Browsing by Author "Ugurlu, Guney"

Filter results by typing the first few letters
Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    An Analysis Tool that Detects The Code Caves in Specified Sizes for Portable Executable Files
    (2022) Ugurlu, Guney; Acici, Koray; 0000-0002-3821-6419; HDM-9910-2022
    Code caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.
  • No Thumbnail Available
    Item
    A Reverse Engineering Tool that Directly Injects Shellcodes to the Code Caves in Portable Executable Files
    (2022) Acici, Koray; Ugurlu, Guney; 0000-0002-3821-6419; HDM-9910-2022
    Code caves are used in cybersecurity and reverse engineering and describe the space in a PE file that consists of sequential and random unused or empty bytes. Malware writers and hackers design malwares to inject shellcode into these code caves and can create backdoors on computers through to the shellcodes they inject. Apart from malicious use, the benefits of injecting code into code caves should also be considered. When software developers develop new software, they can use code caves and code injection to make minor changes to the compiled software. With the reverse engineering tool we developed named CodeCaveInjection, we demonstrated how to inject shell codes with 2 different methods and made this process easier.