> ## Documentation Index
> Fetch the complete documentation index at: https://mintlify.com/JoasASantos/SysWhispers4/llms.txt
> Use this file to discover all available pages before exploring further.

# SysWhispers4

> AV/EDR evasion via direct and indirect system calls

<div
  style={{
background: 'linear-gradient(135deg, #0B0C0F 0%, #1a1a1a 100%)',
borderRadius: '12px',
padding: '48px 32px',
marginBottom: '32px',
border: '1px solid #2a2a2a'
}}
>
  <h1
    style={{
fontFamily: 'Orbitron, sans-serif',
fontSize: '48px',
fontWeight: 700,
color: '#FFFFFF',
marginBottom: '16px',
textAlign: 'center'
}}
  >
    SysWhispers4
  </h1>

  <p
    style={{
fontFamily: 'Montserrat, sans-serif',
fontSize: '18px',
color: '#d4d4d4',
textAlign: 'center',
marginBottom: '24px'
}}
  >
    Python-based syscall stub generator for Windows AV/EDR evasion via direct and indirect system calls
  </p>

  <p
    style={{
fontFamily: 'Montserrat, sans-serif',
fontSize: '14px',
color: '#9b9b9c',
textAlign: 'center'
}}
  >
    Windows NT 3.1 through Windows 11 24H2 · x64 · x86 · WoW64 · ARM64
  </p>
</div>

## What is SysWhispers4?

SysWhispers4 is a command-line tool that generates C/ASM code for invoking Windows NT kernel functions directly through syscalls, bypassing user-mode hooks placed by AV/EDR products on `ntdll.dll`. It builds on the legacy of SysWhispers 1-3 with the most comprehensive set of SSN resolution strategies, invocation methods, and evasion capabilities to date.

<CardGroup cols={2}>
  <Card title="Quick Start" icon="rocket" href="/quickstart">
    Get up and running in minutes with basic syscall generation
  </Card>

  <Card title="Installation" icon="download" href="/installation">
    Install SysWhispers4 and its dependencies
  </Card>

  <Card title="Command Reference" icon="terminal" href="/cli/command-reference">
    Complete CLI command documentation
  </Card>

  <Card title="API Reference" icon="code" href="/api/overview">
    Generated C API functions and integration
  </Card>
</CardGroup>

## Key Features

<CardGroup cols={2}>
  <Card title="8 SSN Resolution Methods" icon="fingerprint">
    Static, FreshyCalls, Hell's Gate, Halo's Gate, Tartarus' Gate, SyscallsFromDisk, RecycledGate, and HW Breakpoint
  </Card>

  <Card title="4 Invocation Methods" icon="code-branch">
    Embedded (direct), Indirect, Randomized Indirect, and Egg Hunt
  </Card>

  <Card title="Multi-Architecture Support" icon="microchip">
    x64, x86, WoW64, and ARM64 with full compiler support (MSVC, MinGW, Clang)
  </Card>

  <Card title="Advanced Evasion" icon="shield-halved">
    XOR-encrypted SSNs, call stack spoofing, sleep encryption, ETW/AMSI bypass, and anti-debugging
  </Card>
</CardGroup>

## Core Concepts

<CardGroup cols={3}>
  <Card title="SSN Resolution" icon="search" href="/concepts/ssn-resolution">
    Learn how syscall numbers are resolved at runtime
  </Card>

  <Card title="Invocation Methods" icon="arrows-turn-to-dots" href="/concepts/invocation-methods">
    Understand different ways to execute syscalls
  </Card>

  <Card title="Evasion Techniques" icon="user-secret" href="/concepts/evasion-techniques">
    Explore techniques to evade AV/EDR detection
  </Card>
</CardGroup>

## Quick Example

```bash theme={null}
# Generate common syscalls with FreshyCalls resolution
python syswhispers.py --preset common

# Maximum evasion configuration
python syswhispers.py --preset stealth \
    --method randomized --resolve recycled \
    --obfuscate --encrypt-ssn --stack-spoof \
    --etw-bypass --amsi-bypass --unhook-ntdll \
    --anti-debug --sleep-encrypt
```

## Integration Example

```c theme={null}
#include "SW4Syscalls.h"

int main(void) {
    // Initialize SSN resolution
    if (!SW4_Initialize()) return 1;

    // Use NT functions directly via syscall
    PVOID base = NULL;
    SIZE_T size = 0x1000;
    NTSTATUS st = SW4_NtAllocateVirtualMemory(
        GetCurrentProcess(), &base, 0, &size,
        MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE
    );

    return NT_SUCCESS(st) ? 0 : 1;
}
```

<Note>
  **For authorized security testing only.** Use SysWhispers4 only on systems you own or have explicit written authorization to test. Unauthorized use is illegal in most jurisdictions.
</Note>
