Ugurlu, GuneyAcici, Koray2023-09-142023-09-142022979-8-3503-3162-2http://hdl.handle.net/11727/10663Code caves represent sequential null bytes in portable executable files and are particularly used in reverse engineering. With the help of code caves, the execution flow of the program can be changed, and different codes can be injected into the compiled programs. In the sections in the PE files, it is determined manually whether there is a code cave suitable for the size of the code to be injected. This paper presents the analysis tool named CodeCaveFinder. It finds in detail whether the code caves of the user desired size are in the sections of the PE file. As a result of tests, it has been proven that CodeCaveFinder gives accurate and reliable results.enginfo:eu-repo/semantics/closedAccessReverse engineeringCode cavesPortable executableShellcodesCode injectionconferenceObject3841000932842500005