Skip to content

Commit

Permalink
add runtime resolved functions
Browse files Browse the repository at this point in the history
  • Loading branch information
@mr-tz
mr-tz committed Oct 11, 2023
1 parent 7ddf609 commit 1be6720
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
10 changes: 10 additions & 0 deletions lib/allocate-memory.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,13 @@ rule:
- api: ZwAllocateVirtualMemory
- api: NtMapViewOfSection
- api: ZwMapViewOfSection
- and:
- match: link function at runtime on Windows
- or:
- string: "VirtualAlloc"
- string: "VirtualAllocEx"
- string: "VirtualAllocExNuma"
- string: "NtAllocateVirtualMemory"
- string: "ZwAllocateVirtualMemory"
- string: "NtMapViewOfSection"
- string: "ZwMapViewOfSection"
7 changes: 7 additions & 0 deletions lib/change-memory-protection.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,10 @@ rule:
- api: kernel32.VirtualProtectEx
- api: NtProtectVirtualMemory
- api: ZwProtectVirtualMemory
- and:
- match: link function at runtime on Windows
- or:
- string: "VirtualProtect"
- string: "VirtualProtectEx"
- string: "NtProtectVirtualMemory"
- string: "ZwProtectVirtualMemory"

0 comments on commit 1be6720

Please sign in to comment.