year ago)
• Topics: dlang, edr-evasion, evasion, malware, syswhispers, windows, windows-internals
• Language: D
• Homepage:
• Size: 34.2 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# SysWhispersD

Implementation Of SysWhispers Direct System Call Technique In D.

## Usage

```

$ python gen.py --type direct --functions NtAllocateVirtualMemory,NtProtectVirtualMemory,NtWriteVirtualMemory,NtCreateThreadEx --output syscalls.d

```

## Acknowledgement

Thanks to [SysWhispers2](https://github.com/jthuraisamy/SysWhispers2) for alot of ideas for this, SysWhispers2's inline assembly has been used in this project.

[KlezVirus](https://github.com/klezVirus/) for the function prototypes JSON file and [SysWhispers3](https://github.com/klezVirus/SysWhispers3/) project.

## Limitations

Due to the nature of C and D structs and them being different, Their conversion can be really tedious, Hence why I only made the generator output function definitions.