• Title/Summary/Keyword: DLL 인젝션

Search Result 3, Processing Time 0.017 seconds

Memory Injection Technique and Injected DLL Analysis Technique in Windows Environment (윈도우 환경에서의 메모리 인젝션 기술과 인젝션 된 DLL 분석 기술)

  • Hwang, Hyun-Uk;Chae, Jong-Ho;Yun, Young-Tae
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.59-67
    • /
    • 2006

  • Recently the Personal Computer hacking and game hacking for the purpose of gaining an economic profit is increased in Windows system. Malicious code often uses methods which inject dll or code into memory in target process for using covert channel for communicating among them, bypassing secure products like personal firewalls and obtaining sensitive information in system. This paper analyzes the technique for injecting and executing code into memory area in target process. In addition, this analyzes the PE format and IMPORT table for extracting injected dll in running process in affected system and describes a method for extracting and analyzing explicitly loaded dll files related with running process. This technique is useful for finding and analyzing infected processes in affected system.

  • PDF

A Study on Injection Attacks and Defenses on Microsoft Windows (MS Windows에서 인젝션 공격 및 방어 기법 연구)

  • Seong, HoJun;Cho, ChangYeon;Lee, HoWoong;Cho, Seong-Je
    • Journal of Software Assessment and Valuation
    • /
    • v.16 no.2
    • /
    • pp.9-23
    • /
    • 2020

  • Microsoft's Windows system is widely used as an operating system for the desktops and enterprise servers of companies or organizations, and is a major target of cyber attacks. Microsoft provides various protection technologies and strives for defending the attacks through periodic security patches, however the threats such as DLL injection and process injection still exist. In this paper, we analyze 12 types of injection techniques in Microsoft Windows, and perform injection attack experiments on four application programs. Through the results of the experiments, we identify the risk of injection techniques, and verify the effectiveness of the mitigation technology for defending injection attacks provided by Microsoft. As a result of the experiments, we have found that the current applications are vulnerable to several injection techniques. Finally, we have presented the mitigation techniques for these injection attacks and analyzed their effectiveness.

  • https://doi.org/10.29056/jsav.2020.12.02 인용

A Study on the Tracking and Blocking of Malicious Actors through Thread-Based Monitoring (스레드 기반 모니터링을 통한 악의적인 행위 주체 추적 및 차단에 관한 연구)

  • Ko, Boseung;Choi, Wonhyok;Jeong, Dajung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.75-86
    • /
    • 2020

  • With the recent advancement of malware, the actors performing malicious tasks are often not processes. Malicious code injected into the process that is installed by default in the operating system works thread by thread in the same way as DLL / code injection. In this case, diagnosing and blocking the process as malicious can cause serious problems with system operation. This white paper lists the problems of how to use process-based monitoring information to identify and block the malicious state of a process and presents an improved solution.

  • https://doi.org/10.13089/JKIISC.2020.30.1.75 인용 PDF KSCI HTML