Skip to main content

Requirements

System Requirements

  • Operating System: Windows 7+ (for target compilation), any OS with Python for generation
  • Python: 3.10 or higher
  • Git: For cloning the repository
SysWhispers4 uses type annotations throughout the codebase, requiring Python 3.10+.

Compiler Requirements

Choose one based on your target environment:

Installation Steps

1

Clone the Repository

git clone https://github.com/CyberSecurityUP/SysWhispers4
cd SysWhispers4
The repository includes:
  • syswhispers.py — Main CLI tool
  • core/ — Generation engine
  • data/ — Syscall tables and function prototypes
  • scripts/ — Utility scripts
  • examples/ — Sample integration code
2

Verify Python Version

python --version
# or
python3 --version
Should output Python 3.10.x or higher.
If you have Python < 3.10, you’ll see import errors related to type annotations. Upgrade to Python 3.10+.
3

(Optional) Update Syscall Tables

The repository includes pre-populated syscall tables from j00ru’s database. To fetch the latest:
python scripts/update_syscall_table.py
This updates:
  • data/syscalls_nt_x64.json — x64 syscall numbers
  • data/syscalls_nt_x86.json — x86 syscall numbers
Covers:
  • Windows 7 SP1 through Windows 11 24H2
  • Windows Server 2022/2025
This step is only required if you plan to use --resolve static (static embedded SSN table). Dynamic methods like FreshyCalls don’t need updated tables.
4

Verify Installation

Test that SysWhispers4 runs correctly:
python syswhispers.py --list-functions
You should see a list of 64 supported NT functions:
Available functions (64):
  NtAdjustPrivilegesToken (4 params)
  NtAlertResumeThread (2 params)
  NtAlertThread (1 params)
  NtAllocateVirtualMemory (6 params)
  NtAllocateVirtualMemoryEx (7 params)
  ...

Project Structure

SysWhispers4/
├── syswhispers.py              # CLI entry point
├── core/
│   ├── models.py               # Enums, dataclasses (8 resolution, 4 invocation methods)
│   ├── generator.py            # Code generation engine (~1900 lines)
│   ├── obfuscator.py           # Obfuscation: junk, eggs, XOR, string encryption
│   └── utils.py                # Hashes (DJB2, CRC32, FNV-1a), data loading
├── data/
│   ├── prototypes.json         # 64 NT function signatures
│   ├── presets.json            # 8 function presets
│   ├── syscalls_nt_x64.json   # x64 SSN table (Win7–Win11 24H2)
│   └── syscalls_nt_x86.json   # x86 SSN table
├── scripts/
│   └── update_syscall_table.py # Auto-fetch latest j00ru table
└── examples/
    └── example_injection.c     # Reference integration example

Dependencies

SysWhispers4 has zero runtime dependencies beyond Python standard library:
  • argparse — CLI parsing
  • json — Data file parsing
  • dataclasses — Type-safe configuration
  • pathlib — Cross-platform path handling
  • enum — Type enumerations
No pip install required! SysWhispers4 uses only Python standard library.

Architecture Support

ArchitectureSyscall InstructionSSN RegisterSupported Methods
x64syscalleaxAll (embedded, indirect, randomized, egg)
x86sysentereaxEmbedded + Egg
WoW64syscall (64-bit)eaxAll (x64 stubs from 32-bit PE)
ARM64svc #0w8Embedded
Standard 64-bit Windows compilation:
python syswhispers.py --preset common --arch x64
  • Uses syscall instruction
  • SSN loaded into eax
  • Parameters follow x64 calling convention: rcx, rdx, r8, r9, [stack]

Compiler Configuration

MSVC (Visual Studio)

1

Create New Project

  • Open Visual Studio
  • File → New → Project
  • Select “Empty Project” (C++)
2

Enable MASM

  • Right-click project → Build Dependencies → Build Customizations
  • Check masm (.targets, .props)
  • Click OK
3

Add Generated Files

After running SysWhispers4, add all generated files:
  • SW4Syscalls_Types.h
  • SW4Syscalls.h
  • SW4Syscalls.c
  • SW4Syscalls.asm
Right-click project → Add → Existing Item → Select files
4

Verify ASM File Properties

Right-click SW4Syscalls.asm → Properties:
  • Item Type: Microsoft Macro Assembler
  • If not set, change from “C/C++ Compiler” to “Microsoft Macro Assembler”

MinGW / Clang

1

Generate with Correct Compiler Flag

python syswhispers.py --preset common --compiler mingw
# or
python syswhispers.py --preset common --compiler clang
This generates GAS inline assembly instead of MASM syntax.
2

Compile Your Project

x86_64-w64-mingw32-gcc -masm=intel \
    your_code.c SW4Syscalls.c SW4Syscalls_stubs.c \
    -o output.exe -lntdll
The -masm=intel flag is required for inline assembly syntax.

Troubleshooting

Error: SyntaxError: invalid syntax or TypeError: unsupported operand type(s)Solution: Upgrade to Python 3.10+
# Ubuntu/Debian
sudo apt install python3.10

# Windows: Download from python.org
# macOS: brew install [email protected]
Error: error MSB3721: The command "ml64.exe" exited with code 1Solution:
  1. Ensure MASM build customizations are enabled (see MSVC steps above)
  2. Verify Visual Studio installation includes “MSVC build tools”
  3. Rebuild project (Clean → Build)
Error: undefined reference to '_imp__NtAllocateVirtualMemory'Solution: Add -lntdll to link against ntdll.lib
x86_64-w64-mingw32-gcc ... -lntdll
Error: Assembly syntax errors during compilationSolution: Verify compiler flag matches generator flag
  • MSVC → use --compiler msvc (default)
  • MinGW/GCC → use --compiler mingw
  • Clang → use --compiler clang

Next Steps

Now that SysWhispers4 is installed, proceed to the Quick Start guide to generate your first syscall stubs and integrate them into a working project.

Build docs developers (and LLMs) love

Get started for freeTalk to us