Add new APIs #40
Comments
|
Hi Raouf, I don't actively maintain CuckooMon anymore, rather, in the next upcoming version of Cuckoo I'm going to integrate the new Monitor (https://github.com/jbremer/monitor). So it'd make more sense to add certain functions there. Thanks! |
|
Hi, First thank's for reply; In fact I have a master 2 project in which I have to build a classificaion model for malware detection. To build the model I have to monitor only a subset of 126 apis functions from cuckoo sandbox. The problem is that I don't know exactly how to add apis. -Then please could you simply explain me and show me just by ONE example for one function api(Let's say CharUpperW api fucntion) how add it STEP BY STEP; from zero to the last; all modification I have to do in all files...etc, in order to display finaly this api in the log file output by cuckoo sandbox. |
|
@jbremer when the new monitor will be add to cuckoo organization and replace to old monitor? Is https://github.com/jbremer/monitor the "main" repo for new monitor? |
|
@jhg For the 1.3 release, I guess. Yes, that's currently still the main repository. |
|
@jbremer thank you for info. And there is a date estimated for 1.3 release? New monitor will have hardening for don't need patch it? |
|
@jhg I'll try to do as much as possible. If you have 'hardening requests', please do let me know, though. Feel free to send me an email or leave a pull request for the new monitor. |
|
@jbremer I'm beginner in cuckoo, I don't know so cuckoo code as for write new feature still, when I learn more I would like leave pull request. Many books explain about hardening with pafish and editing hook_reg for a malware don't read reg keys about VirtualBox, VMware, etc; I think it is good for use in cuckoo by default, without modify the monitor. |
i want to add some new APIs to cuckoomon dll and delete some APIs but i'm noob and i don't know which file i need to modify so pleas help me. thanks
API that i want to add :
(kernel32, LocalFree)
(kernel32, GetModuleFileNameA)
(kernel32, LoadLibraryA)
(kernel32, GetVersion)
(user32, LoadImageA)
(user32, DefWindowProcA)
(user32, CreateWindowExA)
(user32, GetWindowThreadProcessId)
(advapi32, RegOpenKeyA)
(user32, GetFocus)
(user32, GetWindow)
(kernel32,CloseHandle)
(kernel32, GetPrivateProfileStringA)
(kernel32, GetWindowsDirectoryA)
(user32, WindowFromPoint)
(kernel32, LoadLibraryW)
(kernel32, FindFirstFileA)
(kernel32, FindNextFileA)
(user32, GetDlgItem)
(kernel32, RegOpenCurrentUser)
(advapi32, RegOpenKeyW)
(user32, LoadStringW)
(user32, SystemParametersInfoA)
(kernel32, GetSystemDirectoryA)
(advapi32, RegCreateKeyW)
(kernel32, CreateFileA)
(kernel32, ReadFile)
(kernel32, WriteFile)
(kernel32,CreateFileMappingA)
(kernel32, CreateFileW)
(kernel32, FreeResource)
(kernel32, CreateProcessW)
(kernel32, SetFileAttributesA)
(kernel32, FindFirstFileW)
(advapi32, RegCreateKeyA)
(kernel32, OpenProcess)
(kernel32, CreateDirectoryA)
(user32, SendDlgItemMessageA)
(wininet, InternetSetOptionA)
(kernel32, FindResourceExA)
(kernel32, GetCommandLineW)
(kernel32, IsValidLocale)
(kernel32, Process32Next)
(kernel32, CreateProcessA)
kernel32, MoveFileA)
(kernel32, GlobalReAlloc)
(kernel32, SetEndOfFile)
(advapi32, GetSecurityDescriptorDacl)
(user32, SetWindowTextW)
(kernel32, GetStartupInfoW)
(wininet, InternetSetOptionW)
(kernel32, TerminateProcess)
(kernel32, MoveFileExA)
(user32, CharUpperW)
(kernel32, GetConsoleOutputCP)
(kernel32, MoveFileExW)
The text was updated successfully, but these errors were encountered: