Injective Code inside Import Table by Ashkbiz Danehkar
- 1. Into Import Table
- 2. Import Descriptor at a glance
- 3. API redirection technique
- 4. Protection again reversion
- 5. Runtime Import Table Injection
- 6. Troy horse
- 7. Consequence
Let’s imagine we could redirect the thoroughfare of the import process accessions into our especial routine by manipulating the import table thunks, it could be possible to filter the importation function demands through our routine. Furthermore, we could settle our routine by this performance, which is done by the professional Portable Executable (PE) Protectors, additionally some sort of rootkits employs this approach to embed its malicious code inside the victim by a troy horse.
In reverse engineering world, we describe it as API redirection technique, nevertheless I am not going to accompany all viewpoints in this area by source code, this article merely represents a brief aspect of this technique by a simple code. I will describe other issues in the absence of the source code; I could not release the code which is related to the commercial projects or intended to the malicious motivation, however I think this article can be used as an introduction into this topic.