simpliFiRE.IDAscope / idascope / data / semantics.json

Diff from to

idascope/data/semantics.json

 {
     "author": "Alex Hanel",
     "creation_date": "29.06.2012",
+    "name": "win-ring3",
     "reference": "http://hooked-on-mnemonics.blogspot.de/2012/06/automated-generic-function-naming-in.html",
     "comment": "Original API/tag collection by Alex Hanel. Extended by Daniel Plohmann with semantic coloring. Color groups: sysinfo/registry (red), networking (blue), file access (orange), crypto (green), execution (violet), memory access (yellow).",
     "renaming_seperator": "_",
     "default_neutral_color": "0xCCCCCC",
     "default_base_color": "0xB3DfFF",
     "default_highlight_color": "0x33A7FF",
+    "semantic_groups": [{
+        "name": "CFG",
+        "base_color": "0xB3B3FF",
+        "highlight_color": "0x333377"
+    }, {
+        "name": "FILE",
+        "base_color": "0xB3DFFF",
+        "highlight_color": "0x33A7FF"
+    }, {
+        "name": "MEM",
+        "base_color": "0xB3FFFF",
+        "highlight_color": "0x33FFFF"
+    }, {
+        "name": "CRYPT",
+        "base_color": "0x26BD32",
+        "highlight_color": "0x84BD89"
+    }, {
+        "name": "NET",
+        "base_color": "0xC1A687",
+        "highlight_color": "0xC17927"
+    }, {
+        "name": "EXEC",
+        "base_color": "0xB47E9E",
+        "highlight_color": "0xB4247A"
+    }],
     "semantic_definitions": [{
         "tag": "Reg",
-        "base_color": "0xB3B3FF",
-        "highlight_color": "0x333377",
+        "group": "CFG",
         "api_names": ["RegCloseKey", "RegConnectRegistryA", "RegConnectRegistryW", "RegCreateKeyA", "RegCreateKeyExA", "RegCreateKeyExW", "RegCreateKeyW", "RegDeleteKeyA", "RegDeleteKeyW", "RegDeleteValueA", "RegDeleteValueW", "RegDisablePredefinedCache", "RegDisablePredefinedCacheEx", "RegEnumKeyA", "RegEnumKeyExA", "RegEnumKeyExW", "RegEnumKeyW", "RegEnumValueA", "RegEnumValueW", "RegFlushKey", "RegGetKeySecurity", "RegLoadKeyA", "RegLoadKeyW", "RegNotifyChangeKeyValue", "RegOpenCurrentUser", "RegOpenKeyA", "RegOpenKeyExA", "RegOpenKeyExW", "RegOpenKeyW", "RegOpenUserClassesRoot", "RegOverridePredefKey", "RegQueryInfoKeyA", "RegQueryInfoKeyW", "RegQueryMultipleValuesA", "RegQueryMultipleValuesW", "RegQueryValueA", "RegQueryValueExA", "RegQueryValueExW", "RegQueryValueW", "RegReplaceKeyA", "RegReplaceKeyW", "RegRestoreKeyA", "RegRestoreKeyW", "RegSaveKeyA", "RegSaveKeyExA", "RegSaveKeyExW", "RegSaveKeyW", "RegSetKeySecurity", "RegSetValueA", "RegSetValueExA", "RegSetValueExW", "RegSetValueW", "RegUnLoadKeyA", "RegUnLoadKeyW", "SHDeleteEmptyKeyA", "SHDeleteEmptyKeyW", "SHDeleteKeyA", "SHDeleteKeyW", "SHOpenRegStream2A", "SHOpenRegStream2W", "SHOpenRegStreamA", "SHOpenRegStreamW", "SHQueryInfoKeyA", "SHQueryInfoKeyW", "SHQueryValueExA", "SHQueryValueExW", "SHRegCloseUSKey", "SHRegCreateUSKeyA", "SHRegCreateUSKeyW", "SHRegDeleteEmptyUSKeyA", "SHRegDeleteEmptyUSKeyW", "SHRegDeleteUSValueA", "SHRegDeleteUSValueW", "SHRegDuplicateHKey", "SHRegEnumUSKeyA", "SHRegEnumUSKeyW", "SHRegEnumUSValueA", "SHRegEnumUSValueW", "SHRegGetBoolUSValueA", "SHRegGetBoolUSValueW", "SHRegGetPathA", "SHRegGetPathW", "SHRegGetUSValueA", "SHRegGetUSValueW", "SHRegGetValueA", "SHRegGetValueW", "SHRegOpenUSKeyA", "SHRegOpenUSKeyW", "SHRegQueryInfoUSKeyA", "SHRegQueryInfoUSKeyW", "SHRegQueryUSValueA", "SHRegQueryUSValueW", "SHRegSetPathA", "SHRegSetPathW", "SHRegSetUSValueA", "SHRegSetUSValueW", "SHRegWriteUSValueA", "SHRegWriteUSValueW", "SHDeleteOrphanKeyA", "SHDeleteOrphanKeyW", "SHDeleteValueA", "SHDeleteValueW", "SHEnumKeyExA", "SHEnumKeyExW", "SHEnumValueA", "SHEnumValueW", "SHGetValueA", "SHGetValueW", "SHOpenRegStream2A", "SHOpenRegStream2W", "SHOpenRegStreamA", "SHOpenRegStreamW", "SHQueryInfoKeyA", "SHQueryInfoKeyW", "SHQueryValueExA", "SHQueryValueExW", "SHRegCloseUSKey", "SHRegCreateUSKeyA", "SHRegCreateUSKeyW", "SHRegDeleteEmptyUSKeyA", "SHRegDeleteEmptyUSKeyW", "SHRegDeleteUSValueA", "SHRegDeleteUSValueW", "SHRegDuplicateHKey", "SHRegEnumUSKeyA", "SHRegEnumUSKeyW", "SHRegEnumUSValueA", "SHRegEnumUSValueW", "SHRegGetBoolUSValueA", "SHRegGetBoolUSValueW", "SHRegGetPathA", "SHRegGetPathW", "SHRegGetUSValueA", "SHRegGetUSValueW", "SHRegGetValueA", "SHRegGetValueW", "SHRegOpenUSKeyA", "SHRegOpenUSKeyW", "SHRegQueryInfoUSKeyA", "SHRegQueryInfoUSKeyW", "SHRegQueryUSValueA", "SHRegQueryUSValueW", "SHRegSetPathA", "SHRegSetPathW", "SHRegSetUSValueA", "SHRegSetUSValueW", "SHRegWriteUSValueA", "SHRegWriteUSValueW"]
     }, {
         "tag": "Ws2",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["FreeAddrInfoW", "GetAddrInfoW", "GetNameInfoW", "WEP", "WPUCompleteOverlappedRequest", "WSAAccept", "WSAAddressToStringA", "WSAAddressToStringW", "WSAAsyncGetHostByAddr", "WSAAsyncGetHostByName", "WSAAsyncGetProtoByName", "WSAAsyncGetProtoByNumber", "WSAAsyncGetServByName", "WSAAsyncGetServByPort", "WSAAsyncSelect", "WSACancelAsyncRequest", "WSACancelBlockingCall", "WSACleanup", "WSACloseEvent", "WSAConnect", "WSACreateEvent", "WSADuplicateSocketA", "WSADuplicateSocketW", "WSAEnumNameSpaceProvidersA", "WSAEnumNameSpaceProvidersW", "WSAEnumNetworkEvents", "WSAEnumProtocolsA", "WSAEnumProtocolsW", "WSAEventSelect", "WSAGetLastError", "WSAGetOverlappedResult", "WSAGetQOSByName", "WSAGetServiceClassInfoA", "WSAGetServiceClassInfoW", "WSAGetServiceClassNameByClassIdA", "WSAGetServiceClassNameByClassIdW", "WSAHtonl", "WSAHtons", "WSAInstallServiceClassA", "WSAInstallServiceClassW", "WSAIoctl", "WSAIsBlocking", "WSAJoinLeaf", "WSALookupServiceBeginA", "WSALookupServiceBeginW", "WSALookupServiceEnd", "WSALookupServiceNextA", "WSALookupServiceNextW", "WSANSPIoctl", "WSANtohl", "WSANtohs", "WSAProviderConfigChange", "WSARecv", "WSARecvDisconnect", "WSARecvFrom", "WSARemoveServiceClass", "WSAResetEvent", "WSASend", "WSASendDisconnect", "WSASendTo", "WSASetBlockingHook", "WSASetEvent", "WSASetLastError", "WSASetServiceA", "WSASetServiceW", "WSASocketA", "WSASocketW", "WSAStartup", "WSAStringToAddressA", "WSAStringToAddressW", "WSAUnhookBlockingHook", "WSAWaitForMultipleEvents", "WSApSetPostRoutine", "WSCDeinstallProvider", "WSCEnableNSProvider", "WSCEnumProtocols", "WSCGetProviderPath", "WSCInstallNameSpace", "WSCInstallProvider", "WSCUnInstallNameSpace", "WSCUpdateProvider", "WSCWriteNameSpaceOrder", "WSCWriteProviderOrder", "__WSAFDIsSet", "accept", "bind", "closesocket", "connect", "freeaddrinfo", "getaddrinfo", "gethostbyaddr", "gethostbyname", "gethostname", "getnameinfo", "getpeername", "getprotobyname", "getprotobynumber", "getservbyname", "getservbyport", "getsockname", "getsockopt", "htonl", "htons", "inet_addr", "inet_ntoa", "ioctlsocket", "listen", "ntohl", "ntohs", "recv", "recvfrom", "select", "send", "sendto", "setsockopt", "shutdown", "socket"]
     }, {
         "tag": "WINet",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["CreateMD5SSOHash", "DetectAutoProxyUrl", "DllInstall", "ForceNexusLookup", "ForceNexusLookupExW", "InternetAlgIdToStringA", "InternetAlgIdToStringW", "InternetAttemptConnect", "InternetAutodial", "InternetAutodialCallback", "InternetAutodialHangup", "InternetCanonicalizeUrlA", "InternetCanonicalizeUrlW", "InternetCheckConnectionA", "InternetCheckConnectionW", "InternetClearAllPerSiteCookieDecisions", "InternetCloseHandle", "InternetCombineUrlA", "InternetCombineUrlW", "InternetConfirmZoneCrossing", "InternetConfirmZoneCrossingA", "InternetConfirmZoneCrossingW", "InternetConnectA", "InternetConnectW", "InternetCrackUrlA", "InternetCrackUrlW", "InternetCreateUrlA", "InternetCreateUrlW", "InternetDial", "InternetDialA", "InternetDialW", "InternetEnumPerSiteCookieDecisionA", "InternetEnumPerSiteCookieDecisionW", "InternetErrorDlg", "InternetFindNextFileA", "InternetFindNextFileW", "InternetFortezzaCommand", "InternetGetCertByURL", "InternetGetCertByURLA", "InternetGetConnectedState", "InternetGetConnectedStateEx", "InternetGetConnectedStateExA", "InternetGetConnectedStateExW", "InternetGetCookieA", "InternetGetCookieExA", "InternetGetCookieExW", "InternetGetCookieW", "InternetGetLastResponseInfoA", "InternetGetLastResponseInfoW", "InternetGetPerSiteCookieDecisionA", "InternetGetPerSiteCookieDecisionW", "InternetGoOnline", "InternetGoOnlineA", "InternetGoOnlineW", "InternetHangUp", "InternetInitializeAutoProxyDll", "InternetLockRequestFile", "InternetOpenA", "InternetOpenUrlA", "InternetOpenUrlW", "InternetOpenW", "InternetQueryDataAvailable", "InternetQueryFortezzaStatus", "InternetQueryOptionA", "InternetQueryOptionW", "InternetReadFile", "InternetReadFileExA", "InternetReadFileExW", "InternetSecurityProtocolToStringA", "InternetSecurityProtocolToStringW", "InternetSetCookieA", "InternetSetCookieExA", "InternetSetCookieExW", "InternetSetCookieW", "InternetSetDialState", "InternetSetDialStateA", "InternetSetDialStateW", "InternetSetFilePointer", "InternetSetOptionA", "InternetSetOptionExA", "InternetSetOptionExW", "InternetSetOptionW", "InternetSetPerSiteCookieDecisionA", "InternetSetPerSiteCookieDecisionW", "InternetSetStatusCallback", "InternetSetStatusCallbackA", "InternetSetStatusCallbackW", "InternetShowSecurityInfoByURL", "InternetShowSecurityInfoByURLA", "InternetShowSecurityInfoByURLW", "InternetTimeFromSystemTime", "InternetTimeFromSystemTimeA", "InternetTimeFromSystemTimeW", "InternetTimeToSystemTime", "InternetTimeToSystemTimeA", "InternetTimeToSystemTimeW", "InternetUnlockRequestFile", "InternetWriteFile", "InternetWriteFileExA", "InternetWriteFileExW", "IsHostInProxyBypassList", "ParseX509EncodedCertificateForListBoxEntry", "PrivacyGetZonePreferenceW", "PrivacySetZonePreferenceW", "ResumeSuspendedDownload", "ShowCertificate", "ShowClientAuthCerts", "ShowSecurityInfo", "ShowX509EncodedCertificate", "UrlZonesDetach", "_GetFileExtensionFromUrl"]
     }, {
         "tag": "Cach",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["CommitUrlCacheEntryA", "CommitUrlCacheEntryW", "CreateUrlCacheContainerA", "CreateUrlCacheContainerW", "CreateUrlCacheEntryA", "CreateUrlCacheEntryW", "CreateUrlCacheGroup", "DeleteIE3Cache", "DeleteUrlCacheContainerA", "DeleteUrlCacheContainerW", "DeleteUrlCacheEntry", "DeleteUrlCacheEntryA", "DeleteUrlCacheEntryW", "DeleteUrlCacheGroup", "FindCloseUrlCache", "FindFirstUrlCacheContainerA", "FindFirstUrlCacheContainerW", "FindFirstUrlCacheEntryA", "FindFirstUrlCacheEntryExA", "FindFirstUrlCacheEntryExW", "FindFirstUrlCacheEntryW", "FindFirstUrlCacheGroup", "FindNextUrlCacheContainerA", "FindNextUrlCacheContainerW", "FindNextUrlCacheEntryA", "FindNextUrlCacheEntryExA", "FindNextUrlCacheEntryExW", "FindNextUrlCacheEntryW", "FindNextUrlCacheGroup", "FreeUrlCacheSpaceA", "FreeUrlCacheSpaceW", "GetUrlCacheConfigInfoA", "GetUrlCacheConfigInfoW", "GetUrlCacheEntryInfoA", "GetUrlCacheEntryInfoExA", "GetUrlCacheEntryInfoExW", "GetUrlCacheEntryInfoW", "GetUrlCacheGroupAttributeA", "GetUrlCacheGroupAttributeW", "GetUrlCacheHeaderData", "IncrementUrlCacheHeaderData", "IsUrlCacheEntryExpiredA", "IsUrlCacheEntryExpiredW", "LoadUrlCacheContent", "ReadUrlCacheEntryStream", "RegisterUrlCacheNotification", "RetrieveUrlCacheEntryFileA", "RetrieveUrlCacheEntryFileW", "RetrieveUrlCacheEntryStreamA", "RetrieveUrlCacheEntryStreamW", "RunOnceUrlCache", "SetUrlCacheConfigInfoA", "SetUrlCacheConfigInfoW", "SetUrlCacheEntryGroup", "SetUrlCacheEntryGroupA", "SetUrlCacheEntryGroupW", "SetUrlCacheEntryInfoA", "SetUrlCacheEntryInfoW", "SetUrlCacheGroupAttributeA", "SetUrlCacheGroupAttributeW", "SetUrlCacheHeaderData", "UnlockUrlCacheEntryFile", "UnlockUrlCacheEntryFileA", "UnlockUrlCacheEntryFileW", "UnlockUrlCacheEntryStream", "UpdateUrlCacheContentPath"]
     }, {
         "tag": "Ftp",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["FtpCommandA", "FtpCommandW", "FtpCreateDirectoryA", "FtpCreateDirectoryW", "FtpDeleteFileA", "FtpDeleteFileW", "FtpFindFirstFileA", "FtpFindFirstFileW", "FtpGetCurrentDirectoryA", "FtpGetCurrentDirectoryW", "FtpGetFileA", "FtpGetFileEx", "FtpGetFileSize", "FtpGetFileW", "FtpOpenFileA", "FtpOpenFileW", "FtpPutFileA", "FtpPutFileEx", "FtpPutFileW", "FtpRemoveDirectoryA", "FtpRemoveDirectoryW", "FtpRenameFileA", "FtpRenameFileW", "FtpSetCurrentDirectoryA", "FtpSetCurrentDirectoryW"]
     }, {
         "tag": "Gopher",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["GopherCreateLocatorA", "GopherCreateLocatorW", "GopherFindFirstFileA", "GopherFindFirstFileW", "GopherGetAttributeA", "GopherGetAttributeW", "GopherGetLocatorTypeA", "GopherGetLocatorTypeW", "GopherOpenFileA", "GopherOpenFileW"]
     }, {
         "tag": "Url",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["UrlApplySchemeA", "UrlApplySchemeW", "UrlCanonicalizeA", "UrlCanonicalizeW", "UrlCombineA", "UrlCombineW", "UrlCompareA", "UrlCompareW", "UrlCreateFromPathA", "UrlCreateFromPathW", "UrlEscapeA", "UrlEscapeW", "UrlGetLocationA", "UrlGetLocationW", "UrlGetPartA", "UrlGetPartW", "UrlHashA", "UrlHashW", "UrlIsA", "UrlIsNoHistoryA", "UrlIsNoHistoryW", "UrlIsOpaqueA", "UrlIsOpaqueW", "UrlIsW", "UrlUnescapeA", "UrlUnescapeW"]
     }, {
         "tag": "Dir",
-        "base_color": "0xB3DfFF",
-        "highlight_color": "0x33A7FF",
+        "group": "FILE",
         "api_names": ["CreateDirectoryA", "CreateDirectoryExA", "CreateDirectoryExW", "CreateDirectoryW", "GetCurrentDirectoryA", "GetCurrentDirectoryW", "GetDllDirectoryA", "GetDllDirectoryW", "GetSystemDirectoryA", "GetSystemDirectoryW", "GetSystemWindowsDirectoryA", "GetSystemWindowsDirectoryW", "GetSystemWow64DirectoryA", "GetSystemWow64DirectoryW", "GetVDMCurrentDirectories", "GetWindowsDirectoryA", "GetWindowsDirectoryW", "ReadDirectoryChangesW", "RemoveDirectoryA", "RemoveDirectoryW", "SetCurrentDirectoryA", "SetCurrentDirectoryW", "SetDllDirectoryA", "SetDllDirectoryW", "SetVDMCurrentDirectories", "SHCreateDirectory", "SHCreateDirectoryExA", "SHCreateDirectoryExW"]
     }, {
         "tag": "Mutx",
-        "base_color": "0xB47E9E",
-        "highlight_color": "0xB4247A",
+        "group": "EXEC",
         "api_names": ["CreateMutexA", "CreateMutexW", "OpenMutexA", "OpenMutexW", "ReleaseMutex"]
     }, {
         "tag": "Pipe",
-        "base_color": "0xB3DfFF",
-        "highlight_color": "0x33A7FF",
+        "group": "FILE",
         "api_names": ["CallNamedPipeA", "CallNamedPipeW", "ConnectNamedPipe", "CreateNamedPipeA", "CreateNamedPipeW", "CreatePipe", "DisconnectNamedPipe", "GetNamedPipeHandleStateA", "GetNamedPipeHandleStateW", "GetNamedPipeInfo", "PeekNamedPipe", "SetNamedPipeHandleState", "TransactNamedPipe", "WaitNamedPipeA", "WaitNamedPipeW"]
     }, {
         "tag": "Http",
-        "base_color": "0xC1A687",
-        "highlight_color": "0xC17927",
+        "group": "NET",
         "api_names": ["HttpAddRequestHeadersA", "HttpAddRequestHeadersW", "HttpCheckDavCompliance", "HttpEndRequestA", "HttpEndRequestW", "HttpOpenRequestA", "HttpOpenRequestW", "HttpQueryInfoA", "HttpQueryInfoW", "HttpSendRequestA", "HttpSendRequestExA", "HttpSendRequestExW", "HttpSendRequestW"]
