🪨Process Information API's

List of Network API's used by Malware Dude :)

OpenProcess: Opens a handle to a specified process, allowing malware to access and manipulate that process's memory and properties.
EnumProcesses: Retrieves a list of process identifiers (PIDs) for all running processes on the system, which can be used to identify and target specific processes.
GetProcessTimes: Provides information about the amount of time a process has spent executing in user mode and kernel mode, which can help malware assess process activity.
GetProcessId: Retrieves the process identifier for a given handle, which is useful for tracking or interacting with specific processes.
GetProcessMemoryInfo: Provides information about the memory usage of a process, including details about working set size and page file usage.
NtQuerySystemInformation: Provides detailed information about system processes, including their state and memory usage. It is often used for more extensive process monitoring and analysis.
GetModuleFileName: Retrieves the full path of the executable file for a specified module within a process, which can help malware identify and manipulate specific applications.
CreateRemoteThread: Creates a thread in the address space of another process, often used for code injection or to execute malicious payloads in the context of a different process.
WriteProcessMemory: Writes data into the memory space of another process, facilitating code injection or manipulation of process behavior.
ReadProcessMemory: Reads data from the memory space of another process, which can be used for stealing information or analyzing process data.
TerminateProcess: Terminates a specified process, which can be used by malware to kill security software or other critical processes.
QueryFullProcessImageName: Retrieves the full path of the executable image of a specified process, useful for identifying processes by their executable location.
EnumWindows: Enumerates all top-level windows on the screen, which can be used to interact with or manipulate user interfaces of running applications.
GetWindowThreadProcessId: Retrieves the process identifier of the process that created a specified window, useful for identifying which process owns a particular window.
GetCurrentProcessId: Retrieves the process identifier of the calling process, which can be used to identify or reference the process itself.

PreviousSuspicious API's NextRegistry API's

Last updated 7 months ago

🪨Process Information API's

List of Network API's used by Malware Dude :)

OpenProcess: Opens a handle to a specified process, allowing malware to access and manipulate that process's memory and properties.
EnumProcesses: Retrieves a list of process identifiers (PIDs) for all running processes on the system, which can be used to identify and target specific processes.
GetProcessTimes: Provides information about the amount of time a process has spent executing in user mode and kernel mode, which can help malware assess process activity.
GetProcessId: Retrieves the process identifier for a given handle, which is useful for tracking or interacting with specific processes.
GetProcessMemoryInfo: Provides information about the memory usage of a process, including details about working set size and page file usage.
NtQuerySystemInformation: Provides detailed information about system processes, including their state and memory usage. It is often used for more extensive process monitoring and analysis.
GetModuleFileName: Retrieves the full path of the executable file for a specified module within a process, which can help malware identify and manipulate specific applications.
CreateRemoteThread: Creates a thread in the address space of another process, often used for code injection or to execute malicious payloads in the context of a different process.
WriteProcessMemory: Writes data into the memory space of another process, facilitating code injection or manipulation of process behavior.
ReadProcessMemory: Reads data from the memory space of another process, which can be used for stealing information or analyzing process data.
TerminateProcess: Terminates a specified process, which can be used by malware to kill security software or other critical processes.
QueryFullProcessImageName: Retrieves the full path of the executable image of a specified process, useful for identifying processes by their executable location.
EnumWindows: Enumerates all top-level windows on the screen, which can be used to interact with or manipulate user interfaces of running applications.
GetWindowThreadProcessId: Retrieves the process identifier of the process that created a specified window, useful for identifying which process owns a particular window.
GetCurrentProcessId: Retrieves the process identifier of the calling process, which can be used to identify or reference the process itself.

PreviousSuspicious API's NextRegistry API's

Last updated 7 months ago