Usage

Python Library

Embed Sysplant in your Python toolchain using the Sysplant class.

Python Library

Sysplant exposes a clean Python API for integration into build pipelines, exploit frameworks, or automation scripts.

Import

from sysplant.sysplant import Sysplant

`Sysplant(arch, syscall, language)`

Instantiate the engine.

engine = Sysplant(
    arch="x64",      # "x64" (default) | "x86" | "wow"
    syscall="syscall",  # "syscall" | "sysenter" | "int 0x2h"
    language="nim"   # "nim" (default) | "c" | "cpp" | "rust"
)

Raises NotImplementedError for unsupported arch, language, or syscall combinations.

`.list(search_path) → set[str]`

Scan a directory for Nt* / Zw* function names used in source files.

functions = engine.list("./implant/src")
# Returns: {"NtOpenProcess", "NtWriteVirtualMemory", "NtCreateThreadEx"}

Searches files with extensions: .h, .hpp, .c, .cpp, .nim, .rs

`.generate(iterator, method, syscalls) → str`

Generate the syscall stub code and return it as a string.

code = engine.generate(
    iterator="canterlot",  # see iterators page
    method="random",        # "direct" | "indirect" | "random" | "egg_hunter"
    syscalls=["NtOpenProcess", "NtWriteVirtualMemory"]
    # or: "all" | "common" | "donut"
)

The syscalls parameter accepts:

A list of function name strings
The string "all" — all ~300+ supported syscalls
The string "common" — 31 commonly used functions
The string "donut" — 14 Donut-loader functions

Returns the generated source code as a string.

`.scramble(do_scramble) → str`

Optionally randomize the 23 internal SPT_* symbol names in the generated output, then return the code as a string.

code = engine.scramble(True)   # randomize symbols
code = engine.scramble(False)  # use stable names (default)

Call this after generate(). It modifies the internally stored engine state.

`.output(output_path) → str`

Write the generated code to a file and return the code as a string. The correct file extension is appended automatically if not already present.

# Writes to "syscalls.h" (for C language)
result = engine.output("syscalls")

# If extension matches, no duplication occurs
result = engine.output("syscalls.h")

Output extension by language:

Language	Extension
`nim`	`.nim`
`c`	`.h`
`cpp`	`.hpp`
`rust`	`.rs`

Full example

from sysplant.sysplant import Sysplant

# 1. Instantiate for C, x64
engine = Sysplant(arch="x64", language="c")

# 2. Discover what functions the target code uses
functions = engine.list("./implant/src")

# 3. Generate with Canterlot's Gate, random method
engine.generate(
    iterator="canterlot",
    method="random",
    syscalls=list(functions)
)

# 4. Scramble internal symbols
engine.scramble(True)

# 5. Write to file (produces stubs.h)
engine.output("stubs")

Build pipeline integration

import subprocess
from sysplant.sysplant import Sysplant

engine = Sysplant(language="c")
engine.generate("canterlot", "random", "common")
engine.scramble(True)
engine.output("generated/syscalls")

subprocess.run([
    "x86_64-w64-mingw32-gcc",
    "-Wall", "-s", "-static", "-masm=intel",
    "-o", "implant.exe",
    "implant.c"
], check=True)

Edit this page

CLI Reference

Complete reference for all sysplant CLI commands, flags, and options.

MCP Server

Use Sysplant as a Model Context Protocol (MCP) server for AI-native toolchain integration.