Academic literature on the topic 'API call hooking'

The paper describes methods how to apply Windows API hooking with third party libraries and solutions. In this research were used Windows API function SetWindowsHookEx, Detours and EasyHook libraries. Libraries methods, features and advantages were discussed in this paper. The practical part contains libraries tests. In analysis we tested target program start with hooking library and injected function call.

In the era of ubiquitous sensors and smart devices, detecting malware is becoming an endless battle between ever-evolving malware and antivirus programs that need to process ever-increasing security related data. Malwares are becoming persistent by creating full-fledged variants of the same or different family. Malwares belonging to same family share same characteristics in their functionality of spreading infections into the victim computer. We find that certain malicious functions are commonly included in malware even in different categories. From checking the existence of certain functions or API call sequence patterns matched, we can even detect new unknown malware. For malware detection, various approaches have been proposed. An Application Programming Interface (API) is widely is used for the software to interact with an operating system to do certain task such as opening file, deleting file etc., Users of the computers use this API to make it comfortable for their program to communicate with the operating system without having the prior knowledge of the hardware of the object system. The attacker also use the same type of APIs to create malware, hence it is very much difficult to know about these APIs. There are many researches done in this field, however, most researchers used n-gram to detect the sequence of API calls. Even though, it gave good results, it is time consuming to process through all the output. Hence, we proposed to use Concordance to search for the API call sequence of a malware because it use KWIC (Key Word in Context), thus only displayed the output based on the queried keyword. After that, Document Frequency (DF) is used to search for the most commonly used APIs in the dataset. The result of our experiment gave high accuracy than other methods and also found more categories than other methods. API call sequence can be extracted from most of the modern d evices. Hence we supposed that our method can detect the malware for all types of the ubiquitous devices. The results of the experiment show that Concordance can be used to search for API call sequence as we manage to identify Eight malicious Activities (Screen Capture, Hooking, Downloader, Enumerate all process, Anti debugging, Synchronization, Key Logger and Dropper) using this method.

Táto práca sa zaoberá návrhom a implementáciou nástroja, ktorý umožní používať klasické 3D OpenGL aplikácie na tzv. autostereoskopických displayoch s plným využitím ich hĺbkových možností a s minimálnym zásahom od užívateľa. Nástrojom je konverzná vrstva, ktorá umožní transparentne beh OpenGL aplikácií s interným rozšírením o vykreslenie z viacerých pohľadov vo formáte, vhodnom pre 3D display. Motiváciou tejto diplomovej práce je potenciálne rozšírenie tzv. autostereskopických displayov, ktoré je v súčasnosti závislé na cene a dostupnosti špecializovaných aplikácií pre tieto displaye. Text práce sa zaoberá dizajnom takejto vrstvy z pohľadu nutných API volaní, ktoré je potrebné korektne prepísať, aby aplikácie, vytvorené pomocou jednotlivých verzii štandardu OpenGL, pracovali správne, ako aj popisom problémov, ktoré vznikajú použitím rôznych vykreslovacích techník, a ktoré sú motiváciou pre komplexnejšie chovanie nástroja. Na záver práce sú ukážky konverzie programov, dopad na výkonnosť, ako aj identifikácia nedostatkov konverznej vrstvy s návrhmi možných riešení pre ďalší vývoj.