Methods of Hooking IAT with Injection DLL into Remote Process

Abstract

Abstract:

Abstract: In order to install our own function hooks， they are realized by hooking PE file’s import address table(IAT). This paper introduces two methods of hook IAT of using the import table: direct hook method and indirect hook method. We used Win32 assembly language to program the two hook routines of the import address table, tested the hooking IAT effects of the hook module after injecting DLL into the remote process. The results showed that the two methods can reliably hook IAT. Some problems for hook IAT are discussed.

Key words:

, Key words: , PE file； import address table； hook IAT

CLC Number:

TP393

Cite this article

ZHANG Zhong. Methods of Hooking IAT with Injection DLL into Remote Process[J]. Computer and Modernization, 2014, 0(4): 51-54.

share this article

0
/ / Recommend

Add to citation manager EndNote|Ris|BibTeX

URL: http://www.c-a-m.org.cn/EN/

http://www.c-a-m.org.cn/EN/Y2014/V0/I4/51

References

［1］

任晓珲. 黑客免杀攻防［M］. 北京：机械工业出版社， 2013：375376，390413.

［2］［美］杰夫瑞，［法］克里斯托夫.Windows核心编程（第5版）［M］. 葛子昂，周靖，廖敏译. 北京：清华大学出版社， 2008：600601.

［3］段钢. 加密与解密（第3版）［M］. 北京：电子工业出版社， 2008：285286.

［4］［美］戴维斯，等. 黑客恶意软件和RootKit安全大曝光［M］. 姚军，等译.北京：机械工业出版社，2011：218219.

［5］苏雪丽,袁丁. Windows下两种API钩挂技术的研究与实现［J］. 计算机工程与设计, 2011,32(7):25482552.

［6］陈云超,马兆丰. 基于API函数拦截技术的跨进程攻击防护研究［C］// 2011年通信与信息技术新进展——第八届中国通信学会学术年会论文集. 2011.

［7］舒敬荣,朱安国,齐善明. HOOK API时代码注入方法和函数重定向技术研究［J］. 计算机应用与软件, 2009,26(5):107110.

［8］黄顶源，李陶深，严毅,等. HOOK API在内网安全监管系统中的应用［J］. 广西物理, 2006,27(4):3841.

［9］陶廷页，孙乐昌，汪永益. 利用API HOOK技术实现计算机保密通信［J］. 安徽电子信息职业技术学院学报, 2004,3(56):107108.

［10］邓乐，李晓勇. 基于IAT表的木马自启动技术［J］. 信息安全与通信保密, 2007(2):151153.

［11］王泰格，邵玉如，杨翌. 全局IAT Hook技术原理及实现［J］. 信息与电脑:理论版, 2012(7):110111.

［12］程彦，杨建召. Win32中API拦截技术及其应用［J］. 长春工业大学学报:自然科学版, 2006,27(4):369371.

Related Articles 15

[1]	WAN Yuwen， HUANG Linying， GAN Dengwen. A New Weightbased Association Rules Mining Algorithm [J]. Computer and Modernization, 2014, 0(4): 73-76.
[2]	WANG Shangchao, TANG Xiaochun. A Prioritybased Faulttolerant Task Scheduling Algorithm on Heterogeneous Clusters [J]. Computer and Modernization, 2014, 0(4): 69-72.
[3]	CHEN Huijie, XIE Yixiong. Human Posture Recognition Method Based on Multiple Classifiers [J]. Computer and Modernization, 2014, 0(4): 64-68.
[4]	CAO Jie, YU Xin. Congestion Control Algorithm for WSN in Traffic Information Collection [J]. Computer and Modernization, 2014, 0(4): 59-63.
[5]	LIU Minghui. Multiparty Quantum Secret Sharing Protocol Using Bell Particle [J]. Computer and Modernization, 2014, 0(4): 55-58.
[6]	CHEN Si1， LI Huafeng1， TU Qinghua1， TANG Dongyang2. Nonlocal Disaster Recovery System of Digitized Campus [J]. Computer and Modernization, 2014, 0(4): 47-50.
[7]	XING Yiliang， MA Liang， HAN Baoru， FU Shi. Image Fundamental Motion Scrambling Method in Uniform Velocity  Based on Knighttour Transformation [J]. Computer and Modernization, 2014, 0(4): 41-46.
[8]	CHEN Xiao, WANG Min， TAO Mingyang. Image Geometric Segmentation Method Based on 3D Context [J]. Computer and Modernization, 2014, 0(4): 38-40.
[9]	PAN Yanhong, PAN Lin. Detection of Hard Exudates in Fundus Images Based on SVM [J]. Computer and Modernization, 2014, 0(4): 33-37.
[10]	WU Zhenju. Extraction for Vehicles Contour Based on Stransformation Coupled Canny Operator [J]. Computer and Modernization, 2014, 0(4): 29-32.
[11]	FANG Xue, YU Ruixing. Gridbased Statistical Model for 3D Object Recognition [J]. Computer and Modernization, 2014, 0(4): 24-28.
[12]	YIN Shile， ZENG Zhiyong. An Improved Nystrom Spectral Clustering for Image Segmentation [J]. Computer and Modernization, 2014, 0(4): 20-23.
[13]	WU Ning, GUAN Shengqi, XU Shuaihua. Fabric Defect Detection Based on Periodicity and Local Directivity of Texture Edge [J]. Computer and Modernization, 2014, 0(4): 16-19.
[14]	GONG Dingxi, CAO Changrong. Plant Leaf Classification Based on CNN [J]. Computer and Modernization, 2014, 0(4): 12-15.
[15]	LING Shen， CHEN Guang， HAN Xiuling. Mobile Communication Virtual Experiment Based on 3D MAX and Virtools [J]. Computer and Modernization, 2014, 0(4): 8-11.

Metrics

Viewed

Full text

Abstract

Comments

Abstract
References
Related Articles
Recommended Articles
Metrics
Comments

TOP