     }, {
         "tag": "Enum",
-        "base_color": "0xB47E9E",
-        "highlight_color": "0xB4247A",
+        "group": "EXEC",
         "api_names": ["CreateToolhelp32Snapshot", "Process32First", "Process32FirstW", "Process32Next", "Process32NextW"]
     }, {
         "tag": "Hash",
-        "base_color": "0x26BD32",
-        "highlight_color": "0x84BD89",
+        "group": "CRYPT",
         "api_names": ["CryptCreateHash", "CryptDestroyHash", "CryptDuplicateHash", "CryptGetHashParam", "CryptHashData", "CryptHashSessionKey", "CryptSetHashParam", "CryptSignHashA", "CryptSignHashW", "FreeEncryptionCertificateHashList"]
     }, {
         "tag": "Crypt",
-        "base_color": "0x26BD32",
-        "highlight_color": "0x84BD89",
+        "group": "CRYPT",
         "api_names": ["CryptAcquireContextA", "CryptAcquireContextW", "CryptContextAddRef", "CryptDecrypt", "CryptDeriveKey", "CryptDestroyKey", "CryptDuplicateKey", "CryptEncrypt", "CryptEnumProviderTypesA", "CryptEnumProviderTypesW", "CryptEnumProvidersA", "CryptEnumProvidersW", "CryptExportKey", "CryptGenKey", "CryptGenRandom", "CryptGetDefaultProviderA", "CryptGetDefaultProviderW", "CryptGetKeyParam", "CryptGetProvParam", "CryptGetUserKey", "CryptImportKey", "CryptReleaseContext", "CryptSetKeyParam", "CryptSetProvParam", "CryptSetProviderA", "CryptSetProviderExA", "CryptSetProviderExW", "CryptSetProviderW", "CryptVerifySignatureA", "CryptVerifySignatureW", "DecryptFileA", "DecryptFileW", "EncryptFileA", "EncryptFileW", "EncryptedFileKeyInfo", "EncryptionDisable", "WriteEncryptedFileRaw", "OpenEncryptedFileRawA", "OpenEncryptedFileRawW", "DuplicateEncryptionInfoFile", "SetUserFileEncryptionKey", "ReadEncryptedFileRaw", "RemoveUsersFromEncryptedFile", "FileEncryptionStatusA", "FileEncryptionStatusW", "FreeEncryptedFileKeyInfo", "CloseEncryptedFileRaw", "AddUsersToEncryptedFile", "QueryRecoveryAgentsOnEncryptedFile", "QueryUsersOnEncryptedFile", "ChainWlxLogoffEvent", "CryptAcquireContextU", "CryptBinaryToStringA", "CryptBinaryToStringW", "CryptCloseAsyncHandle", "CryptCreateAsyncHandle", "CryptDecodeMessage", "CryptDecodeObject", "CryptDecodeObjectEx", "CryptDecryptAndVerifyMessageSignature", "CryptDecryptMessage", "CryptEncodeObject", "CryptEncodeObjectEx", "CryptEncryptMessage", "CryptEnumKeyIdentifierProperties", "CryptEnumOIDFunction", "CryptEnumOIDInfo", "CryptEnumProvidersU", "CryptExportPKCS8", "CryptExportPublicKeyInfo", "CryptExportPublicKeyInfoEx", "CryptFindLocalizedName", "CryptFindOIDInfo", "CryptFormatObject", "CryptFreeOIDFunctionAddress", "CryptGetAsyncParam", "CryptGetDefaultOIDDllList", "CryptGetDefaultOIDFunctionAddress", "CryptGetKeyIdentifierProperty", "CryptGetMessageCertificates", "CryptGetMessageSignerCount", "CryptGetOIDFunctionAddress", "CryptGetOIDFunctionValue", "CryptHashCertificate", "CryptHashMessage", "CryptHashPublicKeyInfo", "CryptHashToBeSigned", "CryptImportPKCS8", "CryptImportPublicKeyInfo", "CryptImportPublicKeyInfoEx", "CryptInitOIDFunctionSet", "CryptInstallDefaultContext", "CryptInstallOIDFunctionAddress", "CryptLoadSip", "CryptMemAlloc", "CryptMemFree", "CryptMemRealloc", "CryptMsgCalculateEncodedLength", "CryptMsgClose", "CryptMsgControl", "CryptMsgCountersign", "CryptMsgCountersignEncoded", "CryptMsgDuplicate", "CryptMsgEncodeAndSignCTL", "CryptMsgGetAndVerifySigner", "CryptMsgGetParam", "CryptMsgOpenToDecode", "CryptMsgOpenToEncode", "CryptMsgSignCTL", "CryptMsgUpdate", "CryptMsgVerifyCountersignatureEncoded", "CryptMsgVerifyCountersignatureEncodedEx", "CryptProtectData", "CryptQueryObject", "CryptRegisterDefaultOIDFunction", "CryptRegisterOIDFunction", "CryptRegisterOIDInfo", "CryptSIPAddProvider", "CryptSIPCreateIndirectData", "CryptSIPGetSignedDataMsg", "CryptSIPLoad", "CryptSIPPutSignedDataMsg", "CryptSIPRemoveProvider", "CryptSIPRemoveSignedDataMsg", "CryptSIPRetrieveSubjectGuid", "CryptSIPRetrieveSubjectGuidForCatalogFile", "CryptSIPVerifyIndirectData", "CryptSetAsyncParam", "CryptSetKeyIdentifierProperty", "CryptSetOIDFunctionValue", "CryptSetProviderU", "CryptSignAndEncodeCertificate", "CryptSignAndEncryptMessage", "CryptSignCertificate", "CryptSignHashU", "CryptSignMessage", "CryptSignMessageWithKey", "CryptStringToBinaryA", "CryptStringToBinaryW", "CryptUninstallDefaultContext", "CryptUnprotectData", "CryptUnregisterDefaultOIDFunction", "CryptUnregisterOIDFunction", "CryptUnregisterOIDInfo", "CryptVerifyCertificateSignature", "CryptVerifyCertificateSignatureEx", "CryptVerifyDetachedMessageHash", "CryptVerifyDetachedMessageSignature", "CryptVerifyMessageHash", "CryptVerifyMessageSignature", "CryptVerifyMessageSignatureWithKey", "CryptVerifySignatureU", "I_CertProtectFunction", "I_CertSrvProtectFunction", "I_CertSyncStore", "I_CertUpdateStore", "I_CryptAddRefLruEntry", "I_CryptAddSmartCardCertToStore", "I_CryptAllocTls", "I_CryptCreateLruCache", "I_CryptCreateLruEntry", "I_CryptDetachTls", "I_CryptDisableLruOfEntries", "I_CryptEnableLruOfEntries", "I_CryptEnumMatchingLruEntries", "I_CryptFindLruEntry", "I_CryptFindLruEntryData", "I_CryptFindSmartCardCertInStore", "I_CryptFlushLruCache", "I_CryptFreeLruCache", "I_CryptFreeTls", "I_CryptGetAsn1Decoder", "I_CryptGetAsn1Encoder", "I_CryptGetDefaultCryptProv", "I_CryptGetDefaultCryptProvForEncrypt", "I_CryptGetFileVersion", "I_CryptGetLruEntryData", "I_CryptGetLruEntryIdentifier", "I_CryptGetOssGlobal", "I_CryptGetTls", "I_CryptInsertLruEntry", "I_CryptInstallAsn1Module", "I_CryptInstallOssGlobal", "I_CryptReadTrustedPublisherDWORDValueFromRegistry", "I_CryptRegisterSmartCardStore", "I_CryptReleaseLruEntry", "I_CryptRemoveLruEntry", "I_CryptSetTls", "I_CryptTouchLruEntry", "I_CryptUninstallAsn1Module", "I_CryptUninstallOssGlobal", "I_CryptUnregisterSmartCardStore", "I_CryptWalkAllLruCacheEntries"]
     }, {
         "tag": "Serv",
-        "base_color": "0xB47E9E",
-        "highlight_color": "0xB4247A",
+        "group": "EXEC",
         "api_names": ["ChangeServiceConfig2A", "ChangeServiceConfig2W", "ChangeServiceConfigA", "ChangeServiceConfigW", "CloseServiceHandle", "ControlService", "CreateServiceA", "CreateServiceW", "DeleteService", "EnumDependentServicesA", "EnumDependentServicesW", "EnumServiceGroupW", "EnumServicesStatusA", "EnumServicesStatusExA", "EnumServicesStatusExW", "EnumServicesStatusW", "GetServiceDisplayNameA", "GetServiceDisplayNameW", "GetServiceKeyNameA", "GetServiceKeyNameW", "I_ScPnPGetServiceName", "I_ScSetServiceBitsA", "I_ScSetServiceBitsW", "LockServiceDatabase", "OpenServiceA", "OpenServiceW", "PrivilegedServiceAuditAlarmA", "PrivilegedServiceAuditAlarmW", "QueryServiceConfig2A", "QueryServiceConfig2W", "QueryServiceConfigA", "QueryServiceConfigW", "QueryServiceLockStatusA", "QueryServiceLockStatusW", "QueryServiceObjectSecurity", "QueryServiceStatus", "QueryServiceStatusEx", "RegisterServiceCtrlHandlerA", "RegisterServiceCtrlHandlerExA", "RegisterServiceCtrlHandlerExW", "RegisterServiceCtrlHandlerW", "SetServiceBits", "SetServiceObjectSecurity", "SetServiceStatus", "StartServiceA", "StartServiceCtrlDispatcherA", "StartServiceCtrlDispatcherW", "StartServiceW", "UnlockServiceDatabase", "WdmWmiServiceMain"]
     }, {
         "tag": "File",
-        "base_color": "0xB3DfFF",
-        "highlight_color": "0x33A7FF",
+        "group": "FILE",
