Efficient debugging primitives for multiprocessors
ASPLOS III Proceedings of the third international conference on Architectural support for programming languages and operating systems
Fast breakpoints: design and implementation
PLDI '90 Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation
ATOM: a system for building customized program analysis tools
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
EEL: machine-independent executable editing
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
System support for automatic profiling and optimization
Proceedings of the sixteenth ACM symposium on Operating systems principles
Fine-grained dynamic instrumentation of commodity operating system kernels
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
The Coign automatic distributed partitioning system
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
DEBUG—an extension to current online debugging techniques
Communications of the ACM
Instrumentation and optimization of Win32/intel executables using Etch
NT'97 Proceedings of the USENIX Windows NT Workshop on The USENIX Windows NT Workshop 1997
Intercepting and instrumenting COM applications
COOTS'99 Proceedings of the 5th conference on USENIX Conference on Object-Oriented Technologies & Systems - Volume 5
High-performance distributed objects over system area networks
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Separating access control policy, enforcement, and functionality in extensible systems
ACM Transactions on Computer Systems (TOCS)
Transparent checkpointing and rollback recovery mechanism for Windows NT applications
ACM SIGOPS Operating Systems Review
A Framework for Automatic Adaptation of Tunable Distributed Applications
Cluster Computing
Oblivious Hashing: A Stealthy Software Integrity Verification Primitive
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
Supporting E-commerce in Wireless Networks
IMWS '01 Revised Papers from the NSF Workshop on Developing an Infrastructure for Mobile and Wireless Systems
Integrating and Reusing GUI-Driven Applications
ICSR-7 Proceedings of the 7th International Conference on Software Reuse: Methods, Techniques, and Tools
Web application security assessment by fault injection and behavior monitoring
WWW '03 Proceedings of the 12th international conference on World Wide Web
A compositional formalization of connector wrappers
Proceedings of the 25th International Conference on Software Engineering
Non-invasive adaptation of black-box user interfaces
AUIC '03 Proceedings of the Fourth Australasian user interface conference on User interfaces 2003 - Volume 18
Signpost: Matching Program Behavior against Known Faults
IEEE Software
The entropia virtual machine for desktop grids
Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Vigilante: end-to-end containment of internet worms
Proceedings of the twentieth ACM symposium on Operating systems principles
Install-Time Vaccination of Windows Executables to Defend against Stack Smashing Attacks
IEEE Transactions on Dependable and Secure Computing
A Cross-Architectural Interface for Code Cache Manipulation
Proceedings of the International Symposium on Code Generation and Optimization
Dynamic code instrumentation to detect and recover from return address corruption
Proceedings of the 2006 international workshop on Dynamic systems analysis
Ad hoc extensibility and access control
ACM SIGOPS Operating Systems Review
SPiKE: engineering malware analysis tools using unobtrusive binary-instrumentation
ACSC '06 Proceedings of the 29th Australasian Computer Science Conference - Volume 48
NetHost-sensor: Monitoring a target host's application via system calls
Information Security Tech. Report
Journal of Network and Computer Applications
Magpie: online modelling and performance-aware systems
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Fast user-mode rootkit scanner for the enterprise
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
CANS: composable, adaptive network services infrastructure
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Shadow Profiling: Hiding Instrumentation Costs with Parallelism
Proceedings of the International Symposium on Code Generation and Optimization
A distributed file system for a wide-area high performance computing infrastructure
WORLDS'06 Proceedings of the 3rd conference on USENIX Workshop on Real, Large Distributed Systems - Volume 3
Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
Chinese-wall process confinement for practical distributed coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
User-level resource-constrained sandboxing
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
WSDLite: a lightweight alternative to windows sockets direct path
WSS'00 Proceedings of the 4th conference on USENIX Windows Systems Symposium - Volume 4
Intercepting and instrumenting COM applications
COOTS'99 Proceedings of the 5th conference on USENIX Conference on Object-Oriented Technologies & Systems - Volume 5
Efficient user-level thread migration and checkpointing on windows NT clusters
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Dynamic and adaptive updates of non-quiescent subsystems in commodity operating system kernels
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
A hardware-aware debugger for the OpenGL shading language
Proceedings of the 22nd ACM SIGGRAPH/EUROGRAPHICS symposium on Graphics hardware
Operating system profiling via latency analysis
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Is a bot at the controls?: Detecting input data attacks
Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games
GWiQ-P: an efficient decentralized grid-wide quota enforcement protocol
ACM SIGOPS Operating Systems Review
Using provenance to aid in personal file search
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
D3S: debugging deployed distributed systems
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Dynamic instruction sequences monitor for virus detection
Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead
Characterizing Bots' Remote Control Behavior
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
FormatShield: A Binary Rewriting Defense against Format String Attacks
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
Portable desktop applications based on P2P transportation and virtualization
LISA'08 Proceedings of the 22nd conference on Large installation system administration conference
Stealth measurements for cheat detection in on-line games
Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games
A static API birthmark for Windows binary executables
Journal of Systems and Software
Framework for exercising I/O exception handling code
International Journal of Information and Communication Technology
Scalable support for multithreaded applications on dynamic binary instrumentation systems
Proceedings of the 2009 international symposium on Memory management
xShare: supporting impromptu sharing of mobile phones
Proceedings of the 7th international conference on Mobile systems, applications, and services
Toward user interface virtualization: legacy applications and innovative interaction systems
Proceedings of the 1st ACM SIGCHI symposium on Engineering interactive computing systems
The user is not the enemy: fighting malware by tracking user intentions
Proceedings of the 2008 workshop on New security paradigms
A New Windows Driver-Hidden Rootkit Based on Direct Kernel Object Manipulation
ICA3PP '09 Proceedings of the 9th International Conference on Algorithms and Architectures for Parallel Processing
