关键词: DLL注入, 注入原理, 注入检测, 隐蔽化, PE文件

Abstract: DLL injection, as the main technology of covert penetration attack, has formed many types after years of development. From the initial explicit system API to create remote thread gradually transition to forge system DLL and static modification of PE files. The injection process is more complex and covert, which has more challenges for detection technology. This paper analyzes the principles of ten common types of DLL injection. At the same time, the paper introduces six main detection technologies in the current industry, summarizes the advantages and disadvantages of each technology, and puts forward the future research direction in this field and provides reference for the followup research of DLL injection detection technology.

Key words: DLL injection, injection principle, injection detection, covert, PE file