         "api_names": ["CompareFileTime", "CopyFileA", "CopyFileExA", "CopyFileExW", "CopyFileW", "CopyLZFile", "CreateFileA", "CreateFileMappingA", "CreateFileMappingW", "CreateFileW", "DeleteFileA", "DeleteFileW", "DosDateTimeToFileTime", "FileTimeToDosDateTime", "FileTimeToLocalFileTime", "FileTimeToLocalFileTime", "FileTimeToSystemTime", "FlushFileBuffers", "FlushViewOfFile", "GetCPFileNameFromRegistry", "GetCompressedFileSizeA", "GetCompressedFileSizeW", "GetFileAttributesA", "GetFileAttributesExA", "GetFileAttributesExW", "GetFileAttributesW", "GetFileInformationByHandle", "GetFileSize", "GetFileSizeEx", "GetFileTime", "GetFileType", "GetSystemTimeAsFileTime", "GetTempFileNameA", "GetTempFileNameW", "LZCloseFile", "LZCreateFileW", "LZOpenFileA", "LZOpenFileW", "LocalFileTimeToFileTime", "LocalFileTimeToFileTime", "LockFile", "LockFileEx", "MapViewOfFile", "MapViewOfFileEx", "MoveFileA", "MoveFileExA", "MoveFileExW", "MoveFileW", "MoveFileWithProgressA", "MoveFileWithProgressW", "OpenDataFile", "OpenFile", "OpenFileMappingA", "OpenFileMappingW", "OpenProfileUserMapping", "PrivCopyFileExW", "PrivMoveFileIdentityW", "ReadFile", "ReadFileEx", "ReplaceFile", "ReplaceFileA", "ReplaceFileW", "SetEndOfFile", "SetFileAttributesA", "SetFileAttributesW", "SetFilePointer", "SetFilePointerEx", "SetFileShortNameA", "SetFileShortNameW", "SetFileTime", "SetFileValidData", "SystemTimeToFileTime", "UnlockFile", "UnlockFileEx", "UnmapViewOfFile", "WriteFile", "WriteFileEx", "WriteFileGather", "GetFileSecurityA", "GetFileSecurityW", "SetFileSecurityA", "SetFileSecurityW", "CreateFileU"]
     }, {
         "tag": "Info",
-        "base_color": "0xB3B3FF",
-        "highlight_color": "0x333377",
+        "group": "CFG",
         "api_names": ["GetComputerNameA", "GetComputerNameExA", "GetComputerNameExW", "GetComputerNameW", "GetDiskFreeSpaceA", "GetDiskFreeSpaceExA", "GetDiskFreeSpaceExW", "GetDiskFreeSpaceW", "GetDriveTypeA", "GetDriveTypeW", "GetVersion", "GetVersionExA", "GetVersionExW", "GetSystemInfo", "GetSystemMetrics", "CheckTokenMembership"]
     }, {
         "tag": "Cert",
-        "base_color": "0x26BD32",
-        "highlight_color": "0x84BD89",
+        "group": "CRYPT",
         "api_names": ["CertAddCRLContextToStore", "CertAddCRLLinkToStore", "CertAddCTLContextToStore", "CertAddCTLLinkToStore", "CertAddCertificateContextToStore", "CertAddCertificateLinkToStore", "CertAddEncodedCRLToStore", "CertAddEncodedCertificateToStore", "CertAddEncodedCertificateToSystemStoreA", "CertAddEncodedCertificateToSystemStoreW", "CertAddEnhancedKeyUsageIdentifier", "CertAddSerializedElementToStore", "CertAddStoreToCollection", "CertAlgIdToOID", "CertCloseStore", "CertCompareCertificate", "CertCompareCertificateName", "CertCompareIntegerBlob", "CertComparePublicKeyInfo", "CertControlStore", "CertCreateCTLContext", "CertCreateCTLEntryFromCertificateContextProperties", "CertCreateCertificateChainEngine", "CertCreateCertificateContext", "CertCreateContext", "CertCreateSelfSignCertificate", "CertDeleteCTLFromStore", "CertDeleteCertificateFromStore", "CertDuplicateCTLContext", "CertDuplicateCertificateChain", "CertDuplicateCertificateContext", "CertDuplicateStore", "CertEnumCRLContextProperties", "CertEnumCRLsInStore", "CertEnumCTLContextProperties", "CertEnumCTLsInStore", "CertEnumCertificateContextProperties", "CertEnumCertificatesInStore", "CertEnumPhysicalStore", "CertEnumSubjectInSortedCTL", "CertEnumSystemStore", "CertEnumSystemStoreLocation", "CertFindAttribute", "CertFindCRLInStore", "CertFindCertificateInCRL", "CertFindCertificateInStore", "CertFindChainInStore", "CertFindExtension", "CertFindRDNAttr", "CertFindSubjectInCTL", "CertFindSubjectInSortedCTL", "CertFreeCRLContext", "CertFreeCertificateChain", "CertFreeCertificateChainEngine", "CertFreeCertificateContext", "CertGetCRLContextProperty", "CertGetCRLFromStore", "CertGetCTLContextProperty", "CertGetCertificateChain", "CertGetCertificateContextProperty", "CertGetEnhancedKeyUsage", "CertGetIssuerCertificateFromStore", "CertGetNameStringA", "CertGetNameStringW", "CertGetPublicKeyLength", "CertGetStoreProperty", "CertGetSubjectCertificateFromStore", "CertGetValidUsages", "CertIsRDNAttrsInCertificateName", "CertIsValidCRLForCertificate", "CertNameToStrA", "CertNameToStrW", "CertOIDToAlgId", "CertOpenStore", "CertOpenSystemStoreA", "CertOpenSystemStoreW", "CertRDNValueToStrA", "CertRDNValueToStrW", "CertRegisterPhysicalStore", "CertRegisterSystemStore", "CertRemoveEnhancedKeyUsageIdentifier", "CertRemoveStoreFromCollection", "CertResyncCertificateChainEngine", "CertSaveStore", "CertSerializeCRLStoreElement", "CertSerializeCertificateStoreElement", "CertSetCRLContextProperty", "CertSetCertificateContextPropertiesFromCTLEntry", "CertSetCertificateContextProperty", "CertSetEnhancedKeyUsage", "CertSetStoreProperty", "CertStrToNameA", "CertStrToNameW", "CertUnregisterPhysicalStore", "CertUnregisterSystemStore", "CertVerifyCRLRevocation", "CertVerifyCRLTimeValidity", "CertVerifyCTLUsage", "CertVerifyCertificateChainPolicy", "CertVerifyCertificateChainPolicy", "CertVerifyRevocation", "CertVerifySubjectCertificateContext", "CertVerifyTimeValidity", "CertVerifyValidityNesting", "CloseCertPerformanceData", "CollectCertPerformanceData", "CryptAcquireCertificatePrivateKey", "CryptFindCertificateKeyProvInfo", "CryptGetMessageCertificates", "CryptHashCertificate", "CryptSignAndEncodeCertificate", "CryptSignCertificate", "CryptVerifyCertificateSignature", "CryptVerifyCertificateSignatureEx", "I_CertProtectFunction", "I_CertSrvProtectFunction", "I_CertSyncStore", "I_CertUpdateStore", "I_CryptAddSmartCardCertToStore", "I_CryptFindSmartCardCertInStore", "OpenCertPerformanceData", "PFXExportCertStore", "PFXExportCertStoreEx", "PFXImportCertStore"]
     }, {
         "tag": "FSear",
-        "base_color": "0xB3DfFF",
-        "highlight_color": "0x33A7FF",
+        "group": "FILE",
         "api_names": ["FindFirstFileW", "FindNextFileW", "FindClose"]
     }, {
         "tag": "Mod",
-        "base_color": "0xB3FFFF",
-        "highlight_color": "0x33FFFF",
+        "group": "MEM",
         "api_names": ["WriteProcessMemory", "ReadProcessMemory"]
     }, {
         "tag": "Virt",
-        "base_color": "0xB3FFFF",
-        "highlight_color": "0x33FFFF",
+        "group": "MEM",
         "api_names": ["VirtualAlloc", "VirtualAllocEx", "VirtualBufferExceptionHandler", "VirtualFree", "VirtualFreeEx", "VirtualLock", "VirtualProtect", "VirtualProtectEx", "VirtualQuery", "VirtualQueryEx", "VirtualUnlock"]
     }, {
         "tag": "CrSec",
-        "base_color": "0xB47E9E",
-        "highlight_color": "0xB4247A",
+        "group": "EXEC",
         "api_names": ["DeleteCriticalSection", "EnterCriticalSection", "InitializeCriticalSection", "InitializeCriticalSectionAndSpinCount", "LeaveCriticalSection", "SetCriticalSectionSpinCount", "TryEnterCriticalSection"]
     }, {
         "tag": "Proc",
-        "base_color": "0xB47E9E",
-        "highlight_color": "0xB4247A",
+        "group": "EXEC",
         "api_names": ["CreateProcessA", "CreateProcessW", "CreateThread", "CreateRemoteThread", "ShellExecute", "ShellExecuteEx"]
     }, {
         "tag": "Str",
-        "base_color": "0xB3FFFF",
-        "highlight_color": "0x33FFFF",
+        "group": "MEM",
         "api_names": ["sprintf", "strcat", "strcmp", "strncmp", "strcpy", "strncpy", "strstr"]
-    }
-    ]
+    }]
 }
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.