An Analysis Tool that Detects The Code Caves in Specified Sizes for Portable Executable Files

Simple item page
dc.contributor.authorUgurlu, Guney
dc.contributor.authorAcici, Koray
dc.contributor.orcID0000-0002-3821-6419en_US
dc.contributor.researcherIDHDM-9910-2022en_US
dc.date.accessioned2023-09-14T12:15:12Z
dc.date.available2023-09-14T12:15:12Z
dc.date.issued2022
dc.description.abstractCode caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.en_US
dc.identifier.endpage41en_US
dc.identifier.isbn979-8-3503-3162-2en_US
dc.identifier.startpage38en_US
dc.identifier.urihttp://hdl.handle.net/11727/10663
dc.identifier.wos000932842500005en_US
dc.language.isoengen_US
dc.relation.isversionof10.1109/ICTACSE50438.2022.10009843en_US
dc.relation.journal5th International Conference on Theoretical and Applied Computer Science and Engineering (ICTASCE)en_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectReverse engineeringen_US
dc.subjectCode cavesen_US
dc.subjectPortable executableen_US
dc.subjectShellcodesen_US
dc.subjectCode injectionen_US
dc.titleAn Analysis Tool that Detects The Code Caves in Specified Sizes for Portable Executable Filesen_US
dc.typeconferenceObjecten_US

Files

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description:
Download

Collections

Mühendislik Fakültesi / Faculty of Engineering