Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CAPE traced APIs vs. rule APIs #1843

Open
mr-tz opened this issue Nov 8, 2023 · 1 comment
Open

CAPE traced APIs vs. rule APIs #1843

mr-tz opened this issue Nov 8, 2023 · 1 comment
Labels
dynamic related to dynamic analysis flavor

Comments

@mr-tz
Copy link
Collaborator

mr-tz commented Nov 8, 2023

...
Sidebar: We'll also have to double check which APIs (at which level, e.g. ntdll vs. kernel32) are traced and potentially update various rules.
...

Originally posted by @mr-tz in #1815 (comment)

In addition to 1. above we should 2. work with the CAPE devs to get more APIs traced.

@mr-tz mr-tz mentioned this issue Nov 8, 2023
18 tasks
@mr-tz
Copy link
Collaborator Author

mr-tz commented Nov 20, 2023

Some current stats on our feature APIs vs. what's traced in CAPE.

traced: 102
untraced: 888

Many more are there, but are traced at a lower level: e.g. LdrGetProcedureAddress instead of GetProcAddress.

count CAPE traced API name
15 SendMessage
10 CoCreateInstance
10 True system
8 GetProcAddress
8 True socket
7 CryptAcquireContext
6 True ControlService
6 ControlServiceEx
6 CreateToolhelp32Snapshot
6 CryptCreateHash
6 OpenProcess
6 SHFileOperation
6 SetHandleInformation
6 VirtualProtect
5 CreateProcess
5 CryptEncrypt
5 CryptImportKey
5 True DeviceIoControl
5 GetModuleHandle
5 keybd_event
4 CreateService
4 CryptDecrypt
4 CryptGenKey
4 GetLastError
4 HttpQueryInfo
4 MapViewOfFile
4 NtQueryInformationProcess
4 PostMessage
4 ReadFile
4 WaitForSingleObject
4 WriteFile
4 capCreateCaptureWindow
3 BCryptCloseAlgorithmProvider
3 BCryptOpenAlgorithmProvider
3 BitBlt
3 CallNamedPipe
3 CreateFileMapping
3 CreatePipe
3 CreateProcessAsUser
3 CreateProcessWithLogon
3 CryptDeriveKey
3 EnumWindows
3 GetAdaptersAddresses
3 GetAdaptersInfo
3 GetClipboardData
3 GetFileAttributes
3 GetForegroundWindow
3 InternetConnect
3 True LdrGetProcedureAddress
3 LoadLibrary
3 MoveFileEx
3 NtQuerySystemInformation
3 NtQuerySystemInformationEx
3 OpenInputDesktop
3 SHGetFolderLocation
3 SHGetFolderPath
3 SHGetSpecialFolderLocation
3 SHGetSpecialFolderPath
3 SetWindowsHookEx
3 WSAIoctl
3 WTSQuerySessionInformation
3 True ZwQuerySystemInformation
3 ZwQuerySystemInformationEx
3 dlsym
3 dlvsym
3 getenv
3 True setsockopt
2 AcquireCredentialsHandle
2 ClearEventLog
2 CloseHandle
2 CopyFile2
2 CreateEvent
2 CreateLogFile
2 CreateLogMarshallingArea
2 CreateProcessInternal
2 CreateProcessWithToken
2 CryptGetHashParam
2 CryptHashData
2 CryptStringToBinary
2 DeleteFile
2 ElfClearEventLogFileW
2 EnumChildWindows
2 EnumDesktops
2 True ExitProcess
2 GetAsyncKeyState
2 True GetCursorPos
2 GetKeyNameText
2 GetKeyState
2 GetLocaleInfo
2 GetMailslotInfo
2 GetModuleHandleEx
2 GetSystemDirectory
2 GetThreadContext
2 GetTickCount
2 GetTokenInformation
2 GetUserName
2 GetUserNameEx
2 GetWindowsDirectory
