Windows NT/2000 Native API Reference
Windows NT/2000 Native API Reference
Writing Secure Code
A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Secure mobile code execution service
LISA '06 Proceedings of the 20th conference on Large Installation System Administration
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Detection of DLL Inserted by Windows Malicious Code
ICCIT '07 Proceedings of the 2007 International Conference on Convergence Information Technology
Signature Generation and Detection of Malware Families
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
API monitoring system for defeating worms and exploits in MS-Windows system
ACISP'06 Proceedings of the 11th Australasian conference on Information Security and Privacy
A generic framework for data acquisition and transmission
Advances in Engineering Software
Hi-index | 0.00 |
When programmers need to modify third-party applications, they frequently do not have access to their source code. In such cases, DLL injection and API hooking are techniques that can be used to modify applications without intervening into their source code. The commonly used varieties of injection and hooking approaches have many practical limitations: they are inconvenient for a programmer to implement, do not work reliably in conjunction with all applications and with certain low-level machine instructions. In this paper we present two novel approaches to DLL injection and API hooking, which we call Debugger-aided DLL injection and Single Instruction Hooking. Our approaches overcome the limitations of the state-of-the art approaches. Despite incurring greater execution times, our approach allows extending of the applications in situations where the comparable approaches fail. As such, it has a notable practical value for beneficial practical applications of injection and hooking approaches, which are present in malware detection programs and computer security tools. Copyright © 2010 John Wiley & Sons, Ltd.