A Survey on Function and System Call Hooking Approaches

Functions and system calls are effective indicators of the behavior of a process. These subroutines are useful for identifying unauthorized behavior caused by malware or for developing a better understanding of the lower-level operations of an application. Code obfuscation, however, often prevents u...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Journal of hardware and systems security Ročník 1; číslo 2; s. 114 - 136
Hlavní autoři: Lopez, Juan, Babun, Leonardo, Aksu, Hidayet, Uluagac, A. Selcuk
Médium: Journal Article
Jazyk:angličtina
Vydáno: Cham Springer International Publishing 01.06.2017
Springer Nature B.V
Témata:
Application programming interface
Circuits and Systems
Computer Hardware
Engineering
Information Systems Applications (incl.Internet)
Libraries
Linux
Malware
Mobile operating systems
Operating systems
Resource utilization
Software
Subroutines
Systems and Data Security
Function interception
Hooking techniques
Function interposition
Function instrumentation
API calls
Binary instrumentation
System calls
ISSN:2509-3428, 2509-3436
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Functions and system calls are effective indicators of the behavior of a process. These subroutines are useful for identifying unauthorized behavior caused by malware or for developing a better understanding of the lower-level operations of an application. Code obfuscation, however, often prevents user monitoring and modification of subroutine calls. Subroutine hooking offers a solution to this limitation. Function and system call hooking approaches allow for subroutine instrumentation, making hooking a valuable and versatile skill across industry and academia. In this survey, we present several criteria for the classification and selection of hooking tools and techniques as well as an examination of the major hooking approaches used on Windows, Linux, macOS, iOS, and Android operating systems. We also evaluate and compare the performance of different subroutine hooking tools and techniques based on computing resource utilization such as CPU time, memory, and wall-clock time. To the best of our knowledge, this is the first paper that encompasses both system call and function hooking techniques and tools across the major desktop and mobile operating systems.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2509-3428
2509-3436
DOI:10.1007/s41635-017-0013-2