• Title/Summary/Keyword: Windows API 후킹

Search Result 5, Processing Time 0.022 seconds

Detection of systems infected with C&C Zeus through technique of Windows API hooking (Windows API 후킹 기법을 통한 C&C Zeus에 감염된 시스템의 탐지)

  • Park, Chul-Woo;Son, Ji-Woong;Hwang, Hyun-Ki;Kim, Ki-Chang
    • Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
    • /
    • v.5 no.2
    • /
    • pp.297-304
    • /
    • 2015
  • Zeus is one of the will-published malwares. Generally, it infects PC by executing a specific binary file downloaded on the internet. When infected, try to hook a particular Windows API of the currently running processes. If process runs hooked API, this API executes a particular code of Zeus and your private information is leaked. This paper describes techniques to detect and hook Windows API. We believe the technique should be able to detect modern P2P Zeus.

Study on the API Hooking Method Based on the Windows (윈도우 API 후킹 탐지 방법에 대한 연구)

  • Kim, Wan-Kyung;Soh, Woo-Young;Sung, Kyung
    • Journal of Advanced Navigation Technology
    • /
    • v.13 no.6
    • /
    • pp.884-893
    • /
    • 2009
  • Recently, malicious attacks for Windows operate through Window API hooking in the Windows Kernel. This paper presents the API hooking attack and protection techniques based on Windows kernel. Also this paper develops a detection tool for Windows API hooking that enables to detect dll files which are operated in the kernel. Proposed tool can detect behaviors that imports from dll files or exports to dll files such as kernel32.dll, snmpapi.dll, ntdll.dll and advapidll.dll, etc.. Test results show that the tool can check name, location, and behavior of API in testing system.

  • PDF

Detecting a Driver-hidden Rootkit using DKOM in Windows OS (윈도우 OS에서 DKOM 기반 루트킷 드라이버 탐지 기법)

  • Sim, Jae-bum;Na, Jung-chan
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2014.04a
    • /
    • pp.391-394
    • /
    • 2014
  • 많은 루트킷들은 사용자 또는 탐지 프로그램으로부터 탐지되지 않기 위해서 중요한 함수를 후킹하거나 DKOM 등의 기술을 이용한다. API를 후킹하여 반환되는 정보를 필터링하는 전통적인 루트킷과 달리 DKOM 루트킷은 이중 연결리스트로 구성된 커널 오브젝트의 링크를 직접 조작하여 루트킷 자신의 존재를 숨길 수 있으며 DKOM으로 은닉한 루트킷은 쉽게 탐지되지 않는다. 본 논문에서는 DKOM을 이용하여 은닉된 루트킷 드라이버를 탐지하기 위한 기술을 제안하고, 루트킷 탐지 능력을 검증한다.

Game process detection to Using D3D API Hooking (D3D API Hooking을 이용한 게임 프로세스 탐지)

  • Cheon, Dae-Young;Lee, Kyung-Soon;Pyun, Ki-Hyun
    • Proceedings of the Korean Information Science Society Conference
    • /
    • 2012.06d
    • /
    • pp.135-136
    • /
    • 2012
  • 윈도우기반 게임 프로그램의 엔진은 대부분 DirectX를 사용하고 있다. 이는 게임 프로세스를 탐지하는데에 있어서 수많은 게임의 이름을 알고 있지 않아도, DirectX의 사용여부로 게임 프로세스를 탐지할 수 있음을 의미한다. 본 논문은 유저모드 후킹 Windows Message Hooking과 Direct3D Hooking을 이용하여 게임 프로세스를 탐지하는 방법을 제안하고자 한다.

Monitoring System of File Outflow through Storage Devices and Printers (저장매체와 프린터를 통한 파일유출 모니터링시스템)

  • Choi Joo-ho;Rhew Sung-yul
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.15 no.4
    • /
    • pp.51-60
    • /
    • 2005
  • The riles or intellectual property on computer systems have increasingly been exposed to such threats that they can be flowed out by internal users or outer attacks through the network. The File Outflow Monitoring System monitors file outflows at server by making the toe when users copy files on client computers into storage devices or print them, The monitoring system filters I/O Request packet by I/O Manager in kernel level if files are flowed out by copying, while it uses Win32 API hooking if printed. As a result, it has exactly made the log and monitored file outflows, which is proved through testing in Windows 2000 and XP.