Here are some hooked functions you may use that will indirectly allocate memory using LocalAlloc or GlobalAlloc
Functions using LocalAlloc
These functions use LocalAlloc() to allocate memory which must be freed with LocalFree():
•GetExplicitEntriesFromAclA •GetExplicitEntriesFromAclW •SetEntriesInAclA •SetEntriesInAclW
•BuildSecurityDescriptorA •BuildSecurityDescriptorW •LookupSecurityDescriptorPartsA •LookupSecurityDescriptorPartsW
•GetSecurityInfo •GetNamedSecurityInfo
|
•ConvertStringSidToSidA •ConvertStringSidToSidW •ConvertSidToStringSidA •ConvertSidToStringSidW
•ConvertStringSecurityDescriptorToSecurityDescriptorA •ConvertStringSecurityDescriptorToSecurityDescriptorW •ConvertSecurityDescriptorToStringSecurityDescriptorA •ConvertSecurityDescriptorToStringSecurityDescriptorW |
|
•FormatMessageA •FormatMessageW
•GetQueuedCompletionStatus |
|
|
|
•CryptDecodeObjectEx •CryptEncodeObjectEx
•CryptGetKeyIdentifierProperty
•CryptUnprotectData |
|
|
|
•SetupGetFileCompressionInfoA •SetupGetFileCompressionInfoW |
|
|
|
•ResUtilDupString
•ResUtilExpandEnvironmentStrings
•ResUtilFindBinaryProperty •ResUtilFindMultiSzProperty •ResUtilFindSzProperty •ResUtilFindExpandSzProperty •ResUtilFindExpandedSzProperty |
•ResUtilGetBinaryValue •ResUtilGetMultiSzValue •ResUtilGetSzValue •ResUtilGetExpandSzValue
•ResUtilSetBinaryValue •ResUtilSetMultiSzValue •ResUtilSetSzValue •ResUtilSetExpandSzValue |
|
Functions using GlobalAlloc
These functions use GlobalAlloc() to allocate memory which must be freed with GlobalFree().
•CMCreateDeviceLinkProfile
•CMCreateProfileA •CMCreateProfileW |
|
|
|
•CreateDeviceLinkProfile
•CreateProfileFromLogColorSpace |
|
|
|