2 InternetOpen
2 InternetOpenUrl
2 True InternetReadFile
2 True NtCreateFile
2 True NtMapViewOfSection
2 True NtOpenDirectoryObject
2 True NtProtectVirtualMemory
2 NtSetInformationThread
2 OpenDesktop
2 OpenEventLog
2 OpenEventLogA
2 OpenService
2 OutputDebugString
2 PeekNamedPipe
2 PssCaptureSnapshot
2 QueryInformationJobObject
2 QueryPerformanceCounter
2 ReadFileEx
2 True ReadProcessMemory
2 RegEnumValue
2 RegOpenKeyEx
2 RmStartSession
2 SHEmptyRecycleBin
2 SLIsGenuineLocal
2 SendNotifyMessage
2 SetCurrentDirectory
2 ShellExecuteEx
2 Sleep
2 StartService
2 TerminateProcess
2 TransactNamedPipe
2 UnmapViewOfFile
2 UpdateProcThreadAttribute
2 UuidFromString
2 WSASocket
2 WTSFreeMemory
2 WinHttpOpenRequest
2 ZwMapViewOfSection
2 ZwProtectVirtualMemory
2 ZwQueryInformationProcess
2 ZwSetInformationThread
2 True bind
2 True connect
2 exit
2 fread
2 fwrite
2 True getaddrinfo
2 True gethostbyname
2 gethostname
2 getpwuid
2 getsockname
2 mciSendString
2 True recv
2 True send
2 write
1 #9
1 ADsOpenObject
1 AddAtom
1 AddClipboardFormatListener
1 AdjustTokenPrivileges
1 AllocateAndInitializeSid
1 AttachThreadInput
1 AttachVirtualDisk
1 BCryptCreateHash
1 BCryptDecrypt
1 BCryptDestroyHash
1 BCryptDestroyKey
1 BCryptEncrypt
1 BCryptFinishHash
1 BCryptGenRandom
1 BCryptGenerateKeyPair
1 BCryptGenerateSymmetricKey
1 BCryptHash
1 BCryptHashData
1 BCryptImportKey
1 BCryptImportKeyPair
1 BeginUpdateResource
1 CLRCreateInstance
1 CallNextHookEx
1 ChangeServiceConfig
1 ChangeServiceConfig2
1 CheckRemoteDebuggerPresent
1 CheckTokenMembership
1 CloseClipboard
1 CoGetObject
1 CommandLineToArgv
1 True ConnectEx
1 ConnectNamedPipe
1 ContinueDebugEvent
1 ConvertThreadToFiber
1 CopyFile
1 CopyFileEx
1 CopyFileTransacted
1 CorBindToCurrentRuntime
1 CorBindToRuntime
1 CorBindToRuntimeByCfg
1 CorBindToRuntimeEx
1 CorBindToRuntimeHost
1 CreateCompatibleBitmap
1 CreateCompatibleDC
1 CreateDC
1 CreateDesktop
1 CreateDirectory
1 CreateDirectoryEx
1 CreateDirectoryTransacted
1 CreateFiber
1 CreateFile
1 CreateFileEx
1 CreateMailslot
1 CreateMutex
1 CreateMutexEx
1 CreateNamedPipe
1 CreateProcessWithLogonW
1 True CreateRemoteThread
1 CreateRemoteThreadEx
1 True CreateThread
1 CreateThreadpoolWait
1 CredEnumerate
1 CredUIPromptForCredentials
1 CredUIPromptForWindowsCredentials
1 CredUnPackAuthenticationBuffer
1 CryptAquireContext
1 CryptBinaryToString
1 CryptDecodeObjectEx
1 CryptDestroyHash
1 CryptGenRandom
1 CryptImportPublicKeyInfo
1 CryptProtectData
1 CryptProtectMemory
1 CryptUnprotectData
1 CryptUnprotectMemory
1 DbgBreakPoint
1 DbgPrint
1 DecryptMessage
1 DeleteFileTransacted
1 True DeleteFileW
1 True DeleteService
1 DeleteUrlCacheEntry
1 DnsQueryEx
1 True DnsQuery_A
1 True DnsQuery_UTF8
1 True DnsQuery_W
1 DragQueryFile
1 DsEnumerateDomainTrusts
1 DsGetDcName
1 DsRoleGetPrimaryDomainInformation
1 ElfClearEventLogFile
