Notice
Recent Posts
Recent Comments
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 |
Tags
- svn update
- Python
- debugging
- mock.patch
- ecma
- h5py.File
- ida pro
- commandline
- Analysis
- Injection
- Ransomware
- malware
- MySQL
- TensorFlow
- open office xml
- error
- idapython
- hex-rays
- ida
- NumPy Unicode Error
- 포인터 매핑
- javascript
- x64
- data distribution
- pytest
- error fix
- Rat
- idb2pat
- why error
- idapro
Archives
- Today
- Total
13 Security Lab
[API Referenc] Win32 matched Native API 본문
Computer Science/Windows Externals
[API Referenc] Win32 matched Native API
Maj0r Tom 2015. 5. 1. 18:36
| Process | Win32 | Native API |
| OpenProcess | NtOpenProcess | |
| TerminateProcess | NtTerminateProcess | |
| CreateProcess | NtCreateProcess(Ex)/NtCreateUserProcess, | |
| RtlCreateUserProcess | ||
| GetProcessId | NtQueryInformationProcess (ProcessBasicInformation) |
|
| ExitProcess | RtlExitUserProcess (Windows Vista and later) | |
| GetPriorityClass | NtQueryInformationProcess (ProcessPriorityClass) |
|
| SetPriorityClass | NtSetInformationProcess (ProcessPriorityClass) |
|
| N/A (suspend process) | NtSuspendProcess | |
| N/A (resume process) | NtResumeProcess | |
| Thread | Win32 | Native API |
| OpenThread | NtOpenThread | |
| TerminateThread | NtTerminateThread | |
| CreateRemoteThread(Ex) | RtlCreateUserThread/NtCreateThread(Ex) | |
| ExitThread | RtlExitUserThread | |
| GetThreadContext | NtGetContextThread | |
| SetThreadContext | NtSetContextThread | |
| SuspendThread | NtSuspendThread | |
| ResumeThread | NtResumeThread | |
| Sleep(Ex) | NtDelayExecution | |
| Virtual memory | Win32 | Native API |
| VirtualAlloc(Ex) | NtAllocateVirtualMemory | |
| VirtualFree(Ex) | NtFreeVirtualMemory | |
| VirtualProtect(Ex) | NtProtectVirtualMemory | |
| VirtualLock | NtLockVirtualMemory | |
| ReadProcessMemory | NtReadVirtualMemory | |
| WriteProcessMemory | NtWriteVirtualMemory | |
| VirtualQuery(Ex) | NtQueryVirtualMemory | |
| Heaps | Win32 | Native API |
| HeapCreate | RtlCreateHeap | |
| HeapAlloc | RtlAllocateHeap | |
| HeapFree | RtlFreeHeap | |
| HeapDestroy | RtlDestroyHeap | |
| Objects | Win32 | Native API |
| CloseHandle | NtClose | |
| DuplicateHandle | NtDuplicateObject | |
| GetKernelObjectSecurity | NtQuerySecurityObject | |
| SetKernelObjectSecurity | NtSetSecurityObject | |
| File system | Win32 | Native API |
| CreateFile | NtCreateFile | |
| ReadFile(Ex) | NtReadFile | |
| WriteFile(Ex) | NtWriteFile | |
| DeleteFile | NtDeleteFile/ | |
| NtSetInformationFile (FileDispositionInformation) |
||
| DeviceIoControl | NtDeviceIoControlFile /NtFsControlFile |
|
| System information | Win32 | Native API |
| GetSystemInfo | NtQuerySystemInformation (SystemBasicInformation) |
|
| CreateToolhelp32Snapshot /EnumProcesses |
NtQuerySystemInformation | |
| - SystemProcessInformation | ||
| - SystemExtendedProcessInformation | ||
| Power | Win32 | Native API |
| SetSystemPowerState | NtInitiatePowerAction | |
| N/A (force shutdown) | NtShutdownSystem | |
| SetThreadExecutionState | NtSetThreadExecutionState | |
| Other | Win32 | Native API |
| EncodePointer | RtlEncodePointer | |
| DecodePointer | RtlDecodePointer | |
| EncodeSystemPointer | RtlEncodeSystemPointer | |
| DecodeSystemPointer | RtlDecodeSystemPointer |
'Computer Science/Windows Externals' Related Articles
more
Comments