HookTracer: A system for automated and accessible API hooks analysis
A Case, MM Jalalzai, M Firoz-Ul-Amin, RD Maggio… - Digital …, 2019 - Elsevier
The use of memory forensics is becoming commonplace in digital investigation and incident
response, as it provides critically important capabilities for detecting sophisticated malware
attacks, including memory-only malware components. In this paper, we concentrate on
improving analysis of API hooks, a technique commonly employed by malware to hijack the
execution flow of legitimate functions. These hooks allow the malware to gain control at
critical times and to exercise complete control over function arguments and return values …
response, as it provides critically important capabilities for detecting sophisticated malware
attacks, including memory-only malware components. In this paper, we concentrate on
improving analysis of API hooks, a technique commonly employed by malware to hijack the
execution flow of legitimate functions. These hooks allow the malware to gain control at
critical times and to exercise complete control over function arguments and return values …
[PDF][PDF] HookTracer: A System for Automated and Accessible API Hooks Analysis
R Maggio, M Jalalzai, M Firoz-Ul-Amin, G Richard… - dfrws.org
… • Detection of code hooking techniques is/was one of the main drivers of the prominence
of memory forensics • With memory forensics, we can not only find the data that is hidden on
a live system, but also the exact code performing the hiding … • On our Windows 10 test
system, by filtering out hooks whose VADs all mapped to DLLs in System32, the amount of
reported hooks went from 32,458 to 178 (over 99% reduction). …
of memory forensics • With memory forensics, we can not only find the data that is hidden on
a live system, but also the exact code performing the hiding … • On our Windows 10 test
system, by filtering out hooks whose VADs all mapped to DLLs in System32, the amount of
reported hooks went from 32,458 to 178 (over 99% reduction). …
以上显示的是最相近的搜索结果。 查看全部搜索结果