rule:
meta:
name: create device object
namespace: host-interaction/driver
authors:
- "@mr-tz"
scopes:
static: function
dynamic: thread
examples:
- Practical Malware Analysis Lab 10-03.sys_:0x00010706
features:
- and:
- api: IoCreateDevice
- optional:
- description: sets up a symbolic link between a device object name and a user-visible name for the device
- api: IoCreateSymbolicLink
last edited: 2023-11-24 10:34:28