1 EmptyClipboard
1 EncryptMessage
1 EndUpdateResource
1 EnumDateFormats
1 EnumDependentServices
1 EnumDesktopWindows
1 EnumDeviceDrivers
1 EnumProcessModules
1 EnumProcessModulesEx
1 EnumProcesses
1 EnumResourceTypes
1 EnumServicesStatus
1 EnumServicesStatusEx
1 EnumSystemCodePages
1 EnumSystemFirmwareTables
1 EnumSystemGeoID
1 EnumSystemLanguageGroups
1 EnumSystemLocales
1 EnumThreadWindows
1 EnumTimeFormats
1 EnumUILanguages
1 EnumWindowStations
1 EqualSid
1 ExGetFirmwareEnvironmentVariable
1 ExSetFirmwareEnvironmentVariable
1 Exit
1 ExitWindows
1 True ExitWindowsEx
1 ExpandEnvironmentStrings
1 FCIAddFile
1 FCICreate
1 FCIFlushCabinet
1 FCIFlushFolder
1 FileTimeToLocalFileTime
1 FindClose
1 FindCloseUrlCache
1 FindFirstFile
1 FindFirstFileEx
1 FindFirstFileName
1 FindFirstFileNameTransacted
1 FindFirstFileTransacted
1 FindFirstUrlCacheEntry
1 FindFirstVolume
1 FindFirstVolumeMountPoint
1 FindNextFile
1 FindNextFileName
1 FindNextUrlCacheEntry
1 FindNextVolume
1 FindNextVolumeMountPoint
1 FindResource
1 FindResourceEx
1 FindVolumeClose
1 FindVolumeMountPointClose
1 FindWindow
1 FindWindowEx
1 FltEnumerateFilters
1 FltGetFilterInformation
1 FltRegisterFilter
1 FltStartFiltering
1 FreeLibrary
1 FreeResource
1 FreeSid
1 FtpPutFile
1 FtpSetCurrentDirectory
1 FwpmFilterAdd0
1 FwpsCopyStreamDataToBuffer0
1 FwpsStreamInjectAsync0
1 GetAddrInfo
1 GetAddrInfoEx
1 GetAllUsersProfileDirectory
1 GetAppContainerFolderPath
1 GetCommandLine
1 GetComputerName
1 GetComputerNameEx
1 GetComputerObjectName
1 GetCurrentDirectory
1 GetCurrentProcess
1 GetCurrentThread
1 GetDC
1 GetDIBits
1 GetDefaultUserProfileDirectory
1 GetDesktopWindow
1 GetDiskFreeSpace
1 GetDiskFreeSpaceEx
1 GetDriveType
1 GetEnvironmentStrings
1 GetEnvironmentVariable
1 GetExtendedTcpTable
1 GetExtendedUdpTable
1 GetFileSize
1 GetFileSizeEx
1 GetFileTime
1 GetFileVersionInfo
1 GetFileVersionInfoEx
1 GetFileVersionInfoSize
1 GetFileVersionInfoSizeEx
1 GetFirmwareEnvironmentVariable
1 GetFirmwareEnvironmentVariableEx
1 GetForgroundWindow
1 GetFullPathName
1 GetGeoInfo
1 GetIfTable
1 GetIpForwardTable
1 GetIpForwardTable2
1 GetKeyboardLayout
1 GetKeyboardLayoutList
1 GetKeyboardLayoutName
1 GetKeyboardState
1 GetLocaleInfoEx
1 GetLogicalDriveStrings
1 GetLogicalDrives
1 GetNativeSystemInfo
1 GetNetworkParams
1 GetNumberOfEventLogRecords
1 GetPrivateProfileInt
1 GetPrivateProfileSection
1 GetPrivateProfileSectionNames
1 GetPrivateProfileString
1 GetPrivateProfileStringA
1 GetPrivateProfileStruct
1 GetProcessImageFileName
1 GetProductInfo
1 GetProfilesDirectory
1 GetRawInputData
1 GetShellWindow
1 GetStartupInfo
1 GetStdHandle
1 GetSystemDefaultUILanguage
1 GetSystemFirmwareTable
1 GetSystemInfo
1 True GetSystemMetrics
1 GetSystemTime
1 GetSystemTimeAsFileTime
1 GetSystemWow64Directory
1 GetTempFileName
1 GetTempPath
1 GetUserDefaultLangID
