2. Maldev APIs Learned

on

 

MalDev Academy Refresher: 1-10

1️⃣ Windows Basics

  • OS Structure → User Mode ↔ Kernel Mode.

  • Processes, Threads, Handles → Basic understanding.

  • Why Malware Works → API usage, privilege, persistence.

2️⃣ Windows API Basics

  • API Calls → Functions exposed by Windows DLLs.

  • Headers & Librarieswindows.h, linking .lib files.

  • Function Prototypes → Know how to match parameters.

3️⃣ Error Handling

  • GetLastError() → Retrieve the last WinAPI error.

  • Error codes → Map to meaning via docs.

  • Purpose → Debugging & stealth checks.

4️⃣ MessageBoxW

  • First interaction with WinAPI.

  • Learned how to:

    • Call Unicode API (MessageBoxW)

    • Pass flags like MB_OK, MB_YESNO.

    • Handle return values like IDOK, IDCANCEL.

  • Use case in malware → Testing execution, sandbox detection.

5️⃣ CreateProcessW

  • Learned to start processes.

  • Structures:

    • STARTUPINFO

    • PROCESS_INFORMATION

  • Flags: CREATE_SUSPENDED, CREATE_NO_WINDOW.

  • Resume with ResumeThread().

6️⃣ Memory Management

  • Functions:

    • VirtualAlloc → Reserve/commit memory.

    • VirtualFree → Release memory.

    • VirtualProtect → Change memory protection.

    • RtlFillMemory → Fill memory with data.

  • Purpose → Allocating space for shellcode, patching, injection.

7️⃣ File Management

  • CreateFileW → Open/create files.

  • GENERIC_READ / GENERIC_WRITE access.

  • Handle checking & error handling.

  • Closing handles (CloseHandle).

8️⃣ DLL Basics

  • What is a DLL?

  • DLLMain() → Entry point.

  • Exported functions with __declspec(dllexport).

  • Calling DLL functions from EXE via:

    • Implicit linking (header + lib)

    • Dynamic linking (LoadLibrary, GetProcAddress).

9️⃣ DLL Loading & Execution

  • LoadLibraryA/W → Load DLL into process.

  • GetProcAddress() → Get pointer to exported function.

  • Typecasting → Call the function.

  • Error checking for module & function loading.

🔟 Putting It Together

You now know how to:

  1. Show Output (MessageBoxW).

  2. Create a Process (CreateProcessW).

  3. Allocate Memory (VirtualAlloc, VirtualProtect).

  4. Handle Files (CreateFileW).

  5. Work with DLLs (build, load, call functions).

  6. Check & Handle Errors (GetLastError).

Comments

Post a Comment