Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RVAs of apicalls #463

Closed
catsuryuu opened this issue Mar 5, 2021 · 0 comments · Fixed by #504
Closed

RVAs of apicalls #463

catsuryuu opened this issue Mar 5, 2021 · 0 comments · Fixed by #504
Assignees
@chivay
Labels
certpl Fix requested by CERT.PL team drakrun/postprocessing Issues in drakrun part, related to something that is happening after DRAKVUF is stopped. enhancement New feature or request priority:medium Something is partially broken or annoys some users

Comments

@catsuryuu
Copy link
Contributor

catsuryuu commented Mar 5, 2021
edited
Loading

I have a list of 1024 apicalls, which come from 36 DLLs.
For each snapshot (or karton task) I need RVAs of this apicalls inside the DLLs.

I prefer to get these RVAs from karton tasks, I would have everything in one place.
Since there are only 1024 of these functions, it shouldn't be a problem?
But it's not a "must be" for me.

The list of apicalls is here:
https://github.com/danielplohmann/apiscout/blob/master/apiscout/data/winapi1024v1.txt
and the list of DLLs is as follows:

['GdiPlus.dll', 'Wldap32.dll', 'advapi32.dll', 'comctl32.dll', 'crypt32.dll', 'dnsapi.dll', 'gdi32.dll', 'imagehlp.dll', 'imm32.dll', 'iphlpapi.dll', 'kernel32.dll', 'mpr.dll', 'msacm32.dll', 'msvcrt.dll', 'netapi32.dll', 'ntdll.dll', 'ole32.dll', 'oleaut32.dll', 'powrprof.dll', 'psapi.dll', 'rpcrt4.dll', 'secur32.dll', 'sensapi.dll', 'shell32.dll', 'shlwapi.dll', 'urlmon.dll', 'user32.dll', 'userenv.dll', 'version.dll', 'winhttp.dll', 'wininet.dll', 'winmm.dll', 'winspool.drv', 'ws2_32.dll', 'wsock32.dll', 'wtsapi32.dll']
@catsuryuu catsuryuu added the enhancement New feature or request label Mar 5, 2021
@chivay chivay added certpl Fix requested by CERT.PL team drakrun/postprocessing Issues in drakrun part, related to something that is happening after DRAKVUF is stopped. priority:medium Something is partially broken or annoys some users labels Mar 5, 2021
@icedevml icedevml mentioned this issue Mar 11, 2021
Closed
@chivay chivay self-assigned this Mar 16, 2021
@chivay chivay mentioned this issue Apr 12, 2021
Merged
4 tasks
@catsuryuu catsuryuu mentioned this issue Sep 1, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chivay chivay

Labels
certpl Fix requested by CERT.PL team drakrun/postprocessing Issues in drakrun part, related to something that is happening after DRAKVUF is stopped. enhancement New feature or request priority:medium Something is partially broken or annoys some users
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

drakrun: Attach profiles to analyses CERT-Polska/drakvuf-sandbox
2 participants
@chivay @catsuryuu