Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for injecting dll into target process

A target process and target program technology, which is applied in the field of injecting DLL into the target process, can solve the problems of non-dynamic cancellation, anti-virus software interception, heavy workload, etc., and achieve the effect of enhanced level, comprehensive control and high flexibility

Active Publication Date: 2019-05-24
中电科网络安全科技股份有限公司
View PDF4 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] Using the registry to inject DLL, the disadvantage is that it can only be injected into those processes that use user32.dll, and cannot be revoked dynamically, it can only follow the system startup and shutdown;
[0011] Use windows hook to inject DLL, the disadvantage is that it can only control window class messages;
[0012] Using remote threads to inject DLL, the disadvantage is that it is easy to be intercepted by anti-virus software;
[0013] Use Trojan DLL to inject DLL, the disadvantage is that it is difficult and heavy workload

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for injecting dll into target process

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0040] The system for injecting the DLL into the target process includes: a DLL injection module, which monitors the startup request of the target process through the operating system kernel, and injects the target DLL into the target process to respond to the operating system kernel; the target process setting module, which sets the target process to be injected; operation The system kernel notifies the DLL injection module after receiving the process startup request, and waits for the response of the DLL injection module. After receiving the response, it notifies the process to start loading the DLLs in the import list; the DLL injection module also includes a judgment module to judge whether the process requested to start is not for the target process.

[0041] The method of injecting the DLL into the target process is as follows: using the mechanism of the kernel to modify the PE memory of the process, and injecting the target DLL with control function into the import table...

specific Embodiment 2

[0048] Based on the specific embodiment 1, the system further includes: a restoration module for the old import table of the target process, which restores the address and data of the old import table after the DLL of the target process is loaded.

[0049] If the startup process is the target process, after the target process loads the DLL in the import table, restore the old import table of the target process. Find a suitable memory space for saving the new import table, construct a new import table to replace the old import table, and restore the old import table after the DLL is injected into the target process, so as to deceive the process verification and ensure that the initial environment of the target process is not Change.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for injecting a DLL (Dynamic Link Library) into a target process. A DLL injection module used for monitoring the program start in an operating system is set; the DLL injection module is registered into the operating system; when the target process sends a start request to the operating system, the operating system informs the DLL injection module of the request; and a user inserts a target DLL to be injected into the DLL of the target process according to requirements. The method and the system have the advantages of control comprehensiveness, good concealing performance, high flexibility and the like; the method and the system can be applied to data leaking prevention and can enhance the data protection grade; all non-system key processes can be injected; an injection system explorer technology can be applied to a secure desktop technology; and the method and the system can adapt to various common operating systems such as Windows XP, Windows Server 2003 and Windows 7.

Description

technical field [0001] The present invention relates to a method and system for injecting a DLL into a target process, in particular to a method and system suitable for injecting a DLL into the target process. Background technique [0002] The purpose of DLL injection technology is to realize that the application program actively accesses the data of other processes across the process boundary, so as to control the behavior of the target process. It has a wide range of uses, which are mainly reflected in: [0003] (1) The data involved in the object you want to manipulate is not in its own process; [0004] (2) You want to intercept system functions in the target process; [0005] (3) You want to write some functions to enhance or increase the function of the target process; [0006] (4) Hide your own program (inject the main function of your own program into other processes to run, and your own process exits); [0007] From the uses listed above, it is not difficult to ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
Inventor 曾承
Owner 中电科网络安全科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com