SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification

Capítulo de livro Acesso aberto Revisado por pares

SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification

2014; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-11212-1_14

ISSN

1611-3349

Autores

David Urbina, Yufei Gu, Juan Caballero, Zhiqiang Lin,

Tópico(s)

Digital and Cyber Forensics

Resumo

Examining and modifying data of interest in the memory of a target program is an important capability for security applications such as memory forensics, rootkit detection, game hacking, and virtual machine introspection. In this paper we present a novel memory graph based approach for program data introspection and modification, which does not require source code, debugging symbols, or any API in the target program. It takes as input a sequence of memory snapshots taken while the program executes, and produces a path signature, which can be used in different executions of the program to efficiently locate and traverse the in-memory data structures where the data of interest is stored. We have implemented our approach in a tool called SigPath. We have applied SigPath to game hacking, building cheats for 10 popular real-time and turn-based games, and for memory forensics, recovering from snapshots the contacts a user has stored in four IM applications including Skype and Yahoo Messenger.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification