📨Shadow Copy API's

List of Shadow Copy API's by Malware Dude :)

Shadow Copy APIs are used to manage and interact with Volume Shadow Copy Service (VSS) in Windows. VSS is a technology that allows for the creation of backup copies or snapshots of data volumes, which can be useful for backup and recovery purposes. However, malware can exploit these APIs to create or manipulate shadow copies to evade detection or restore itself after being removed.

VssCreateSnapshot:
- Description: Creates a shadow copy (snapshot) of a specified volume. This function is part of the VSS API and is used to create backups of data volumes.
VssGetSnapshotProperties:
- Description: Retrieves the properties of a shadow copy. This can be used to get information about existing shadow copies.
VssDeleteSnapshots:
- Description: Deletes shadow copies. Malware might use this API to remove shadow copies and make it harder for forensic analysis.
VssEnumerateSnapshots:
- Description: Enumerates existing shadow copies. This can be used to list all the snapshots on a system.
VssQuerySnapshots:
- Description: Queries shadow copies to get information about the snapshots, such as their creation times or the volumes they are associated with.
IVssBackupComponents Interface:
- Description: Provides methods to manage backup and restore operations, including creating and managing shadow copies.
IVssSnapshotManagement Interface:
- Description: Allows for the management of shadow copies, including creating, deleting, and querying snapshots.
IVssCreateSnapshotSet Interface:
- Description: Manages a set of shadow copies. This interface allows for the creation and management of multiple snapshots.

PreviousData Wiping API's NextWhat is Malicious API's Functions

Last updated 7 months ago

📨Shadow Copy API's

List of Shadow Copy API's by Malware Dude :)

VssCreateSnapshot:
- Description: Creates a shadow copy (snapshot) of a specified volume. This function is part of the VSS API and is used to create backups of data volumes.
VssGetSnapshotProperties:
- Description: Retrieves the properties of a shadow copy. This can be used to get information about existing shadow copies.
VssDeleteSnapshots:
- Description: Deletes shadow copies. Malware might use this API to remove shadow copies and make it harder for forensic analysis.
VssEnumerateSnapshots:
- Description: Enumerates existing shadow copies. This can be used to list all the snapshots on a system.
VssQuerySnapshots:
- Description: Queries shadow copies to get information about the snapshots, such as their creation times or the volumes they are associated with.
IVssBackupComponents Interface:
- Description: Provides methods to manage backup and restore operations, including creating and managing shadow copies.
IVssSnapshotManagement Interface:
- Description: Allows for the management of shadow copies, including creating, deleting, and querying snapshots.
IVssCreateSnapshotSet Interface:
- Description: Manages a set of shadow copies. This interface allows for the creation and management of multiple snapshots.

PreviousData Wiping API's NextWhat is Malicious API's Functions

Last updated 7 months ago