| Without source code, the modification to program such as adding fuction and fixing bug has to be done in machine code level. Injecting machine code into an executable file is called code injection. Code injection has come into being a long time ago, its application can be seen in fields of computer virus, software shell protection, program patch and so on. Though code injection technology has been used widely, systematic and special research on code injection technology has not been done before. In this paper, code injection and its related technology are studied as a whole for the first time.On discussing the concept, principle, specialty, type and method of code injection, some key concepts including injection point, injection room and injection structure are put forward. The type and faction of injection point are comprehensively studied. After clarifying the difference of control injection point and function injection point, four kind of control injection point: entry, exit, middle and file header control injection point are proposed. Two kind of injection room: tail injection room and fragmented cavity injection room are presented. Two typical code injection structure: JUMP-JUMP and CALL-RET structure are presented.When implemented in practice, code injection are closely pertinent to host file format and OS. Based on the research on code injection technology, practical implementation method of code injection and its key problem are studied in detail under DOS and WINDOWS, which includes file format, load process, injection point, injection room and program frame. Under DOS, injection code can access OS or BIOS function through interrupt. Howerver, this approach can not work under WINDOWS, to tackle this problem, method to get API address in runtime are introduced.BIOS is firmware stored in BIOS chip, it is a special program. Compared with program that run under OS and stored in disk, BIOS has its own peculiarity. After discussion on principle, file format, injection point and injection room of BIOS, an EXIT injection point seeking method with the aid of POST CODE is proposed. By virtue of the EXIT injection point, an novel code injection method under BIOS is proposed.BIOS is the lowest level software of computer. Though BIOS security is foundational part of computer security, it does not attract equivalent attention. Today, many BIOS chips adopt flash rom with large capacity, This trend allow the computer motherboard manufacturer to offer more function in BIOS conveniently and update BIOS more easily. Meanwhile, it also make possible to inject Malware(malicious software) into BIOS. Based on BIOS code injection technology, we propose a pure soflare method to check and recover BIOS. |
PDF Full Text Request