Page cover

🪨Process Information API's

List of Network API's used by Malware Dude :)

  • OpenProcess: Opens a handle to a specified process, allowing malware to access and manipulate that process's memory and properties.

  • EnumProcesses: Retrieves a list of process identifiers (PIDs) for all running processes on the system, which can be used to identify and target specific processes.

  • GetProcessTimes: Provides information about the amount of time a process has spent executing in user mode and kernel mode, which can help malware assess process activity.

  • GetProcessId: Retrieves the process identifier for a given handle, which is useful for tracking or interacting with specific processes.

  • GetProcessMemoryInfo: Provides information about the memory usage of a process, including details about working set size and page file usage.

  • NtQuerySystemInformation: Provides detailed information about system processes, including their state and memory usage. It is often used for more extensive process monitoring and analysis.

  • GetModuleFileName: Retrieves the full path of the executable file for a specified module within a process, which can help malware identify and manipulate specific applications.

  • CreateRemoteThread: Creates a thread in the address space of another process, often used for code injection or to execute malicious payloads in the context of a different process.

  • WriteProcessMemory: Writes data into the memory space of another process, facilitating code injection or manipulation of process behavior.

  • ReadProcessMemory: Reads data from the memory space of another process, which can be used for stealing information or analyzing process data.

  • TerminateProcess: Terminates a specified process, which can be used by malware to kill security software or other critical processes.

  • QueryFullProcessImageName: Retrieves the full path of the executable image of a specified process, useful for identifying processes by their executable location.

  • EnumWindows: Enumerates all top-level windows on the screen, which can be used to interact with or manipulate user interfaces of running applications.

  • GetWindowThreadProcessId: Retrieves the process identifier of the process that created a specified window, useful for identifying which process owns a particular window.

  • GetCurrentProcessId: Retrieves the process identifier of the calling process, which can be used to identify or reference the process itself.

PreviousSuspicious API'sNextRegistry API's

Last updated