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Fides: remote anomaly-based cheat detection using client emulation
Proceedings of the 16th ACM conference on Computer and communications security
Countering kernel rootkits with lightweight hook protection
Proceedings of the 16th ACM conference on Computer and communications security
An ambient software monitoring system for unsupervised user modelling
Expert Systems with Applications: An International Journal
Execution path profiling for OS device drivers: viability and methodology
ISAS'08 Proceedings of the 5th international conference on Service availability
A binary instrumentation tool for the Blackfin processor
Proceedings of the Workshop on Binary Instrumentation and Applications
Extending applications using an advanced approach to DLL injection and API hooking
Software—Practice & Experience
Everest: scaling down peak loads through I/O off-loading
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
R2: an application-level kernel for record and replay
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
An extensible technique for high-precision testing of recovery code
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Moles: tool-assisted environment isolation with closures
TOOLS'10 Proceedings of the 48th international conference on Objects, models, components, patterns
Bypassing races in live applications with execution filters
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Runtime multitasking support on polymorphic platforms
ACM SIGARCH Computer Architecture News
Homogeneity as an advantage: it takes a community to protect an application
CollSec'10 Proceedings of the 2010 international conference on Collaborative methods for security and privacy
ZOZZLE: fast and precise in-browser JavaScript malware detection
SEC'11 Proceedings of the 20th USENIX conference on Security
Differentiating code from data in x86 binaries
ECML PKDD'11 Proceedings of the 2011 European conference on Machine learning and knowledge discovery in databases - Volume Part III
Fay: extensible distributed tracing from kernels to clusters
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Efficient Testing of Recovery Code Using Fault Injection
ACM Transactions on Computer Systems (TOCS)
Extending .NET security to unmanaged code
ISC'06 Proceedings of the 9th international conference on Information Security
A survey on automated dynamic malware-analysis techniques and tools
ACM Computing Surveys (CSUR)
Transparent dynamic instrumentation
VEE '12 Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments
A method for test suite reduction for regression testing of interactions between software modules
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
Constructing a wrapper-based DRM system for digital content protection in digital libraries
ICADL'05 Proceedings of the 8th international conference on Asian Digital Libraries: implementing strategies and sharing experiences
Dymo: tracking dynamic code identity
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Banksafe information stealer detection inside the web browser
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Defending embedded systems with software symbiotes
RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Challenges for dynamic analysis of iOS applications
iNetSec'11 Proceedings of the 2011 IFIP WG 11.4 international conference on Open Problems in Network Security
ZZFS: a hybrid device and cloud file system for spontaneous users
FAST'12 Proceedings of the 10th USENIX conference on File and Storage Technologies
Obfuscation: Obfuscation - how to do it and how to crack it
Network Security
RadioJockey: mining program execution to optimize cellular radio usage
Proceedings of the 18th annual international conference on Mobile computing and networking
Binary stirring: self-randomizing instruction addresses of legacy x86 binary code
Proceedings of the 2012 ACM conference on Computer and communications security
Fay: Extensible Distributed Tracing from Kernels to Clusters
ACM Transactions on Computer Systems (TOCS)
A game engine-based multi-projection virtual environment with system-level synchronization
EGVE'05 Proceedings of the 11th Eurographics conference on Virtual Environments
AppInsight: mobile app performance monitoring in the wild
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Automatic software deployment using user-level virtualization for cloud-computing
Future Generation Computer Systems
Mining control flow graph as API call-grams to detect portable executable malware
Proceedings of the Fifth International Conference on Security of Information and Networks
Idea: callee-site rewriting of sealed system libraries
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Composing OS extensions safely and efficiently with Bascule
Proceedings of the 8th ACM European Conference on Computer Systems
An efficient similarity comparison based on core API calls
Proceedings of the 28th Annual ACM Symposium on Applied Computing
GHUMVEE: efficient, effective, and flexible replication
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Behavioural detection with API call-grams to identify malicious PE files
Proceedings of the First International Conference on Security of Internet of Things
Enhancing 3D applications using stereoscopic 3D and motion parallax
AUIC '12 Proceedings of the Thirteenth Australasian User Interface Conference - Volume 126
DEMO: On the real-time masking of the sound of credit cards using hot patching
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An effective API extraction scheme for dynamic binary similarity comparison
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Binary-code obfuscations in prevalent packer tools
ACM Computing Surveys (CSUR)
Transparent ROP exploit mitigation using indirect branch tracing
SEC'13 Proceedings of the 22nd USENIX conference on Security
Cider: native execution of iOS apps on android
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
DIVILAR: diversifying intermediate language for anti-repackaging on android platform
Proceedings of the 4th ACM conference on Data and application security and privacy
Hi-index | 0.01 |
Innovative systems research hinges on the ability to easily instrument and extend existing operating system and application functionality. With access to appropriate source code, it is often trivial to insert new instrumentation or extensions by rebuilding the OS or application. However, in today's world of commercial software, researchers seldom have access to all relevant source code. We present Detours, a library for instrumenting arbitrary Win32 functions on x86 machines. Detours intercepts Win32 functions by re-writing target function images. The Detours package also contains utilities to attach arbitrary DLLs and data segments (called payloads) to any Win32 binary. While prior researchers have used binary rewriting to insert debugging and profiling instrumentation, to our knowledge, Detours is the first package on any platform to logically preserve the un-instrumented target function (callable through a trampoline) as a subroutine for use by the instrumentation. Our unique trampoline design is crucial for extending existing binary software. We describe our experiences using Detours to create an automatic distributed partitioning system, to instrument and analyze the DCOM protocol stack, and to create a thunking layer for a COM-based OS API. Micro-benchmarks demonstrate the efficiency of the Detours library.