1 GetUserDefaultUILanguage
1 GetUserGeoID
1 GetUserProfileDirectory
1 GetVersion
1 GetVersionEx
1 GetVirtualDiskPhysicalPath
1 GetVolumeInformation
1 GetVolumeNameForVolumeMountPoint
1 GetVolumePathNamesForVolumeName
1 GetWindowDC
1 GetWindowText
1 GetWindowThreadProcessId
1 GetWriteWatch
1 GlobalAddAtom
1 GlobalAddAtomEx
1 GlobalAlloc
1 GlobalLock
1 GlobalMemoryStatus
1 GlobalMemoryStatusEx
1 GlobalUnlock
1 GrayString
1 HttpAddUrl
1 HttpAddUrlToUrlGroup
1 HttpInitialize
1 HttpOpenRequest
1 HttpReceiveHttpRequest
1 HttpReceiveRequestEntityBody
1 HttpSendHttpResponse
1 HttpSendRequest
1 HttpSendRequestEx
1 HttpSendResponseEntityBody
1 HttpTerminate
1 Icmp6CreateFile
1 Icmp6SendEcho2
1 IcmpCloseHandle
1 IcmpCreateFile
1 IcmpSendEcho
1 IcmpSendEcho2
1 IcmpSendEcho2Ex
1 ImmGetCompositionString
1 ImmGetContext
1 ImmGetVirtualKey
1 ImmReleaseContext
1 ImpersonateLoggedOnUser
1 InitiateShutdown
1 InitiateSystemShutdown
1 InitiateSystemShutdownEx
1 InternetAttemptConnect
1 InternetCheckConnection
1 True InternetCloseHandle
1 InternetCrackUrl
1 InternetGetConnectedState
1 InternetQueryDataAvailable
1 InternetReadFileEx
1 True InternetWriteFile
1 IoCreateDevice
1 IoCreateFile
1 IoCreateFileEx
1 IoCreateSymbolicLink
1 IsUserAnAdmin
1 IsWindowVisible
1 K32EnumProcessModules
1 K32EnumProcessModulesEx
1 K32EnumProcesses
1 K32GetProcessImageFileName
1 KeDelayExecutionThread
1 KeStackAttachProcess
1 KeUnstackDetachProcess
1 KeWaitForSingleObject
1 LZCopy
1 LZCreateFile
1 LZOpenFile
1 LZRead
1 LdrAccessResource
1 LdrFindResourceEx_U
1 LdrFindResource_U
1 True LdrLoadDll
1 LineDDA
1 LoadIcon
1 LoadLibraryA
1 LoadResource
1 LoadUserProfile
1 LockResource
1 LockWorkStation
1 LogonUser
1 LookupAccountName
1 LookupPrivilegeName
1 LookupPrivilegeValue
1 LsaAddAccountRights
1 LsaEnumerateLogonSessions
1 LsaGetLogonSessionData
1 LsaLookupNames
1 LsaLookupNames2
1 MapViewOfFileNuma2
1 MapVirtualKey
1 MiniDumpWriteDump
1 Module32First
1 Module32Next
1 MoveFile
1 MoveFileTransacted
1 MoveFileWithProgress
1 MsgWaitForMultipleObjects
1 MsgWaitForMultipleObjectsEx
1 NdrAsyncClientCall
1 NetApiBufferFree
1 NetGetDCName
1 NetGroupAdd
1 NetGroupAddUser
1 NetGroupDel
1 NetGroupDelUser
1 NetGroupEnum
1 NetGroupGetUsers
1 NetGroupSetUsers
1 NetLocalGroupAdd
1 NetLocalGroupAddMember
1 NetLocalGroupAddMembers
1 NetLocalGroupDel
1 NetLocalGroupDelMember
1 NetLocalGroupDelMembers
1 NetLocalGroupEnum
1 NetLocalGroupGetMembers
1 NetServerEnum
1 NetShareEnum
1 NetUserAdd
1 NetUserChangePassword
1 NetUserDel
1 NetUserEnum
1 NetUserGetGroups
1 NetUserGetLocalGroups
1 NotifyAddrChange
1 True NtAllocateVirtualMemory
1 True NtClose
1 True NtCreateDirectoryObject
1 True NtCreateKey
1 True NtCreateProcess
1 True NtCreateProcessEx
1 True NtCreateSection
1 True NtCreateThread
1 NtCreateThreadEx
1 True NtCreateUserProcess
1 True NtDelayExecution
