Skip to content

Latest commit

 

History

History
73 lines (62 loc) · 3.25 KB

README.md

File metadata and controls

73 lines (62 loc) · 3.25 KB

Windows API and Syscalls categories

Classification of Windows API (WinAPI) functions and system calls (syscalls), including the Native API (NTAPI), according to their category. Presented in JSON format for you research and automation needs.

In this repo, we use the terms Windows API or WinAPI to refer to what was (and still is nowadays) widely known as Win32 API, as recommended by Microsoft:

Note that this was formerly called the Win32 API. The name Windows API more accurately reflects its roots in 16-bit Windows and its support on 64-bit Windows

The main files of this repository are:

Usage

The JSON file comprising all MSDN API calls is already provided with the repo (winapi_categories.json).

The utilities folder contains several scripts used to create and modify the collection of WinAPI functions and syscalls.

If you need to re-create the repository from Vadim's original repo, you can do it like so:
python3 generate_api_json.py ../winapi-json/api_by_category
or just
./generate_api_json.py ../winapi-json/api_by_category
where /winapi/api_by_category is the directory created after cloning the (original) aforementioned repo.

Structure

The resulting JSON file has the following structure. The dict structure was chosen with Python optimization in mind. Feel free to change it according to your needs:

{
	'API_name':{
		'category':'cat',
		'dll':'dll',
		'header':'header',
		'return_type':'type',
		'n_arguments':INT,
		'arguments':[{
			'in_out':'in_out',
			'type':'type',
			'name':'arg_name',
			'description':'descr',
			},
			{...},
			{...}]
	}
}

ATTENTION!: Only API_NAME and category are guaranteed to be present in the dict (winapi_categories.json file). If you find any incorrect, malformed or just missing entry, feel free (you are more than welcome to) to contribute to the project!

Authors

Razvan Raducu
Ricardo J. Rodríguez
Pedro Álvarez

Caveats

If you see several \t\t\t in certain description fields, just ignore them or .strip() it when parsing. That's because the original repo also contains them.

Acknowledgments

This repo is based on winapi-json.

TODO

Pending entries to review, fulfill or fix:

MoveFileWithProgressTransacted
GlobalCompact
GlobalFix
GlobalUnfix
_hread
_hwrite
IsBadHugeReadPtr
IsBadHugeWritePtr
StgOpenAsyncDocfileOnIFillLockBytes
SetWindowWord
malloc
URLDownloadToFile