crash.software
Projects
Pull Requests
Issues
Builds
BananaPhone
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY BananaPhone Commits bab99f50
🤬
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 34 lines
    35 35   var x *uintptr
    36 36   bananaphone.NtCreateThreadEx(createthread, x, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2)
    37 37   ntapi.Call(0, 3, 3, 3, 3)
    38  - ```
    39  - <imghere>
     38 + ```
     39 +![image showing api monitor output](img/apiMonitor.png)
    40 40  
    41 41   What you're looking at is the output of API Monitor, which can be used to track a program's API calls. Each function was called with some easy to identify values (all 1's as a parameter, all 2's etc). What this shows is that the call made by `bananaphone.NtCreateThreadEx` is not captured by API Monitor, and any AV/EDR that uses similar methods probably won't catch it either. Neat.
    42 42  
    skipped 1 lines
  • img/apiMonitor.png
Please wait...
Page is in error, reload to recover