---
layout: post
title: Indirect Syscalls in Golang
subtitle: You're telling me this phone is a banana?
thumbnail-img: /assets/img/bananaphone.png
share-img: /assets/img/bananaphone.png
tags: [Evasion, Windows]
categories: Red_Team
comments: true
readtime: something lmao
---

I wanted to try to expand my skillset so I tried porting my stuff over to Go. I was struggling a bit at first but I found the [BananaPhone](<https://github.com/C-Sto/BananaPhone>) written by [@C__sto](<https://twitter.com/c__sto>). After a bit of modification and a lot of help from him, I was able to get it to work with indirect syscalls.

## BananaPhone?
BananaPhone describes itself as a go implementation of Hells Gate. It has a lot of capabilities and functions, but I've mainly used it for direct and indirect syscalls. On the sneaksys branch, it has some GoAsm (Go Assembly) that can be used to perform indirect syscalls. In Go, it is possible to write some assembly code, based on the Plan 9 assembler, and have a function utilize it. Take the following example:

//asm.s TEXT ·Plus(SB), $0-12 MOVW a+0(FP), AX MOVW b+4(FP), BX ADDW AX, BX MOVW BX, ret+8(FP) RET

//main.go func Plus(a int32, b int32) int32

fmt.Printf("%d", Plus(1, 2)) //will print 3

The function "Plus" has no body because it is defined with assembly code. The assembly code has to have a "·" followed by the function name.

## Indirect Syscalls