Supercharge Your Innovation With Domain-Expert AI Agents!

Method and system for calling unknown export functions of DLL

A technology for exporting functions and functions, which is applied in the field of calling DLL unknown export functions, which can solve the problems of unknown function parameters and inability to call, etc., and achieve the effect of improving the detection effect

Inactive Publication Date: 2016-04-13
HARBIN ANTIY TECH
View PDF3 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Based on the above problems, the present invention proposes a method for calling an unknown DLL export function, which can be used universally, and solves the problem that unknown function parameters are unknown and cannot be called

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for calling unknown export functions of DLL
  • Method and system for calling unknown export functions of DLL

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to make the above-mentioned purposes, features and advantages of the present invention more obvious and easy to understand, the technical solutions in the present invention will be further detailed below in conjunction with the accompanying drawings illustrate.

[0031] The invention proposes a method for calling an unknown exported function of a DLL, which can be used universally, and solves the problem that the parameters of the unknown function cannot be called due to unknown parameters.

[0032] A way to call a DLL's unknown exported function, such as figure 1 shown, including:

[0033] S101: load the DLL file into memory;

[0034] S102: Analyze the structure of the PE file, and obtain the exported function information of the DLL file; such as the number of exported functions and the address of each function;

[0035] S103: Loa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for calling unknown export functions of a DLL. The method comprises: loading a DLL file to a memory; analyzing a PE file structure to obtain export function information of the DLL file; loading a preset function parameter set; and calling DLL export functions one by one in a dynamic stack construction mode. According to the method and the system, the dynamic stack construction mode is used and sufficient parameters are provided for the export functions to use, so that all the export functions are called.

Description

technical field [0001] The invention relates to the field of computer network security, in particular to a method and a system for calling a DLL unknown export function. Background technique [0002] In the existing software, most of the application software is not composed of a single executable file, but needs to call various functions provided by other software modules. For the software under Windows, it is mainly composed of DLL (that is, dynamic Link library) to complete this function, while DLL mainly provides corresponding functions by exporting functions. There are also a lot of malicious software that encapsulates some core functions in DLL, and realizes the purpose of hiding itself through various techniques. When we dynamically detect malware, we usually run it in a virtual machine environment, and then monitor the entire system and network, and DLL cannot run independently. Generally, when using a DLL’s exported function, you need to know its function declarati...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F9/44
Inventor 周龙康学斌肖新光
Owner HARBIN ANTIY TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com