flat assembler
Message board for the users of flat assembler.

Index > Windows > To know what API used

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 07 May 2015, 10:10
People give me programs and let me run it automatically for some reason but I don't want anyone runs a virus(and so on). I want to ban some APIs by knowing whether it is used and if so, reject to run.
So how to do that? (Needn't be in assembly)
Post 07 May 2015, 10:10
View user's profile Send private message Reply with quote
cod3b453



Joined: 25 Aug 2004
Posts: 618
cod3b453 07 May 2015, 16:57
On a good day, you can see the libraries/APIs used from the import section (it lists DLLs and their respective APIs) though not all are necessarily used. On a bad day, you'll only see the GetProcAddress/LoadLibrary type functions which dynamically lookup and call; if you're lucky, you'll still be able to see the API strings in the data sections.

After this, you're into disassembling/reverse engineering to uncover obfuscated strings or interrupts/calls (int/syscall).
Post 07 May 2015, 16:57
View user's profile Send private message Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 674
l4m2 08 May 2015, 16:05
cod3b453 wrote:
On a good day, you can see the libraries/APIs used from the import section (it lists DLLs and their respective APIs) though not all are necessarily used. On a bad day, you'll only see the GetProcAddress/LoadLibrary type functions which dynamically lookup and call; if you're lucky, you'll still be able to see the API strings in the data sections.

After this, you're into disassembling/reverse engineering to uncover obfuscated strings or interrupts/calls (int/syscall).
not quite understand
Post 08 May 2015, 16:05
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.