Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DLL injection method and system based on Windows platform

A platform and system function technology, applied in the field of data security, can solve problems such as injection failure

Active Publication Date: 2017-12-15
北京明朝万达科技股份有限公司
View PDF2 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0010] 3) The HOOK technology for the virtual function table of the COM interface is only applicable to the COM interface
This technology will fail to inject when it encounters the shell code of the packer and the service program.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DLL injection method and system based on Windows platform
  • DLL injection method and system based on Windows platform
  • DLL injection method and system based on Windows platform

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0095] Such as Figure 5 , is a specific embodiment realized according to the technical solution of the present invention.

[0096] (1) The process starts.

[0097] (2) Judging whether the process is a sensitive process (needing a leak-proof process), if not, letting go of not injecting the security detection DLL.

[0098] (3) If yes, call the injection module and inject the security detection DLL.

[0099] (4) The safety detection DLL performs safety detection on the process.

[0100] (5) Refuse to open if it is detected to be unsafe.

[0101] (6) If safe, allow to open.

[0102] The technical solution is used to monitor chat tools such as QQ, but the general injection method cannot inject and control the QQ process. Using the injection method of the present invention, the detection DLL is successfully injected, and the chat information of software such as QQ is monitored. good control.

[0103] The technical solution of the invention achieves the following technical ef...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a DLL injection method and system based on a Windows platform. The method comprises the following steps that a process is stared, whether safety detection DLL needs to be injected to the process or not is judged, and if yes, a module name requiring the safety detection DLL injection is obtained; whether the module name is 'ntdll.dll' or not is judged, and if yes, the injection information of a current process is inserted into a work queue; the safety detection DLL conducts safety detection on the current process; if unsafe according to the detection, the current process is ended, and if safe, the current process is allowed to be started. According to the DLL injection method and system based on the Windows platform, more processes can be injected, antivirus software does not kill the processes by mistake, and the DLL injection method and system is more stable and more efficient.

Description

technical field [0001] The invention relates to the field of data security, in particular to a method and system for injecting a security detection DLL based on a Windows platform. Background technique [0002] The current WINDOWS security detection DLL injection methods are mainly divided into three categories: Windows message hook, API HOOK and COM HOOK. [0003] 1) Windows message hook (provided by the operating system itself) [0004] Windows message hooks are divided into global message hooks and local message hooks (that is, thread message hooks), such as: message hooks for controlling the keyboard. [0005] 2) API HOOK technology is a technology used to change the execution result of the API. Microsoft itself also uses this technology in the Windows operating system, such as Windows compatibility mode. API HOOK technology is not a proprietary technology of computer viruses, but computer viruses often use this technology to achieve the purpose of hiding themselves. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/44G06F21/56
CPCG06F21/562G06F9/448
Inventor 曲恩纯喻波王志海彭洪涛
Owner 北京明朝万达科技股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com