1
00:00:00,510 --> 00:00:06,550
In this module, let's see what happens on the end user machine when a program is run.

2
00:00:08,490 --> 00:00:13,980
We can understand this in four layers, a user who uses the application.

3
00:00:15,290 --> 00:00:16,550
The application itself.

4
00:00:17,610 --> 00:00:25,140
And the application runs on a platform called Operating System, and finally the operating system runs

5
00:00:25,140 --> 00:00:26,330
on hardware.

6
00:00:27,930 --> 00:00:35,640
Usually a user uses an application like MS Word to document a report or Skype to communicate with their

7
00:00:35,640 --> 00:00:40,600
friends and family or an application like browser to surf the Internet.

8
00:00:41,730 --> 00:00:45,830
These application make use of building blocks in an operating system.

9
00:00:46,960 --> 00:00:52,920
The building blocks that help in storing files, playing games or music, etc..

10
00:00:54,130 --> 00:00:59,680
These building blocks interact with the hardware to give the desired output to the user.

11
00:01:00,580 --> 00:01:07,090
This building blocks provided by the operating system or police functions, usually these are present

12
00:01:07,090 --> 00:01:10,210
in c slash windows folder.

13
00:01:11,420 --> 00:01:13,010
Examples of function include.

14
00:01:14,020 --> 00:01:20,670
Get raw input data, which retrieves the raw input from the specified device.

15
00:01:22,050 --> 00:01:28,710
Send input, synthesize keystrokes, mouse motions and button clicks.

16
00:01:29,950 --> 00:01:34,240
Create file W create or open the file.

17
00:01:35,680 --> 00:01:40,480
reg delete value removes a named value from the specified registry key.

18
00:01:42,070 --> 00:01:48,310
There are thousands of functions available in Windows in order to help developers to quickly understand

19
00:01:48,640 --> 00:01:49,930
which function to use.

20
00:01:50,290 --> 00:01:54,460
These functions are grouped into categories called as libraries.

21
00:01:55,710 --> 00:01:59,070
Few of the important libraries in windows are mentioned here.

22
00:02:01,360 --> 00:02:06,880
An application developer makes use of libraries and functions to build the application.

23
00:02:09,700 --> 00:02:15,970
Highlighted in blue are the popular libraries provided by Windows operating system, the ones in yellow

24
00:02:15,970 --> 00:02:19,010
are the functions under each of the libraries.

25
00:02:19,870 --> 00:02:24,390
Take a moment to familiarize yourself with a few libraries and functions.

26
00:02:27,120 --> 00:02:31,260
At this point, you might be wondering, why should I know all these things?

27
00:02:32,730 --> 00:02:39,570
Knowing the libraries and functions used in a program gives us hints on the intention of the application.

28
00:02:41,140 --> 00:02:45,630
And it'll help us in terms of understanding what the application is trying to accomplish.

29
00:02:46,930 --> 00:02:54,760
For example, if a program uses W sock 32 dot pll  we can assume that the program is trying to use some

30
00:02:54,760 --> 00:02:58,120
network services like it is trying to send and receive data.

31
00:02:58,810 --> 00:03:03,440
Another example could be if our application uses ADV API 32 dot dll.

32
00:03:05,480 --> 00:03:11,770
It means the application either create or delete or modify the registry settings on the machine.

33
00:03:13,290 --> 00:03:20,370
All this information about the application come real handy during malware analysis as you will learn in the future modules.