AV/EDR evasion via direct system calls.

Go to file

Jackson T 29b3a8f3e9 Update README.md		2019-12-04 07:39:20 +00:00
data	Upload New File	2019-12-04 07:31:24 +00:00
README.md	Update README.md	2019-12-04 07:39:20 +00:00
kernelwhispers.py	Update kernelwhispers.py	2019-12-04 07:37:28 +00:00
requirements.txt	Add new file	2019-12-04 07:29:52 +00:00

README.md

KernelWhispers

Generate header/ASM files for direct system calls.

Usage and Examples

PS C:\Projects\KernelWhispers> py .\kernelwhispers.py --help

usage: main.py [-h] [-p PRESET] [-f FUNCTIONS] [-v VERSIONS] -o OUT_FILE

optional arguments:
  -h, --help            show this help message and exit
  -p PRESET, --preset PRESET
                        Preset ("all", "common")
  -f FUNCTIONS, --functions FUNCTIONS
                        Comma-separated functions
  -v VERSIONS, --versions VERSIONS
                        Comma-separated versions (XP, Vista, 7, 8, 10)
  -o OUT_FILE, --out-file OUT_FILE
                        Output basename (w/o extension)

PS C:\Projects\KernelWhispers> py .\kernelwhispers.py --preset common --out-file syscalls_common
PS C:\Projects\KernelWhispers> py .\kernelwhispers.py --functions NtProtectVirtualMemory,NtWriteVirtualMemory --out-file syscalls_mem
PS C:\Projects\KernelWhispers> py .\kernelwhispers.py --versions 7,8,10 --out-file syscalls_78X

PS C:\Projects\KernelWhispers> py .\kernelwhispers.py --preset common --out-file syscom
                           _
  /,  _   ,_   ,__,   _   //     ,_ /_   .  ,   ,_    _   ,_   ,
_/(__(/__/ (__/ / (__(/__(/__/_/_/_/ (__/__/_)__/_)__(/__/ (__/_)_
                                               /
                                              /  @Jackson_T, 2019

KernelWhispers: Generate header/ASM files for direct system calls.

Common functions selected.

Complete! Files written to:
        syscom.asm
        syscom.h

Credits

TBD

Licence

Apache License, Version 2.0