An API for API Hookers: Taking A Closer Look At Malware

A session at 4th Annual Open Source Digital Forensics Conference & Workshops

  • Stuart Maclean

Tuesday 5th November, 2013

1:00pm to 1:35pm (EST)

A method for automated hook function generation is described. Hook functions are used by programs to instrument and monitor other programs. User-space hooking is employed to study malicious software. The malware is executed in a sandbox environment and its actions recorded as it calls functions from system libraries. The method as presented solves, at least partially, the problem of writing individual hook functions for the hundreds or possibly thousands of entry points into a system library, e.g. the Win32 API.

About the speaker

This person is speaking at this event.
Stuart Maclean

Next session in Track 2

1:40pm MASTIFF: Automated Static Analysis Framework by Tyler Hudak

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 1:00pm1:35pm EST

Date Tue 5th November 2013

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session