Open AccessTesting Platform Invoke as a Tool for Shellcode Injection in Windows Applications
Author(s) -
V Kh Fedorov,
E.G. Balenko,
Nikita V. Gololobov,
Konstantin Izrailov
Publication year - 2021
Publication title -
journal of physics. conference series
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.21
H-Index - 85
eISSN - 1742-6596
pISSN - 1742-6588
DOI - 10.1088/1742-6596/2096/1/012048
Subject(s) - executable , operating system , computer science , payload (computing) , code (set theory) , source code , embedded system , software , process (computing) , windows vista , system call , table (database) , fault injection , microsoft windows , software engineering , programming language , computer security , database , set (abstract data type) , network packet
This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.