Using -sc SysWhispers2 or SysWhispers3 with OLLVM causes compile errors.

[0x0451]

Using -sc SysWhispers2 or SysWhispers3 with OLLVM causes compile errors. OLLVM installed according to instructions given on readme page for project.

Confirm OLLVM install is correct:

x86_64-w64-mingw32-clang++ -v                                            
clang version 13.0.1 (https://github.com/heroims/obfuscator.git 650605883b290ee835b1a00904d67efb0c32a311)
Target: x86_64-w64-windows-gnu
Thread model: posix
InstalledDir: /usr/bin

Confirmed working with option -u (unhook) and with -sc GetSyscallStub

Example error output:

python3 Shhhloader.py -l -ns -o test.exe -sc SysWhispers3 testshell.bin
┳┻|
┻┳|
┳┻|
┻┳|
┳┻| _
┻┳| •.•)  - Shhhhh, AV might hear us! 
┳┻|⊂ﾉ   
┻┳|
[+] ICYGUIDER'S CUSTOM SYSCALL SHELLCODE LOADER
[+] Using explorer.exe for QueueUserAPC injection
[+] Using SysWhispers3 for syscalls
[+] Re-hashing API syscalls
[+] Sandbox checks have been disabled
[+] Randomizing syscall names
[+] Saved new stub to stub.cpp
[+] Compiling new stub...
[+] Using Obfuscator-LLVM to compile stub...
<inline asm>:2:9: error: brackets expression not supported on this target
    mov [rsp +8], rcx
        ^
<inline asm>:3:9: error: brackets expression not supported on this target
    mov [rsp+16], rdx
        ^
<inline asm>:4:9: error: brackets expression not supported on this target
    mov [rsp+24], r8
        ^
<inline asm>:5:9: error: brackets expression not supported on this target
    mov [rsp+32], r9
        ^
<inline asm>:6:5: error: unknown use of instruction mnemonic without a size suffix
    sub rsp, 0x28
    ^
<inline asm>:7:5: error: unknown use of instruction mnemonic without a size suffix
    mov ecx, 0x0922F8DBF
    ^
<inline asm>:9:5: error: unknown use of instruction mnemonic without a size suffix
    mov r15, rax
    ^
<inline asm>:10:5: error: unknown use of instruction mnemonic without a size suffix
    mov ecx, 0x0922F8DBF
    ^
<inline asm>:12:5: error: unknown use of instruction mnemonic without a size suffix
    add rsp, 0x28
    ^
<inline asm>:13:14: error: brackets expression not supported on this target
    mov rcx, [rsp+8]
             ^
<inline asm>:14:14: error: brackets expression not supported on this target
    mov rdx, [rsp+16]
             ^
<inline asm>:15:13: error: brackets expression not supported on this target
    mov r8, [rsp+24]
            ^
<inline asm>:16:13: error: brackets expression not supported on this target
    mov r9, [rsp+32]
            ^
<inline asm>:17:5: error: unknown use of instruction mnemonic without a size suffix
    mov r10, rcx
    ^
<inline asm>:20:9: error: brackets expression not supported on this target
    mov [rsp +8], rcx
        ^
<inline asm>:21:9: error: brackets expression not supported on this target
    mov [rsp+16], rdx
        ^
<inline asm>:22:9: error: brackets expression not supported on this target
    mov [rsp+24], r8
        ^
<inline asm>:23:9: error: brackets expression not supported on this target
    mov [rsp+32], r9
        ^
<inline asm>:24:5: error: unknown use of instruction mnemonic without a size suffix
    sub rsp, 0x28
    ^
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
[!] Stub compilation failed! Something went wrong!

Tested on Kali and Linux Mint. Similar results on both.

[icyguider]

Hi @0x0451,

SW2 (and now SW3) has actually never been supported for use with OLLVM due to how clang handles inline assembly. There used to be a check in place that would automatically force you to use GetSyscallStub whenever using OLLVM, however this check broke when I recently added the -sc flag.

I have just added a new check that should do the same and also inform the user that SysWhispers is not compatible with OLLVM. I've also updated the "Known Issues" section of the README to state this incompatibility. Thanks for your interest in the tool!