Add new APIs about cuckoomon HOT 7 OPEN

Hi Raouf,

I don't actively maintain CuckooMon anymore, rather, in the next upcoming version of Cuckoo I'm going to integrate the new Monitor (https://github.com/jbremer/monitor). So it'd make more sense to add certain functions there.
Other than that, although I definitely like your request for new functions, your list kind of looks like a dump of an IAT of some sample - a bunch of functions are either already in the monitor (and cuckoomon, as well) or are arguably not that interesting.
So if you could take a few minutes to trim the list down then we can work from there (e.g., CreateProcessA is already being hooked as CreateProcessInternalW, CharUpperW sounds like it'd create a lot of garbage data, etc).
Unfortunately there's no list of all hooked functions in the new monitor, but you can browse through them here: https://github.com/jbremer/monitor/tree/master/sigs.

Thanks!

from cuckoomon.

Hi,

First thank's for reply;

In fact I have a master 2 project in which I have to build a classificaion model for malware detection. To build the model I have to monitor only a subset of 126 apis functions from cuckoo sandbox.

The problem is that I don't know exactly how to add apis.

-Then please could you simply explain me and show me just by ONE example for one function api(Let's say CharUpperW api fucntion) how add it STEP BY STEP; from zero to the last; all modification I have to do in all files...etc, in order to display finaly this api in the log file output by cuckoo sandbox.

from cuckoomon.

@jbremer when the new monitor will be add to cuckoo organization and replace to old monitor? Is https://github.com/jbremer/monitor the "main" repo for new monitor?

from cuckoomon.

@jhg For the 1.3 release, I guess. Yes, that's currently still the main repository.

from cuckoomon.

@jbremer thank you for info. And there is a date estimated for 1.3 release? New monitor will have hardening for don't need patch it?

from cuckoomon.

@jhg I'll try to do as much as possible. If you have 'hardening requests', please do let me know, though. Feel free to send me an email or leave a pull request for the new monitor.

from cuckoomon.

@jbremer I'm beginner in cuckoo, I don't know so cuckoo code as for write new feature still, when I learn more I would like leave pull request. Many books explain about hardening with pafish and editing hook_reg for a malware don't read reg keys about VirtualBox, VMware, etc; I think it is good for use in cuckoo by default, without modify the monitor.

from cuckoomon.