Windows Sockets applications using the network interface hooking purging method

摘要

A network fuzzing method using Windows socket API(Application Program Interface) hooking is provided to freely perform network fuzzing by embedding a socket API hooking function in a network program through DLL(Dynamic Linked Library) injection without analyzing a protocol and manufacturing a fuzzer. A network program module drives its own network program if a target network program for fuzzing is activated(S10). A main program module controls a DLL file module to find out the network program driven by the network program module and to inject a DLL file containing a window socket API hooking function(S20). The DLL file module hooks socket API functions the network program uses, and replaces them with specially defined socket functions(S30). If socket API hooking is executed, the DLL file module temporarily stores the packet transmitted and received through the network program, and forwards the packets to a packet handler in the main program module. The packet handler delivers the collected packets to a database module. The database module stores and analyzes the packets, and creates a fuzzing data set(S40). The main program module compulsorily transmits abnormal packets through the packet handler, and judges whether a problem exists in the target network program which receives the abnormal packets(S50).