Click here to Skip to main content
12,239,778 members (67,562 online)
Rate this:
 
Please Sign up or sign in to vote.
See more: C++ C C#
Hi

I am looking for a step by step guide to extract the API calls made by some specific application (I want to this to malware) so that I can store those API calls later in somewhere like a database.

I need this information to make a fuzzy set (Fuzzy Logic in AI) to do this:

I test a limited 800 malwares.
I extract the API calls and keep them somewhere.
Now I have a new untested malware.
I extract the API calls. --->
if more than 20% of the extracted API calls by that malware matches with those in the database then the file is Risky (based on fuzzy logic)
This mechanism is based on guessing so it must NOT be 100% accurate.

Please if you can help give me some guides, I'm not looking for any source code.

If the information I provided is not clear enough please let me know in comment to improve it.
Posted 11-Feb-13 1:50am

1 solution

Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

If you want to build an API interception framework then you need to look at the work of John Robbins, of WinDbg fame and also at how to Hook APIs which is covered by a number of Code Project articles. There's no fool proof way to do this though because whatever technique you use the Malware can use the same technique to place itself after you in the Hook chain or intercept your interception and remain undetected. In principle if you could do it you'd probably need something as sophisticated as a Hidden Markov Model or a back propogation neural network to detect any difference between the API calls of a legitimate application, malware and somebody else's malware detector and by the time you detected it the calls would be made so it might well be too late. If you really want to do this for sure then you might need to run the malware on a VM with an entirely fake API and your own kernel, a truly monumental task.
Good luck.
  Permalink  
Comments
Jackson Mackson 11-Feb-13 7:30am
   
"John Robbins, of WinDbg fame and also at how to Hook APIs which is covered by a number of Code Project articles." I think you misunderstood, I'm looking for a guide which is specialized in writing a program in c++ or c# which can run a malware in a virtual environment and the extract its called APIs. I'd like to write an stand alone application. And this is gonna be a bachelor FYP project so I don't really care about the accuracy, implementing the idea will be marked. So if you know any guide I would appreciate if you let me know. What you mentioned is relevant but it is not what I'm looking for, I need something very specific, I searched MSDN but I couldn't find anything.
Jackson Mackson 11-Feb-13 7:32am
   
Something that covers everything from very very basic issues to advanced ones
Matthew Faithfull 11-Feb-13 7:49am
   
I see, you know what you need and what to research for and even approximately how to do it with a virtualised environment but what you're looking for is someone who's done it before and knows where all the pitfalls are. A wise thing to look for and you're probably looking in the right place on CP but I'm not your man.
Jackson Mackson 11-Feb-13 7:53am
   
Thanks Matt anyway :)

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy | Mobile
Web02 | 2.8.160426.1 | Last Updated 11 Feb 2013
Copyright © CodeProject, 1999-2016
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100