本文探讨了通过操纵导入表来重定向导入过程的方法,使应用程序的函数调用经过自定义例程,可用于过滤导入请求或植入恶意代码。介绍了简单的API重定向技术实现,并讨论了其在保护软件和恶意用途上的应用。
Contents
- 1. Into Import Table
- 2. Import Descriptor at a glance
- 3. API redirection technique
- 4. Protection again reversion
- 5. Runtime Import Table Injection
- 6. Troy horse
- 7. Consequence
Let’s imagine we could redirect the thoroughfare of the import process accessions into our especial routine by manipulating the import table thunks, it could be possible to filter the importation function demands through our routine. Furthermore, we could settle our routine by this performance, which is done by the professional Portable Executable (PE) Protectors, additionally some sort of rootkits employs this approach to embed its malicious code inside the victim by a troy horse.
In reverse engineering world, we describe it as API redirection technique, nevertheless I am not going to accompany all viewpoints in this area by source code, this article merely represents a brief aspect of this technique by a simple code. I will describe other issues in the absence of the source code; I could not release the code which is related to the commercial projects or intended to the malicious motivation, however I think this article can be used as an introduction into this topic.
http://www.codeproject.com/useritems/inject2it.asp
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
