• Title, Summary, Keyword: DLL/Code injection

Search Result 4, Processing Time 0.041 seconds

Memory Injection Technique and Injected DLL Analysis Technique in Windows Environment (윈도우 환경에서의 메모리 인젝션 기술과 인젝션 된 DLL 분석 기술)

  • Hwang, Hyun-Uk;Chae, Jong-Ho;Yun, Young-Tae
    • Convergence Security Journal
    • /
    • v.6 no.3
    • /
    • pp.59-67
    • /
    • 2006
  • Recently the Personal Computer hacking and game hacking for the purpose of gaining an economic profit is increased in Windows system. Malicious code often uses methods which inject dll or code into memory in target process for using covert channel for communicating among them, bypassing secure products like personal firewalls and obtaining sensitive information in system. This paper analyzes the technique for injecting and executing code into memory area in target process. In addition, this analyzes the PE format and IMPORT table for extracting injected dll in running process in affected system and describes a method for extracting and analyzing explicitly loaded dll files related with running process. This technique is useful for finding and analyzing infected processes in affected system.

  • PDF

A Study on New Treatment Way of a Malicious Code to Use a DLL Injection Technique (DLL injection 기법을 이용하는 악성코드의 새로운 치료 방법 연구)

  • Park, Hee-Hwan;Park, Dea-Woo
    • Journal of the Korea Society of Computer and Information
    • /
    • v.11 no.5
    • /
    • pp.251-258
    • /
    • 2006
  • A Malicious code is used to SMiShing disguised as finance mobile Vishing, using Phishing, Pharming mail, VoIP service etc. to capture of personal information. A Malicious code deletes in Anti-Virus Spyware removal programs, or to cure use. By the way, the Malicious cord which is parasitic as use a DLL Injection technique, and operate are Isass.exe, winlogon.exe, csrss.exe of the window operating system. Be connected to the process that you shall be certainly performed of an exe back, and a treatment does not work. A user forces voluntarily a process, and rebooting occurs, or a blue screen occurs, and Compulsory end, operating system everyone does. Propose a treatment way like a bird curing a bad voice code to use a DLL Injection technique to occur in these fatal results. Click KILL DLL since insert voluntarily an end function to Thread for a new treatment, and Injection did again the Thread which finish an action of DLL, and an end function has as control Thread, and delete. The cornerstone that the treatment wav that experimented on at these papers and a plan to solve will become a researcher of the revolutionary dimension that faced of a computer virus, and strengthen economic financial company meeting Ubiquitous Security will become.

  • PDF

A Study on Treatment Way of a Malicious Code to injected in Windows System File (Windows 시스템 파일에 기생하는 악성코드의 치료 방법 연구)

  • Park, Hee-Hwan;Park, Dea-Woo
    • KSCI Review
    • /
    • v.14 no.2
    • /
    • pp.255-262
    • /
    • 2006
  • A Malicious code is used to SMiShing disguised as finance mobile Vishing, using Phishing, Pharming mail, VoIP service etc. to capture of personal information. A Malicious code deletes in Anti-Virus Spyware removal programs. or to cure use. By the way, the Malicious cord which is parasitic as use a DLL Injection technique, and operate are Isass.exe, winlogon.exe. csrss.exe of the window operating system. Be connected to the process that you shall be certainly performed of an exe back, and a treatment does not work. A user forces voluntarily a process, and rebooting occurs, or a blue screen occurs, and Compulsory end, operating system everyone does. Propose a treatment way like a bird curing a bad voice code to use a DLL Injection technique to occur in these fatal results. Click KILL DLL since insert voluntarily an end function to Thread for a new treatment, and Injection did again the Thread which finish an action of DLL, and an end function has as control Thread, and delete. The cornerstone that the treatment way that experimented on at these papers and a plan to solve will become a researcher or the revolutionary dimension that faced of a computer virus, and strengthen economic financial company meeting Ubiquitous Security will become.

  • PDF

A Study on the Tracking and Blocking of Malicious Actors through Thread-Based Monitoring (스레드 기반 모니터링을 통한 악의적인 행위 주체 추적 및 차단에 관한 연구)

  • Ko, Boseung;Choi, Wonhyok;Jeong, Dajung
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.75-86
    • /
    • 2020
  • With the recent advancement of malware, the actors performing malicious tasks are often not processes. Malicious code injected into the process that is installed by default in the operating system works thread by thread in the same way as DLL / code injection. In this case, diagnosing and blocking the process as malicious can cause serious problems with system operation. This white paper lists the problems of how to use process-based monitoring information to identify and block the malicious state of a process and presents an improved solution.