Abstract
This paper investigates software attacks based on shellcode injection in Windows applications. The attack uses platform invoke to inject binary code by means of system calls. This creates a separate threat that carries the payload. The paper overviews protections against shellcode injection and thus analyzes the injection methods as well. Analysis models the injection of malicious code in a Windows app process. As a result, the paper proposes a step-by-step injection method. Experimental injection of user code in PowerShell is performed to test the method. The paper further shows the assembly code of the system call as an example of finding their IDs in the global system call table; it also shows part of the source code for the injection of binary executable code. Various counterattacks are proposed in the form of software control modules based on architecture drivers. The paper analyzes the feasibility of using dynamic invoke, which the authors plan to do later on.
Performance Comparison of Training Datasets for System Call-Based Malware Detection with Thread Information
