Python Library
Python Library
Sysplant exposes a clean Python API for integration into build pipelines, exploit frameworks, or automation scripts.
Import
from sysplant.sysplant import Sysplant
Sysplant(arch, syscall, language)
Instantiate the engine.
engine = Sysplant(
arch="x64", # "x64" (default) | "x86" | "wow"
syscall="syscall", # "syscall" | "sysenter" | "int 0x2h"
language="nim" # "nim" (default) | "c" | "cpp" | "rust"
)
Raises NotImplementedError for unsupported arch, language, or syscall combinations.
.list(search_path) → set[str]
Scan a directory for Nt* / Zw* function names used in source files.
functions = engine.list("./implant/src")
# Returns: {"NtOpenProcess", "NtWriteVirtualMemory", "NtCreateThreadEx"}
Searches files with extensions: .h, .hpp, .c, .cpp, .nim, .rs
.generate(iterator, method, syscalls) → str
Generate the syscall stub code and return it as a string.
code = engine.generate(
iterator="canterlot", # see iterators page
method="random", # "direct" | "indirect" | "random" | "egg_hunter"
syscalls=["NtOpenProcess", "NtWriteVirtualMemory"]
# or: "all" | "common" | "donut"
)
The syscalls parameter accepts:
- A
listof function name strings - The string
"all"— all ~300+ supported syscalls - The string
"common"— 31 commonly used functions - The string
"donut"— 14 Donut-loader functions
Returns the generated source code as a string.
.scramble(do_scramble) → str
Optionally randomize the 23 internal SPT_* symbol names in the generated output, then return the code as a string.
code = engine.scramble(True) # randomize symbols
code = engine.scramble(False) # use stable names (default)
Call this after generate(). It modifies the internally stored engine state.
.output(output_path) → str
Write the generated code to a file and return the code as a string. The correct file extension is appended automatically if not already present.
# Writes to "syscalls.h" (for C language)
result = engine.output("syscalls")
# If extension matches, no duplication occurs
result = engine.output("syscalls.h")
Output extension by language:
| Language | Extension |
|---|---|
nim | .nim |
c | .h |
cpp | .hpp |
rust | .rs |
Full example
from sysplant.sysplant import Sysplant
# 1. Instantiate for C, x64
engine = Sysplant(arch="x64", language="c")
# 2. Discover what functions the target code uses
functions = engine.list("./implant/src")
# 3. Generate with Canterlot's Gate, random method
engine.generate(
iterator="canterlot",
method="random",
syscalls=list(functions)
)
# 4. Scramble internal symbols
engine.scramble(True)
# 5. Write to file (produces stubs.h)
engine.output("stubs")
Build pipeline integration
import subprocess
from sysplant.sysplant import Sysplant
engine = Sysplant(language="c")
engine.generate("canterlot", "random", "common")
engine.scramble(True)
engine.output("generated/syscalls")
subprocess.run([
"x86_64-w64-mingw32-gcc",
"-Wall", "-s", "-static", "-masm=intel",
"-o", "implant.exe",
"implant.c"
], check=True)