Syscalls

[anbu-squad]

where can I get a 32-bit build to compile?

[UnamSanctam]

You need to specify for it to create 32-bit in the command that generates them, and 32-bit isn't tested either so you might need to make some modifications (since I haven't used it for 32-bit yet).

[anbu-squad]

..\..\..\UFiles\Syscalls/syscalls.c:153:189: error: use of undeclared identifier 'instructValue2'
  153 |                         if (*(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[0].Address + i) == instructValue && *(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[0].Address + i + SWU_OBFCONST(1)) == instructValue2) {
      |                                                                                                                                                                                                                  ^
..\..\..\UFiles\Syscalls/syscalls.c:163:224: error: use of undeclared identifier 'instructValue2'
  163 |                 if (*(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[randNum].Address + syscallOffset) == instructValue && *(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[randNum].Address + syscallOffset + SWU_OBFCONST(1)) == instructValue2)
      |                                                                                                                                                                                                                                              ^
2 errors generated.
..\..\..\UFiles\Syscalls\syscallsstubs.rnd.x86.s:54:9: error: ambiguous operand size for instruction 'pop'
    pop returnAddress                       # Save original return address
        ^~~~~~~~~~~~~
..\..\..\UFiles\Syscalls\syscallsstubs.rnd.x86.s:57:9: error: ambiguous operand size for instruction 'pop'
    pop espBookmark                         # Save original ESP
        ^~~~~~~~~~~

Trying to compile 32 bit build
Mistake in this fragment of code

ifdef _WIN64
    #define instructValue SWU_OBFCONST(0x0F)
	#define instructValue2 SWU_OBFCONST(0x05)
#else
	#define instructOffset SWU_OBFCONST(0x05)
	#define instructValue (callType == SWU_OBFCONST(1) ? SWU_OBFCONST(0x0BA) : SWU_OBFCONST(0x0E8))
#endif
    uint32_t seed = (uint32_t)SWU_SEED + (uintptr_t)&seed + (uint32_t)callCount++;
	
	if (syscallOffset == -1) {
		for(int i = 0; i < SWU_OBFCONST(64); i++) {
			if (*(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[0].Address + i) == instructValue && *(unsigned char*)(ntdllBase + SWU_SyscallList.Entries[0].Address + i + SWU_OBFCONST(1)) == instructValue2) {
				syscallOffset = i;
				break;
			}
		}
	}

What are the differences in versions SysWhispersU and SysWhispers2 ?

[UnamSanctam]

I have never tried to compile it for 32-bit yet so yes there's likely mistakes. SysWhispersU is almost a complete rewrite (the C code and header parts) of SysWhispers2.

[anbu-squad]

What files are edited?
artificial intelligence analyzed files syswhispers.py
They are identical

Advantages in obstruction SysWhispersU
maybe I can do 32 bit build

[UnamSanctam]

All files are edited, I have to change a lot of things with the Syscalls for every release since new detection techniques get released by antiviruses. Here's the source code for SysWhispersU: SysWhispersU-source.zip