DocumentCode :
1814574
Title :
In memory detection of Windows API call hooking technique
Author :
Shaid, Syed Zainudeen Mohd ; Maarof, Mohd Aizaini
Author_Institution :
Fac. of Comput., Univ. Teknol. Malaysia, Johor Bahru, Malaysia
fYear :
2015
fDate :
21-23 April 2015
Firstpage :
294
Lastpage :
298
Abstract :
API call hooking is a technique that malware researchers use to mine malware´s API calls. These API calls is used to represent malware´s behavior, for use in malware analysis, classification or detection of samples. In this paper, analysis of current Windows API call hooking techniques is presented where surprisingly, it was found that detection of each technique can be done trivially in memory. This could lead to malware being able to sense the presence of API call hooking techniques and modifying their behavior during runtime. Suggestions for a better API call hooking technique are presented towards the end of the paper.
Keywords :
application program interfaces; invasive software; storage management; Windows API call hooking technique; malware API calls; malware analysis; memory detection; Kernel; Libraries; Malware; Runtime; Virtual machining; Writing; API cal; API hooking; Malware;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer, Communications, and Control Technology (I4CT), 2015 International Conference on
Conference_Location :
Kuching
Type :
conf
DOI :
10.1109/I4CT.2015.7219584
Filename :
7219584
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=1814574
بازگشت