By Topic

Unicode-proof code injection attack on Windows CE — A novel approach of evading intrusion detection system for mobile network

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Yang Song ; National Computer Network Intrusion Protection Center, Graduate University of Chinese Academy of Sciences, Beijing, China ; Yuqing Zhang ; Yingfei Sun ; JingBo Yan

Code injection attack is a major way of spreading malware on network. The key section of code injection attack is a small piece of code, called shellcode, which performs unauthorized operations when it is injected into software as part of valid data. On Windows CE, input data are often encoded using Unicode before being processed. In such cases, shellcode should be built in a way that bypasses such encoding; that is, it should be Unicode-proof. Unicode-proof shellcode also has great advantage of evading instruction detection system. However, it is quite difficult to build Unicode-proof shellcode for the ARM architecture, on which most embedded devices are developed, because the subset of instructions that can be used to write Unicode-proof shellcode is very limited. Moreover, the instruction cache in the ARM processor restricts the application of self-modifying code, which is frequently used in shellcode writing. This novel research proposes an approach to building ARM Unicode-proof shellcode on Windows CE under these constraints. The approach applies to all versions of ARM processors and Windows CE, including systems evolved from Windows CE, such as Windows Mobile and Windows Phone. The shellcode is tested on three currently available devices.

Published in:

Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on

Date of Conference:

27-29 May 2011