Questions tagged [winapi]
Microsoft's application programming interfaces available in the Windows operating system.
88 questions
1
vote
1
answer
191
views
What is the Win32 function that displays Microsoft "Pick an account" popup window?
Which Windows API shows this popup, asking to select Windows user account?
- 1,770
0
votes
0
answers
51
views
How to get the list of application-defined hooks currently installed by running processes in windows?
I would like to know how, if possible, I could enumerate running processes and access hooks installed by each process if any. I found this blog from 2006 but I am having difficulty replicating it. I ...
1
vote
2
answers
111
views
What structure does GetProcessHeap actually return?
I'm currently reverse engineering a 1998 era Windows game that, I think, tries to page in process data prior to the (time critical) game loop.
Below, equivalent reverse engineered c code can be found.
...
- 123
3
votes
1
answer
205
views
How can I set up a conditional breakpoint for the CreateFileW function for when a specific file/path is read in x64dbg?
I'm currently debugging a program using x64dbg, and I'm struggling to set up a conditional breakpoint on the CreateFileW function:
HANDLE CreateFileW(
[in] LPCWSTR lpFileName,...
- 35
1
vote
2
answers
301
views
Identifying file-access functions used by explorer.exe
I'm trying to write a Windows 10 64-bit rootkit that runs on userland and hides files using IAT hooking. I managed to accomplish that on cmd.exe by hooking FindFirstFileW and FindNextFileW imported ...
3
votes
1
answer
214
views
Are win32api calls differentiable from real actions?
I've been tinkering with the win32api library on Python and interacting with Notepad. I now want to try it on an online game to automate some boring tasks but I'm scared I get banned for this.
Is for ...
- 31
4
votes
0
answers
132
views
API Breakpoints not hitting while debugging a malware using x32dbg
I have been having a really strange issue which I have tried all ways to troubleshoot from my end but was not successful.
I am going through a malware analysis course and following the debugging ...
- 41
5
votes
1
answer
409
views
Why is function in kernel32.dll jumping into a api-ms-win-core stub
I was trying to look into the implementation of GetVersion function in kernel32.dll.
I was surprised to see that the GetVersion thunk is issuing a jump to API-MS-WIN-CORE-SYSINFO-L1-1-0.DLL::...
- 205
2
votes
0
answers
59
views
Redirect exception handler?
I'm working on a localization project and have a few trampoline hooks to translate some text in an online game. Periodically throughout gameplay, there are checks that run in the background to ensure ...
1
vote
1
answer
2k
views
How to disassemble an entire function in Windbg?
I am trying to disassemble the function ExAcquireFastMutex using WinDbg but it gives me only 8 rows:
3: kd> u nt!ExAcquireFastMutex
nt!ExAcquireFastMutex:
fffff805`456e3820 4053 push ...
- 583
1
vote
0
answers
149
views
How to get the call stack of WinAPI functions?
Yesterday, I noticed an answer to a question about the purpose of a certain undocumented function, which is a call stack (including the DLL library) for this function, This got me interested in the ...
- 137
3
votes
0
answers
259
views
Why can't I view certain USER32.dll API calls in the disassembly?
I'm trying to understand and patch the GUI in Microsoft Edge. When I look at the disassembly in 2 different debuggers (x64dbg and cutter), the API calls responsible for much of the GUI functionality ...
- 31
2
votes
0
answers
142
views
Frida hook InsertMenuItemW
I'm trying to get information about menu items in an application. Experimentally established that InsertMenuItemW is called. Thanks to the documentation, I set the number of input parameters and wrote ...
- 85
1
vote
1
answer
93
views
funcion calls extern function without body
I wanted to look at how does the Windows API get the size of a file, so I opened kernel32.dll in a disassembler. I searched for GetFileSizeEx, and it seems to call a stub(?), but the disassembler ...
- 145
0
votes
1
answer
3k
views
How do I get all sections in a PE file using C++?
So I am wondering how can I get all sections and their info from a dumped PE file on the disk, using C++.
I have the entire PE loaded on a buffer, the NT headers, and hopefully the DOS headers.
I need ...
- 28