Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Optimal management method for injecting multi-DLL (dynamic link library) into target procedure

A target process and management method technology, which is applied in the optimization management field of injecting multiple DLLs into the target process, can solve problems such as heavy workload, inflexibility, and target process crash, and achieve improved stability and efficiency, wide application prospects, and improved The effect of stability

Active Publication Date: 2017-02-15
BEIJING VRV SOFTWARE CO LTD
View PDF3 Cites 7 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, the mainstream DLL injection technologies used by major security vendors are mainly divided into the following categories: (1) hijacking through DLL, the disadvantage is that it will take effect after restarting the computer; (2) using the registry to inject DLL, the disadvantage is that only those using The process of user32.dll cannot be revoked dynamically, it can only follow the system startup and shutdown; (3) use windows hook to inject DLL, the disadvantage is that it can only control window class messages; (4) use Trojan horse DLL to inject DLL, the disadvantage (5) Using the import table to inject the DLL, the disadvantage is that it is not flexible enough, you must first determine the name of the injected DLL and write it into the import table; (6) use the APC mechanism (Asynchronous Procedure) in the kernel space Calls, asynchronous procedure calls) insert an APC function to inject the injection execution DLL into the target process. The disadvantage is that it lacks the management of multi-injection DLL injection. When there are multiple injected DLLs and need to inject the target process at the same time, the target process Stability and efficiency are greatly affected
When there are multiple injection DLLs in the injection target process, and the same API is intercepted at the same time, each DLL will intercept this API of the target process, which increases the multiple jumps of the system execution address, and multiple interceptions seriously affect the execution of the target process. Efficiency, and multiple interceptions are very likely to cause the target process to crash

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Optimal management method for injecting multi-DLL (dynamic link library) into target procedure
  • Optimal management method for injecting multi-DLL (dynamic link library) into target procedure

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] In order to illustrate the technical solution of the present invention more clearly, a specific introduction is given below.

[0014] First set the kernel DLL injection module (SysDLL module) used to monitor the program startup in the operating system, register the SysDLL module in the operating system, and when the target process that needs to be injected requests the operating system to start, the operating system notifies the SysDLL of the request Module, the SysDLL module obtains the base address of the target process, finds the address space for saving ShellCode through the base address, writes the execution body of ShellCode into the address space, inserts an APC into each thread of the process through the QueueUserAPC function, and each thread Inserting APC can ensure that each process can be executed smoothly, and then use the executive body of ShellCode as the process function of the APC function, and use the path string of the injection execution DLL module (In...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an optimal management method for injecting multi-DLL (dynamic link library) into a target procedure. The method comprises the following steps: inserting an APC function in a kernel space by use of an APC mechanism, and additionally adding the optimal management on the injection DLL while injecting the injection execution DLL into the target procedure, and injecting the DLL management module in unification through an unified injection interception mechanism under the condition of needing to inject multi-DLL in the target procedure, thereby improving the target procedure stability and the entire execution efficiency of the interception function. The technical scheme disclosed by the invention has the advantages of being comprehensive in control and high in flexibility, any number of DLL can be injected, and the stability and the efficiency of the target procedure can be obviously improved in particular under the condition of the existence of multi-injection HookDLL; and the execution order of the multi-HookDLL is effectively managed by use of an injection control DLL module (ControlDLL module), the method is flexible and varied, and can be suitable for various places.

Description

technical field [0001] The application of the present invention belongs to the DLL injection technology in the computer operating system, and more specifically relates to an optimized management method for injecting multiple DLLs into a target process, so as to realize high stability and high efficiency of target process injection. Background technique [0002] With the rapid development of WINDOWS applications, WINDOWSAPI programming has been popularized and applied. In order to better collect some data at system runtime, you can use HOOKAPI (HOOK Application Programming Interface, an application programming The application layer program performs HOOK (hook) processing to intercept the required data, or enhance the existing functions. At present, when intercepting the required data through the HOOK API, it is first necessary to inject a DLL (DynamicLink Library, dynamic link library) with implementable functions into the target process to be hooked. [0003] The purpose of...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F9/44
Inventor 顾德仲毕永东程志远孙毅
Owner BEIJING VRV SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com