What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Notes for Common DLLs functionlity

A program's DLLs can tell you a lot about its functionality. Below lists common DLLs and what they tell you about an application.  - Practical Malware Analysis

Kernel32.dllThis is a very common DLL that contains core functionality, such as access and manipulation of memory, files, and hardware.
Advapi32.dllThis DLL provides access to advanced core Windows components such as the Service Manager and Registry.
User32.dllThis DLL contains all the user-interface components, such as buttons, scroll bars, and components for controlling and responding to user actions.
Gdi32.dllThis DLL contains functions for displaying and manipulating graphics.
Ntdll.dllThis DLL is the interface to the Windows kernel. Executables generally do not import this file directly, although it is always imported indirectly by Kernel32.dll. If an executable import this file, it means that the author intended to use functionality not normally available to Windows programs. Some tasks, such as hiding functionality or manipulating processes, will use this interface.
WSock32.dll and
These are networking DLLs. A program that access either of these most likely connects to a network or performs network-related tasks,
Wininet.dllThis DLL contains higher-level networking functions that implement protocols such as FTP, HTTP, and NTP.

No comments:

Post a Comment