Windows API reference
ADVAPI32.dll = part of an advanced API services library supporting numerous APIs including many security and registry calls
@ CreateServiceA = create a new windows service, can be used for persistence
@ RegCreateKeyExA = create or open registry key, can be used for persistence
@ GetSetValueExA = set registry value, can be used for persistence
@ StartServiceA = start a windows service, can be used for persistence
AUTHZ.dll = responsible for component Authorization Framework for Windows systems
@ AuthzInitializeContextFromSid = creates a user-mode client context from a user security identifier (SID)
COMCTL32.dll = module that contains common GUI components used by Windows applications
COMDLG32.dll = module that contains Common dialog boxes used by Windows applications, such as the standard Open File form
@ GetOpenFileNameA = open file dialog box
@ GetSaveFileNameA = save file dialog box
CRYPTBASE.dll = responsible for component Base cryptographic API DLL for Windows
GDI32.dll = library that implements the GDI subsystem, where primitive graphical operations are performed
IPHLPAPI.dll = module containing the functions used by the Windows IP Helper API
@ GetAdaptersInfo = gets info on the network adapters of the system
@ GetIfTable = enumerates physical interfaces on system
KERNEL32.dll = Windows operating system kernel
@ CreateFileA = create an ASCII file, can be used to drop a file
@ CreateMutexA = create a mutex (mutually exclusive object), can be used to avoid infecting the system more than once & to coordinate communications among multiple components
@ CreateProcessA = create a process, can be used to execute a program
@ CreateThread = create a process, can be used to generate child process
@ ExpandEnvironmentStringsA = get an environment variable
@ GetModuleFileNameA = gets the name of the a module/dll already loaded
@ GetModuleHandleA = get an existing module/dll
@ GetProcAddress = get address of an exported function
@ GetSystemInfo = get info about the system
@ LoadLibraryA = load a module/dll, can be used to inject into processes
@ LoadLibraryW = load a module/dll, can be used to inject into processes
@ VirtualAlloc = reserves memory in the calling process
@ WriteExe = same as CreateProcess but for 16bit compatibility, can be used to execute a program
@ WriteFile = write to a file, can be used to drop a file
KERNELBASE.dll = system file of Windows Operating System, which serves various Windows applications and services, kinda like a second generation of kernel32.dll
MFC42.DLL = module that contains the Microsoft Foundation Classes (MFC) functions
@ WNetAddConnection2W = makes a connection to a network resource and can redirect a local device to the network resource
@ WNetGetConnection2W = retrieves the name of the network resource associated with a local device
@ WNetUseConnection2W = makes a connection to a network resource. The function can redirect a local device to a network resource
MPR.DLL = module containing functions used to handle communication between the Windows operating system and the installed network providers
MSVCP60.dll = standard C library functions such as printf, memcpy, and cos
MSVCRT.DLL = the C standard library for the Visual C++ (MSVC) compiler
@ fopen = open a file
@ memmove = overwrite memory
NDDEAPI.DLL = Windows for Workgroups DDE (Dynamic Data Exchange) Share Interface, no longer supported
@ NDdeShareEnumA = retrieves available shares
NETAPI32.DLL = module that contains the Windows NET API used by applications to access a Microsoft network
@ NetLocalGroupAddMembers = adds an account to a group, can be used for persistence
@ NetUserAdd = adds a new account, can be used for persistence
NTDSAPI.DLL = module that contains a set of COM interfaces used to access the capabilities of directory services from different network providers
@ DsServerRegisterSpnA = function either registers or unregisters the SPNs (service prinicpal names)
OLE32.dll = part of the object linking and embedding technology, or OLE
@ CreateBindCtx = returns object with info about a particular COM linking moniker
OLEAUT32.dll = library used in Microsoft for OLE (Object linking and embedding) technologies; OLE Automation
PSAPI.dll = Process Status Helper file used by Windows to collate information and files about all your software & drivers on your PC
@ EnumProcesses = Retrieves the process identifier for each process object in the system
@ EnumProcessModules = Retrieves a handle for each module in the specified process
RPCRTREMOTE.dll = process which is responsible for component Remote RPC Extension for Windows
RSAENH.dll = module that implements the Microsoft enhanced cryptographic service provider (CSP)
@ CPCreateHash = creates and initializes a new hash object
@ CPDecrypt = Decrypt data
SHELL32.dll = Windows Shell API functions, which are used when opening web pages and files
@ SHBrowseForFolderA = Displays a dialog box that enables the user to select a folder
@ ShellExecuteA = performs an operation on a file like open, find, and explore
SHFOLDER.dll = contains functions regarding Windows special folders such as My Documents
@ SHGetFolderPathA = can be used to return folder paths like user's AppData
SHLWAPI.dll = library which contains functions for UNC and URL paths, registry entries, and color settings
@ SHDeleteKeyA = deletes a registry key and all descendants
URLMON.dll = module that contains functions used by Microsoft OLE (Object Linking and Embedding)
@ UrlDownloadToFileA = Downloads bits from the Internet and saves them to a file, can be used to download payload
USER32.dll = used for windowing and other interactive user program tasks
@ CreateWindowExA = open a new window
@ DrawIcon = draw an icon or cursor
@ EnableWindow = enable mouse and keyboard input in a window
@ PeekMessageA = looks at incoming message to a window
@ PostMessageA = sends message to a window
@ RegisterClassExA = registers a class in relation to a window
@ SetFocus = sets focus on a window
@ SetWindowsHookEx = popular way keyloggers receive keyboard inputs
USERENV.dll = module that contains application programming interface (API) functions to create and manage user profiles
@ LoadUserProfileW = Loads the specified user's profile. The profile can be a local user profile or a roaming user profile
USP10.dll = module that contains a collection of application programming interface (API) functions that enable a text layout client to format complex scripts
VERSION.dll = module that contains application programming interface (API) functions used for Windows version checking
WININET.dll = module that contains Internet-related functions used by Windows applications
@ InternetOpenA = Initializes an application's use of the WinINet functions
@ InternetOpenUrlA = Opens a resource specified by a complete FTP or HTTP URL
@ InternetReadFile = Reads data from a handle opened by the InternetOpenUrl, FtpOpenFile, or HttpOpenRequest
@ FindNextUrlCacheEntryA = Retrieves the next entry in the Internet cache
@ DeleteUrlCacheEntry = Removes the file from the cache
WINNM.dll = module for the Windows Multimedia API, which contains low-level audio and joystick functions
WS2_32.dll = Windows Sockets API used by most Internet and network applications to handle network connections
@ WSAloctl = controls the mode of a socket
@ WSASocketA = creates a new socket
WSOCK32dll = just a wrapper for the actual winsock ws2_32.dll, windows sockets api
@ gethostbyname = lookup ip of host
@ send = send data thru socket
@ socket = create a socket
@ WSAStartup = initiates use of the Winsock DLL by a process
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2017, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment