Information Technology Reference
In-Depth Information
Table 7.
Network resources enumeration via a Named Pipe
part of the
GSR
. A virus, looking for an IP on the network is by itself is a suspicious
activity that may or may not lead to a complete successful replication.
System Call Input Arguments
Output
Args
NtCreateFile
0xc0100080
24, 0, 40h, 0, 4060988,
"\??\UNC\134.11.4.132\PIPE\srvsvc",
0h, 0, 3, 1, 4194368, 0, 0
228,0h,
1
The sequence of events described above represents a perfect example of a well
bound structure where every system call produces a result that is vital for the
subsequent execution and such dependencies are very traceable. Therefore, such a
sequence can be syntactically described as part of replication and can form another
component of the
GSR
. Such a component is called
Pipe Enumeration Block
and is
connected to other blocks of the Gene right before the
File Access Block.
