Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".

The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls

Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks

load arbitrary dlls, call any exported function, calls execute inside g0 as normal syscalls do from the tradition route, no syscall or windows imports, exposes many convenience functions for winapi interaction :3

PoC for stealthy indirect Windows syscall invocation to bypass API hooks

a c implementation for native syscall resolution and execution on windows x64