Wolfgang Koch: Tricks of the Hackers: API Hooking and DLL Injection

Wolfgang Koch: Tricks of the           Hackers: API Hooking and DLL Injection
10/01

2009. október 01.

Déli tömb 2.702

10/01

2009. október 01. -

Déli tömb 2.702


Abstract Intercepting API calls is a mechanism for testing, monitoring and reverse engineering as well as for altering the behaviour of the operating system or of 3rd party products, without having their source code available. Hooking can be done by modifying the Import Address Table of the target module. To do this in a program without the source code or even in a running process DLL injection is applied. Different ways of injection will be shown. Since one can get control over the execution of another program, API hooking and DLL injection is widely used by hackers. Injection can be utilized for other purposes too - to circumwent a firewall spyware can try to send results by injecting code into a trusted program. Computer engineers and programmers should be aware of these possibilities, in order to avert them.