1 True NtDeleteFile
1 True NtDeleteKey
1 True NtDeleteValueKey
1 True NtDeviceIoControlFile
1 NtDuplicateToken
1 True NtEnumerateKey
1 NtEnumerateSystemEnvironmentValuesEx
1 True NtEnumerateValueKey
1 NtFilterToken
1 NtLoadDriver
1 True NtOpenFile
1 True NtOpenKey
1 True NtOpenProcess
1 NtOpenProcessToken
1 True NtOpenSection
1 True NtOpenThread
1 True NtQueryDirectoryFile
1 NtQueryDirectoryObject
1 True NtQueryInformationFile
1 True NtQueryKey
1 NtQueryLicenseValue
1 NtQuerySystemEnvironmentValue
1 NtQuerySystemEnvironmentValueEx
1 True NtQueryValueKey
1 NtQueueApcThread
1 True NtReadFile
1 True NtResumeThread
1 True NtSetInformationFile
1 NtSetInformationToken
1 True NtSetValueKey
1 True NtSuspendThread
1 True NtTerminateProcess
1 NtUnloadDriver
1 NtUnmapViewOfSection
1 NtWow64WriteVirtualMemory64
1 True NtWriteFile
1 True NtWriteVirtualMemory
1 NtYieldExecution
1 ORCreateHive
1 ORCreateKey
1 ORDeleteKey
1 ORDeleteValue
1 ORGetValue
1 OROpenHive
1 OROpenKey
1 ORSaveHive
1 ORSetValue
1 ObfDereferenceObject
1 ObtainUserAgentString
1 OpenBackupEventLog
1 OpenClipboard
1 OpenMutex
1 OpenSCManager
1 OpenThread
1 OpenVirtualDisk
1 OpenWindowStation
1 PathFileExists
1 Process32First
1 Process32Next
1 PsCreateSystemThread
1 PsGetVersion
1 PsLookupProcessByProcessId
1 PsTerminateSystemThread
1 PssQuerySnapshot
1 PssWalkSnapshot
1 QueryContextAttributes
1 QueryDosDevice
1 QueryServiceConfig2A
1 QueryServiceConfigA
1 QueryServiceStatus
1 QueryServiceStatusEx
1 QueryWorkingSet
1 QueueUserAPC
1 ReadConsoleOutputCharacter
1 ReadLogRecord
1 ReadNextLogRecord
1 RegCreateKey
1 RegCreateKeyEx
1 RegCreateKeyTransacted
1 RegDeleteKey
1 RegDeleteKeyEx
1 RegDeleteKeyTransacted
1 RegDeleteKeyValue
1 RegDeleteTree
1 RegDeleteValue
1 RegEnumKey
1 RegEnumKeyEx
1 RegGetValue
1 RegOpenCurrentUser
1 RegOpenKey
1 RegOpenKeyTransacted
1 RegOpenUserClassesRoot
1 True RegQueryInfoKeyA
1 RegQueryMultipleValues
1 RegQueryValue
1 RegQueryValueEx
1 RegSetKeyValue
1 RegSetValue
1 RegSetValueEx
1 RegisterHotKey
1 RegisterRawInputDevices
1 RegisterServiceCtrlHandler
1 RegisterServiceCtrlHandlerEx
1 RegisterWaitForSingleObject
1 RemoveDirectory
1 RemoveDirectoryTransacted
1 ReportEvent
1 ReserveAndAppendLog
1 ReserveAndAppendLogAligned
1 ResumeThread
1 RmGetList
1 RmRegisterResources
1 RpcAsyncInitializeHandle
1 RpcBindingFromStringBindingW
1 RpcBindingSetAuthInfoExW
1 RpcServerListen
1 RpcStringBindingComposeW
1 RtlAllocateHeap
1 RtlCheckRegistryKey
1 RtlCompressBuffer
1 RtlCompressBufferLZNT1
1 RtlComputeCrc32
1 RtlCreateRegistryKey
1 RtlCreateUserProcess
1 True RtlCreateUserThread
1 RtlDecompressBuffer
1 RtlDecompressBufferEx
1 RtlDecompressBufferEx2
1 RtlDeleteRegistryValue
1 RtlGetNativeSystemInformation
1 RtlGetNtVersionNumbers
1 RtlGetVersion
1 RtlImageNtHeader
1 RtlImageNtHeaderEx
1 RtlQueryRegistryValues
1 RtlWriteRegistryValue
