My article about new DLL injection and API hooking methods
May6
I’m writing a ‘scientific’ article on DLL injection and API hooking (advanced programming techniques) for the Windows NT OS. Me and Zoran Bosnić (my menthor) are almost finished with it and it will hopefully be published in the SPE journal. I don’t know how long it takes to publish, but I hope it will be confirmed by August. Does anyone know?
Also, any idea if you can publish such an article on your own site, or have you basically given those rights away to the publisher?
A brief explanation of new methods which I’ve developed:
- DLL injection: I use debugger API in a similar manner that the CreateRemoteThread approach uses, but I execute the code via modification of the main thread’s context to run the code for me (instead of creating a new thread). This approach seems to be somewhat slower, but that is not important. What is important that it allows DLL injection into a suspended process or in other words injection will work even if you create a process in a suspended state (unlike CreateRemoteThread which does not work in this case).
- API hooking: I’ve developed a method of API hooking that is able to hook any single machine code instruction, which might be useful in some cases. Also, it allows for hooking of instructions that contain relative memory addresses, unlike Microsoft Detours. I hope it will be possible to further optimize this method, at it is considerably slow compared to Detours. However when the Detours approach is applicable I just use it instead, but I’d still like to make it faster for cases which Detours can not handle. Code redirection time with Detours: 1ns, my method: 1600ms. Wow, that really is much slower. But at least it works in such cases where Detours fails.
9:24 am on May 25th, 2009
Hello! Is the article in english? I would like if you could share it with me.
10:43 am on May 25th, 2009
I will share it here after it’s published (probably a few months). I’m sorry but I can’t publish it before that.
Also yes, the article is in English.
5:43 am on September 5th, 2009
Hi,
is the article published now. if so please share it with me.
thanks in adv.
3:43 pm on September 5th, 2009
Hello SHIV,
sadly the article is still in review process at the journal. I think the summer may have prolonged the review process a little (vacations etc.). I recently got an email from them that they are currently awaiting the return of the last review of the article, and then the editor will let me know. I think it should take less then a month for that.
Regards.
6:53 pm on January 31st, 2010
Hai buddy,
2009 is over. I’m CS student in Slovenia (Faculty of Computer and Information Science) and need urgent your research.
Thank you and I look forward to hearing from you.
7:05 pm on January 31st, 2010
TILDEBOMB: If you are indeed at the same Uni as me (FRI Slovenia), then you can contact me through our forums (nick mrbrdo), I can send you the unrevised version. The article wasn’t yet published so I cannot give you the revised version or refer you to the publication.
Regards,
Jan