A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files

A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files

연구 분야: Analysis

학회: 2022 International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)

Code caves are used in cybersecurity and reverse engineering and describe the space in a PE file that consists of sequential and random unused or empty bytes. Malware writers and hackers design malwares to inject shellcode into these code caves and can create backdoors on computers through to the shellcodes they inject. Apart from malicious use, the benefits of injecting code into code caves should also be considered. When software developers develop new software, they can use code caves and code injection to make minor changes to the compiled software. With the reverse engineering tool we developed named CodeCaveInjection, we demonstrated how to inject shell codes with 2 different methods and made this process easier.