Extending applications using an advanced approach to DLL injection and API hooking

Authors:
J. Berdajs;Z. Bosnić
Affiliations:
Faculty of Computer and Information Science, University of Ljubljana, Tržaška cesta 25, 1000 Ljubljana, Slovenia;Faculty of Computer and Information Science, University of Ljubljana, Tržaška cesta 25, 1000 Ljubljana, Slovenia
Venue:
Software—Practice & Experience
Year:
2010

Citing 9
Cited 1

Windows NT/2000 Native API Reference

Windows NT/2000 Native API Reference
Writing Secure Code

Writing Secure Code
A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Toward Automated Dynamic Malware Analysis Using CWSandbox

IEEE Security and Privacy
Secure mobile code execution service

LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Detours: binary interception of Win32 functions

WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Detection of DLL Inserted by Windows Malicious Code

ICCIT '07 Proceedings of the 2007 International Conference on Convergence Information Technology
Signature Generation and Detection of Malware Families

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
API monitoring system for defeating worms and exploits in MS-Windows system

ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy

A generic framework for data acquisition and transmission

Advances in Engineering Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

When programmers need to modify third-party applications, they frequently do not have access to their source code. In such cases, DLL injection and API hooking are techniques that can be used to modify applications without intervening into their source code. The commonly used varieties of injection and hooking approaches have many practical limitations: they are inconvenient for a programmer to implement, do not work reliably in conjunction with all applications and with certain low-level machine instructions. In this paper we present two novel approaches to DLL injection and API hooking, which we call Debugger-aided DLL injection and Single Instruction Hooking. Our approaches overcome the limitations of the state-of-the art approaches. Despite incurring greater execution times, our approach allows extending of the applications in situations where the comparable approaches fail. As such, it has a notable practical value for beneficial practical applications of injection and hooking approaches, which are present in malware detection programs and computer security tools. Copyright © 2010 John Wiley & Sons, Ltd.