Potential tricks using new(?) APIs

September 6, 2019 in Anti-*

Every once in a while I go on a hunt for new APIs. This is an impossible task, because I often discover APIs that are 10 years old, but I have never heard of them. Windows APIs are a bit of an art, a bit of a madness.

I recently came across a description of the SleepConditionVariableCS API. Same goes with SleepConditionVariableSRW. Since both of them have a ‘Sleep’ in name, I theorize that they could be used to bypass some of the sandboxes that hook many common ‘Sleeping’ APIs and modify values passed to them ‘on the fly’, to speed up the analysis.

Comments are closed.