Getting Started
Quick Start
Generate your first syscall stub file in under a minute.
Quick Start
Generate a C header in one command
The fastest way to get started is with the canterlot gate and the common preset:
sysplant generate -c -o syscalls canterlot
This creates syscalls.h — a C header containing direct stubs for the 31 most commonly used Nt* functions, with syscall numbers resolved at runtime via Canterlot's Gate.
The
-c flag selects C output. The file extension (.h) is appended automatically. Omitting -o prints to stdout.Choose your language
| Flag | Language | Output extension |
|---|---|---|
-nim (default) | NIM | .nim |
-c | C | .h |
-cpp | C++ | .hpp |
-rust | Rust | .rs |
Choose your gate (iterator)
Each gate is a shorthand for a specific iterator and its recommended method:
# NIM output, SysWhispers3 gate (random method) — 32 specific functions
sysplant generate -nim -f NtOpenProcess,NtWriteVirtualMemory,NtCreateThreadEx \
-o stubs syswhispers3
# C++ output, Hell's Gate, all ~300 syscalls
sysplant generate -cpp -p all -o full_stubs hell
Scan for required functions
If you have existing source code and want to know which Nt* functions it uses, run:
sysplant list ./src
This scans all .h, .hpp, .c, .cpp, .nim, and .rs files under ./src and prints the detected Nt*/Zw* function names — ready to feed into -f.
Compile the output
C example:
x86_64-w64-mingw32-gcc -Wall -s -static -masm=intel \
-o implant.exe implant.c
NIM example:
nim c -d=release -d=danger -d=strip --opt=size \
-d=mingw --cpu=amd64 -o:implant.exe implant.nim
Rust example:
cargo build --release --target x86_64-pc-windows-gnu
Next steps
- Iterators — understand the 7 gate techniques
- Methods — understand direct vs indirect execution
- CLI Reference — all flags and options