DLL injection means that a specific DLL is forced to be inserted into another process. That is, DLL injection allows the forcibly inserted DLL to be loaded and processed during the execution of the other process. DLL injection is used in several fields such as a virus and malicious code, including a rootkit. The forcibly inserted DLL may have an access privilege to a memory of the corresponding process, thereby easily controlling the process by hooking and adding of a function.
A conventional representative DLL injection technique includes a method of using SetWindowsHookEx( ) function, a method of using CreateRemoteThread( ) function, and a method of editing a registry value. In the conventional representative DLL injection method, when a user starts a process, the process is stacked in a memory, and DLL injection is performed while the stacked process is executed.
Thus, the conventional DLL injection techniques may conflict with each other as they are simultaneously applied to the same process, and a DLL injection time may vary depending on an operating environment, and depending on an operating time even in the same environment.