ApiCall
Returns information about API calls.
Property |
Type |
Description |
Example |
|---|---|---|---|
ApiName |
Name of the API called by the process |
Supported values are: •0—SetWinEventHook •1—SetWindowsHookEx •2—RegisterRawInputDevices •3—GetAsyncKeyState •4—UiLimitWriteClipboard •5—UiWriteClipboard •6—CredEnumerate •7—CredReadDomainCredentials •8—CredFindBestCredential •9—CredBackupCredentials •10—CredRead •11—CredReadByTokenHandle •12—VaultEnumerateCredentials •21845—RawSocketCreated1 •21846—SocketFilterAttached1 |
1 Linux only
Example
<operations> <operation type="SystemApiCall"> <condition component="ApiCall" property="ApiName" condition="is" value="RegisterRawInputDevices"/> </operation> </operations> |
Supported operations
•SystemApiCall