-
Notifications
You must be signed in to change notification settings - Fork 159
/
capture-webcam-image.yml
47 lines (47 loc) · 1.2 KB
/
capture-webcam-image.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
rule:
meta:
name: capture webcam image
namespace: collection/webcam
authors:
- johnk3r
scopes:
static: function
dynamic: thread
att&ck:
- Collection::Video Capture [T1125]
examples:
- a30101595f6f28ab2f4b0b2cd177c3c4d2ab34a355ab7761a3795d0887c24ada:0x4011C0
features:
- or:
# static
- and:
- api: capCreateCaptureWindow
- basic block:
- and:
- api: SendMessage
- number: 0x40a = WM_CAP_DRIVER_CONNECT
- optional:
- basic block:
- and:
- api: SendMessage
- number: 0x40B = WM_CAP_DRIVER_DISCONNECT
- basic block:
- and:
- api: SendMessage
- number: 0x419 = WM_CAP_FILE_SAVEDIB
# dynamic
- and:
- api: capCreateCaptureWindow
- call:
- and:
- api: SendMessage
- number: 0x40a = WM_CAP_DRIVER_CONNECT
- optional:
- call:
- and:
- api: SendMessage
- number: 0x40B = WM_CAP_DRIVER_DISCONNECT
- call:
- and:
- api: SendMessage
- number: 0x419 = WM_CAP_FILE_SAVEDIB