This is a python script for Immunity debugger that sets breakpoints on “interesting” APIs.
Here is the list of APIs (in no particular order):
“ZwRaiseHardError”
“bind”
“listen”
“socket”
“DeviceIoControl”
“ZwCreateFile”
“ZwCreateSection”
“ZwQueryInformationFile”
“ZwQueryAttributesFile”
“ZwCreateUserProcess”
“ZwOpenKeyEx”
“ZwOpenKey”
“ResumeThread”
“CopyFileA”
“CopyFileExW”
“CopyFileW”
“CreateDirectoryA”
“CreateDirectoryW”
“CreateMutexA”
“CreateMutexW”
“CreateFileA”
“CreateFileW”
“CreateProcessA”
“CreateProcessW”
“CreateProcessInternalA”
“CreateRemoteThread”
“WinExec”
“OpenProcess”
“Sleep”
“IsDebuggerPresent”
“WriteProcessMemory”
“_write”
“ZwWriteFile”
“ZwWriteVirtualMemory”
“SetThreadContext”
“RegOpenKeyExA”
“SysFreeString”
“RtlFillMemory”
“InternetCrackUrlA”
“InternetConnectA”
“InternetOpenUrlA”
“InternetSetOptionW”
“HttpOpenRequestW”
“HttpSendRequestW”
“UrlDownloadToFileA”
“UrlDownloadToFileW”
“connect”
“send”
“__vbaFreeStr”
“__vbaFreeStrList”
“__vbaStrMove”
“__vbaStrCopy”
“__vbaStrCat”
The script is available on github.