Skip to content

Commit

Permalink
Merge pull request #919 from jtothej/callback_update
Browse files Browse the repository at this point in the history 
Update execute-shellcode-via-windows-callback-function.yml
  • Loading branch information
@mr-tz
mr-tz authored Aug 16, 2024
2 parents 1d4b140 + 99c5cf0 commit 10c75cc
Showing 1 changed file with 32 additions and 1 deletion.
33 changes: 32 additions & 1 deletion load-code/shellcode/execute-shellcode-via-windows-callback-function.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,28 +29,59 @@ rule:
- and:
- match: allocate or change RWX memory
- or:
- api: AddPropSheetPageProc
- api: CallWindowProc
- api: CertEnumSystemStore
- api: CertEnumSystemStoreLocation
- api: CreateTimerQueueTimer
- api: CryptEnumOIDInfo
- and:
- api: DPA_Create
- api: DPA_SetPtr
- api: DPA_EnumCallback
- and:
- api: DSA_Create
- api: DSA_InsertItem
- api: DSA_EnumCallback
- api: DrawState
- api: EnumCalendarInfo
- api: EnumCalendarInfoEx
- api: EnumChildWindows
- api: EnumChildWindows
- api: EnumDateFormats
- api: EnumDesktops
- api: EnumDesktopWindows
- api: EnumDirTree
- api: EnumDisplayMonitors
- api: EnumFontFamilies
- api: EnumFontFamiliesEx
- api: EnumFonts
- api: EnumLanguageGroupLocales
- and:
- or:
- api: GetDC
- api: GetDCEx
- api: EnumObjects
- api: EnumProps
- api: EnumPropsEx
- api: EnumPwrSchemes
- api: EnumResourceTypes
- api: EnumSystemCodePages
- api: EnumSystemGeoID
- api: EnumSystemGeoNames
- api: EnumSystemLanguageGroups
- api: EnumSystemLocales
- api: EnumThreadWindows
- api: EnumTimeFormats
- api: EnumUILanguages
- api: EnumWindows
- api: EnumWindowStations
- api: EnumerateLoadedModules
- api: GrayString
- api: ImmEnumInputContext
- api: LineDDA
- and:
- api: SymInitialize
- or:
- api: SymEnumProcesses
- api: SymRegisterCallback
- api: VerifierEnumerateResource

0 comments on commit 10c75cc

Please sign in to comment.