Data hiding in windows executable files

Dae Min Shin; Yeog Kim; Keun Duck Byun; Sangjin Lee

Data hiding in windows executable files

Dae Min Shin, Yeog Kim, Keun Duck Byun, Sangjin Lee

School of Cybersecurity

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Citations (Scopus)

Abstract

A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

Original language	English
Title of host publication	Proceedings of the 6th Australian Digital Forensics Conference
Pages	153-159
Number of pages	7
Publication status	Published - 2008
Event	6th Australian Digital Forensics Conference - Perth, WA, Australia Duration: 2008 Dec 1 → 2008 Dec 3

Publication series

Name	Proceedings of the 6th Australian Digital Forensics Conference

Other

Other	6th Australian Digital Forensics Conference
Country/Territory	Australia
City	Perth, WA
Period	08/12/1 → 08/12/3

Keywords

Executable file
Hiding information
Portable executable (PE)
Program binaries

ASJC Scopus subject areas

Information Systems

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Cite this

@inproceedings{0272f478312d4347ad2e8bbaed4d58c1,

title = "Data hiding in windows executable files",

abstract = "A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.",

keywords = "Executable file, Hiding information, Portable executable (PE), Program binaries",

author = "Shin, {Dae Min} and Yeog Kim and Byun, {Keun Duck} and Sangjin Lee",

year = "2008",

language = "English",

isbn = "9780729806664",

series = "Proceedings of the 6th Australian Digital Forensics Conference",

pages = "153--159",

booktitle = "Proceedings of the 6th Australian Digital Forensics Conference",

note = "6th Australian Digital Forensics Conference ; Conference date: 01-12-2008 Through 03-12-2008",

}

TY - GEN

T1 - Data hiding in windows executable files

AU - Shin, Dae Min

AU - Kim, Yeog

AU - Byun, Keun Duck

AU - Lee, Sangjin

PY - 2008

Y1 - 2008

N2 - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

AB - A common technique for hiding information in executable files is the embedding a limited amount of information in program binaries. The hiding technique is commonly achieved by using special software tools as e.g. the tools presented by Hydan and Stilo in (Rakan, 2004, Bertrand, 2005). These tools can be used to commit crimes as e.g. industrial spy activities or other forms of illegal data access. In this paper, we propose new methods for hiding information in Portable Executable (PE) files. PE is a file format for executables used in the 32-bit and 64-bit versions of the Windows operating system. In addition, we discuss the analysis techniques which can be applied to detect and recover data hidden using each of these methods. The existing techniques for hiding information in an executable file determine the total number of bytes to be hidden on the foundation of the size of the executable code. Our novel methods proposed here do not limit the amount of hidden code.

KW - Executable file

KW - Hiding information

KW - Portable executable (PE)

KW - Program binaries

UR - http://www.scopus.com/inward/record.url?scp=84867734960&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84867734960&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84867734960

SN - 9780729806664

T3 - Proceedings of the 6th Australian Digital Forensics Conference

SP - 153

EP - 159

BT - Proceedings of the 6th Australian Digital Forensics Conference

T2 - 6th Australian Digital Forensics Conference

Y2 - 1 December 2008 through 3 December 2008

ER -

Data hiding in windows executable files

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

UN SDGs

Other files and links

Fingerprint

Cite this