Skip to main content

Undetectable System Call Invocation

A C++20 policy-based framework for crafting protected syscalls with compile-time flexibility. Mix and match allocation, stub generation, and parsing strategies for ultimate operational security.

Get StartedAPI Reference

Quick Start

Get up and running with syscalls-cpp in three simple steps

1

Install via vcpkg

Install the library using the C++ package manager vcpkg:
vcpkg install syscalls-cpp
Alternatively, clone the repository and add the include directory to your project’s include paths for manual integration.
2

Include the header

Include the main syscall header in your C++20 project:
#include <syscalls-cpp/syscall.hpp>
The library is header-only with zero runtime dependencies, requiring only a C++20 compatible compiler.
3

Create and invoke syscalls

Initialize a syscall manager with your chosen policies and invoke Windows system calls directly:
SyscallSectionDirect syscallManager;
if (!syscallManager.initialize()) {
    std::cerr << "Initialization failed!\n";
    return 1;
}

PVOID pBaseAddress = nullptr;
SIZE_T uSize = 0x1000;

syscallManager.invoke<NTSTATUS>(
    SYSCALL_ID("NtAllocateVirtualMemory"),
    NtCurrentProcess(),
    &pBaseAddress,
    0, &uSize,
    MEM_COMMIT | MEM_RESERVE,
    PAGE_READWRITE
);
Always use nullptr instead of NULL on x64 platforms to avoid stack corruption from improper pointer extension.

Explore by Topic

Dive into the core concepts and learn how to customize syscalls-cpp for your needs

Core Concepts

Understand the policy-based architecture and how allocation, stub generation, and parsing policies work together.

Allocation Policies

Learn about section-based, heap-based, and virtual memory allocation strategies for syscall stubs.

Stub Generation

Explore direct, gadget-based, and exception-based stub generation approaches for different evasion techniques.

Custom Policies

Extend the framework by writing your own allocation, generation, or parsing policies using C++20 concepts.

Key Features

Why developers choose syscalls-cpp for advanced Windows security research

Policy-Based Design

Mix and match allocation, stub generation, and parsing strategies at compile-time for maximum flexibility.

Hook Detection & Evasion

Automatically detects function hooks and resolves syscall numbers from neighboring functions using improved halo gates.

SEC_NO_CHANGE Protection

Allocate syscall stubs in memory sections with SEC_NO_CHANGE flag to prevent runtime patching attempts.

Compile-Time Hashing

String identifiers are hashed at compile-time using consteval functions for operational security and obfuscation.

Resources

Examples

Explore working examples of direct, gadget-based, and exception-based syscall techniques.

API Reference

Complete API documentation for the Manager class, policies, and utility functions.

GitHub Repository

View the source code, report issues, and contribute to the project.

Ready to Build Undetectable Syscalls?

Start exploring the policy-based framework and craft your custom syscall strategies today.

Get Started Now