1 SHCreateDirectory
1 SHCreateDirectoryEx
1 SHCreateThread
1 SHCreateThreadWithHandle
1 SHDeleteEmptyKey
1 SHDeleteKey
1 SHDeleteValue
1 SHEnumKeyEx
1 SHEnumValue
1 SHGetFileInfo
1 SHGetFolderPathAndSubDir
1 SHGetKnownFolderPath
1 SHGetValue
1 SHOpenRegStream
1 SHOpenRegStream2
1 SHQueryInfoKey
1 SHQueryValueEx
1 SHRegCreateUSKey
1 SHRegDeleteEmptyUSKey
1 SHRegDeleteUSValue
1 SHRegEnumUSKey
1 SHRegEnumUSValue
1 SHRegGetBoolUSValue
1 SHRegGetBoolValueFromHKCUHKLM
1 SHRegGetInt
1 SHRegGetPath
1 SHRegGetUSValue
1 SHRegGetValue
1 SHRegGetValueFromHKCUHKLM
1 SHRegOpenUSKey
1 SHRegQueryInfoUSKey
1 SHRegQueryUSValue
1 SHRegSetPath
1 SHRegSetUSValue
1 SHRegSetValue
1 SHRegWriteUSValue
1 SHSetValue
1 SetClipboardData
1 SetConsoleCursorPosition
1 SetConsoleTitle
1 SetEnvironmentStrings
1 SetEnvironmentVariable
1 SetFileAttributes
1 SetFileTime
1 SetFirmwareEnvironmentVariable
1 SetFirmwareEnvironmentVariableEx
1 SetLastError
1 SetMailslotInfo
1 SetProcessMitigationPolicy
1 SetProcessWindowStation
1 SetProp
1 SetTcpEntry
1 SetThreadContext
1 SetThreadDesktop
1 SetThreadpoolWait
1 SetWindowLong
1 SetWindowLongPtr
1 SetupDiDestroyDeviceInfoList
1 SetupDiEnumDeviceInfo
1 SetupDiGetClassDevs
1 SetupDiGetDeviceRegistryProperty
1 ShellExecute
1 True ShellExecuteExW
1 ShowWindow
1 SignalObjectAndWait
1 SizeofResource
1 SleepEx
1 StartServiceCtrlDispatcher
1 SuspendThread
1 SwapMouseButton
1 SwitchDesktop
1 SwitchToFiber
1 SysAllocString
1 System.Security.Cryptography.Rfc2898DeriveBytes.GetBytes
1 System.Threading.Thread.Abort
1 SystemFunction032
1 SystemFunction036
1 SystemParametersInfo
1 SystemTimeToFileTime
1 TerminateThread
1 Thread32First
1 Thread32Next
1 TlsAlloc
1 TlsGetValue
1 TlsSetValue
1 Toolhelp32ReadProcessMemory
1 URLDownloadToCacheFile
1 URLDownloadToFile
1 URLOpenBlockingStream
1 URLOpenPullStream
1 URLOpenStream
1 True UnhookWindowsHookEx
1 UnlockUrlCacheEntryFile
1 UnregisterHotKey
1 UpdateResource
1 VariantInit
1 VerQueryValue
1 VerSetConditionMask
1 VerifyVersionInfo
1 VirtualAlloc
1 VirtualAllocEx
1 VirtualAllocExNuma
1 True VirtualProtectEx
1 VirtualQueryEx
1 VkKeyScan
1 VkKeyScanEx
1 WFSCleanUp
1 WFSClose
1 WFSExecute
1 WFSFreeResult
1 WFSGetInfo
1 WFSLock
1 WFSOpen
1 WFSRegister
1 WFSStartUp
1 WFSUnlock
1 WNetAddConnection
1 WNetAddConnection2
1 WNetAddConnection3
1 WNetCancelConnection
1 WNetCancelConnection2
1 WNetEnumResource
1 WSAAccept
1 WSAConnect
1 WSAGetLastError
1 True WSARecv
1 WSARecvDisconnect
1 WSARecvEx
1 True WSARecvFrom
1 WSARecvMsg
1 True WSASend
1 WSASendMsg
1 True WSASendTo
1 True WSASocketA
1 True WSAStartup
1 WSManCreateShell
1 WSManRunShellCommand
1 WSManRunShellCommandEx
1 WTSEnumerateProcesses
1 WTSEnumerateProcessesEx
1 WTSOpenServer
1 WaitForDebugEvent
1 WaitForMultipleObjects
1 WaitForMultipleObjectsEx
1 WaitForSingleObjectEx
1 WaitForThreadpoolWaitCallbacks
