June 2018
Beginner
510 pages
13h 7m
English
Content preview from Learning Malware Analysis
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
3.4 DLL Injection Using The Application Compatibility Shim
The Microsoft Windows application compatibility infrastructure/framework (application shim) is a feature that allows programs created for older versions of the operating system (such as Windows XP) to work with modern versions of the operating system (such as Windows 7 or Windows 10). This is achieved through application compatibility fixes (shims). The shims are provided by Microsoft to the developers so that they can apply fixes to their programs without rewriting the code. When a shim is applied to a program, and when the shimmed program is executed, the shim engine redirects the API call made by the shimmed program to shim code; this is done by replacing the pointer in the IAT ...