SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification

  • David Urbina
  • Yufei Gu
  • Juan Caballero
  • Zhiqiang Lin
Conference paper

DOI: 10.1007/978-3-319-11212-1_14

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)
Cite this paper as:
Urbina D., Gu Y., Caballero J., Lin Z. (2014) SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification. In: Kutyłowski M., Vaidya J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham

Abstract

Examining and modifying data of interest in the memory of a target program is an important capability for security applications such as memory forensics, rootkit detection, game hacking, and virtual machine introspection. In this paper we present a novel memory graph based approach for program data introspection and modification, which does not require source code, debugging symbols, or any API in the target program. It takes as input a sequence of memory snapshots taken while the program executes, and produces a path signature, which can be used in different executions of the program to efficiently locate and traverse the in-memory data structures where the data of interest is stored. We have implemented our approach in a tool called SigPath. We have applied SigPath to game hacking, building cheats for 10 popular real-time and turn-based games, and for memory forensics, recovering from snapshots the contacts a user has stored in four IM applications including Skype and Yahoo Messenger.

Keywords

program data introspection memory graph game hacking 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • David Urbina
    • 1
  • Yufei Gu
    • 1
  • Juan Caballero
    • 2
  • Zhiqiang Lin
    • 1
  1. 1.UT DallasUSA
  2. 2.IMDEA Software InstituteSpain

Personalised recommendations