1 WaitOnAddress
1 WinExec
1 WinHttpAddRequestHeaders
1 WinHttpConnect
1 WinHttpOpen
1 WinHttpQueryDataAvailable
1 WinHttpQueryHeaders
1 WinHttpReadData
1 WinHttpReceiveResponse
1 WinHttpSendRequest
1 WinHttpWriteData
1 WriteConsoleInput
1 WriteConsoleOutput
1 WriteConsoleOutputCharacter
1 WriteFileEx
1 WritePrivateProfileString
1 True WriteProcessMemory
1 WudfIsAnyDebuggerPresent
1 WudfIsKernelDebuggerPresent
1 WudfIsUserDebuggerPresent
1 ZwAllocateVirtualMemory
1 ZwCreateDirectoryObject
1 True ZwCreateFile
1 ZwCreateKey
1 ZwCreateKeyTransacted
1 True ZwCreateProcess
1 True ZwCreateProcessEx
1 True ZwCreateSection
1 True ZwCreateThread
1 True ZwCreateThreadEx
1 True ZwCreateUserProcess
1 True ZwDeleteFile
1 ZwDeleteKey
1 ZwDeleteValueKey
1 ZwEnumerateKey
1 ZwEnumerateValueKey
1 ZwFreeVirtualMemory
1 True ZwLoadDriver
1 True ZwOpenFile
1 ZwOpenKey
1 ZwOpenKeyEx
1 ZwOpenKeyTransacted
1 ZwOpenKeyTransactedEx
1 True ZwOpenProcess
1 ZwOpenSection
1 True ZwOpenThread
1 ZwQueryDirectoryFile
1 True ZwQueryInformationFile
1 ZwQueryKey
1 ZwQueryValueKey
1 True ZwReadFile
1 True ZwResumeThread
1 ZwSetInformationFile
1 ZwSetSystemInformation
1 ZwSetValueKey
1 ZwSuspendThread
1 ZwUnloadDriver
1 ZwUnmapViewOfSection
1 True ZwWriteFile
1 True ZwWriteVirtualMemory
1 _Exit
1 __p__pgmptr
1 __p__wpgmptr
1 _allmul
1 _beginthread
1 _beginthreadex
1 _exit
1 _fwrite
1 _get_pgmptr
1 _get_wpgmptr
1 _mkdir
1 _pgmptr
1 _read
1 _rmdir
1 _system
1 _wmkdir
1 _wpgmptr
1 _wremove
1 _wrename
1 _wrmdir
1 _wsystem
1 True accept
1 atoi
1 chdir
1 chown
1 cuserid
1 dlmopen
1 dlopen
1 dup2
1 execl
1 execle
1 execlp
1 execv
1 execve
1 execvp
1 execvpe
1 fchdir
1 fchown
1 fchownat
1 fcntl
1 fdopen
1 fgetc
1 fgets
1 fgetwc
1 fopen
1 fopen64
1 fputc
1 fputs
1 fputwc
1 fputws
1 freopen
1 fscanf
1 fstat
1 fstatat
1 fstatfs
1 getc
1 getchar
1 getdelim
1 getdents
1 getdents64
1 geteuid
1 gethostent
1 getifaddrs
1 getline
1 getlogin
1 getlogin_r
1 getnameinfo
1 getpid
1 getppid
1 getpwnam
1 getpwnam_r
1 getpwuid_r
1 getwc
1 inet_pton
1 ioctl
1 True ioctlsocket
1 kill
1 lchown
1 True listen
1 lstat
1 memfrob
1 memmove
1 mkdir
1 open
1 openat
1 opendir
1 popen
1 posix_spawn
1 posix_spawnp
1 prctl
1 pthread_create
1 pthread_detach
1 pthread_setname_np
1 pthread_terminate
1 putc
1 putwc
1 putwchar
1 read
1 readdir
1 True recvfrom
1 recvmsg
1 remove
1 rename
1 rmdir
1 True select
1 sem_init
1 sem_post
1 sem_timedwait
1 sem_wait
1 True sendto
1 sleep
1 stat
1 statfs
1 strcmp
1 sysconf
1 sysinfo
1 uname
1 usleep
1 utime
1 utimes
1 vfscanf
1 waveInAddBuffer
1 waveInOpen
1 waveInStart
1 wsystem

@mr-tz mr-tz added the dynamic related to dynamic analysis flavor label May 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dynamic related to dynamic analysis flavor
Projects
None yet
Development

No branches or pull requests

1 participant