zelos.triggers module¶
-
class
zelos.triggers.Trigger(name, details, tags)¶ Bases:
objectTriggers represent an action taken by a binary that is worth recording.
-
add_occurrence(details)¶
-
clear_details()¶
-
-
class
zelos.triggers.TableTrigger(name, details, column_names, tags)¶ Bases:
zelos.triggers.Trigger
-
class
zelos.triggers.Triggers(z)¶ Bases:
objectManages triggers that are given to the Reporter for the purpose of Report Generation
-
update_trigger(name, details, grouping='Misc', tags=[])¶
-
trigger(name, details=None, tags=None, rule_type=<RuleType.NORMAL: 1>, type_info=None, grouping='Misc')¶ Register a rule which has been triggered.
-
tr_read_peb(eip)¶
-
tr_read_peb_ldr(eip)¶
-
tr_contacts_domain(domain_name, method_name)¶
-
tr_contacts_many_domains(domains)¶
-
tr_contacts_malicious_domain(domain_name, method_name)¶
-
tr_create_process(name_of_remote_process, address)¶
-
tr_create_thread(thread_address, thread_name)¶
-
tr_gets_processes(details)¶
-
tr_process_injection(details)¶
-
tr_process_write(base_address, data_len, process_name, dll_region_name=None)¶
-
tr_registry_key_open(key_name, sub_key_name, perm)¶
-
tr_registry_key_read(key_name, perm)¶
-
tr_registry_create_key(key_name)¶
-
tr_registry_key_value_write(key_name, value_name, value_data)¶
-
tr_registry_key_value_read(key_name, value_name)¶
-
tr_file_check(filename)¶
-
tr_file_open(filename)¶
-
tr_file_read()¶
-
tr_file_write(file_name, data)¶
-
tr_reached_entrypoint(address)¶
-
tr_load_library(module_name)¶
-
tr_mutex_open(mutex_name)¶
-
tr_mutex_create(mutex_name)¶
-
tr_call_crypto_func(func_name)¶
-
tr_sleep(time_slept_in_ms, address)¶
-
tr_rdtsc(address)¶
-
tr_call_syscall(syscall_name)¶
-
tr_syscall(thread, name, args, retval)¶
-
tr_api(thread, name, args, retval, simulated)¶
-
tr_unpacked_code_execution(region)¶
-
tr_rpc(interface, server_name)¶
-