Keywords : API Hooking

Controlling and Protecting Windows Applications by Analyzing and Manipulating PE File Format

Rawaa P. Qasha; Zaid A. Monther

AL-Rafidain Journal of Computer Sciences and Mathematics, 2012, Volume 9, Issue 1, Pages 23-33
DOI: 10.33899/csmj.2012.163668

PE (Portable Executable) is the native file format of Windows32. Analyzing and manipulating the PE file gives valuable insights into the structure and work of Windows.
This research includes analysis the components of Windows executable files as a structure and defined values, to provide the capability of protection and controlling Windows programs by applying specified modifications that can be undid on PE specific value to stop the program from being executed by unwanted user. Also it includes analyzing the structure of PE file and comparing a specified part from PE with a same part from common viruses file, this process offers a good way to detect malicious programs and viruses in the computer by saving viruses signatures in a specified file and scanning all PE files. The other part of the research rebuild the Import Address Table of any PE files that may make a call to one of three important and essential registry API functions in order to control the using of these functions in the system using one of the API hooking techniques to control Undesirable programs.
The objective of the research is to control the executable files of the Windows system in order to provide protection for these files and the system as a whole.
Research program was developed using Visual C + + 9.0.