Process Injection Detection
Protection Module: ProcessInjection
Detects DLL injection, code injection, and API hooking attempts.
Available for:
- Windows Desktop Applications
- Server Applications
How It Works
Process Injection Detection monitors for unauthorized code being injected into your application process.
Detection Methods:
- Loaded Module Analysis - Identifies unauthorized DLLs
- IAT Hook Detection - Detects Import Address Table modifications
- Inline Hook Detection - Identifies code patches
- Thread Analysis - Detects remote threads
- Memory Region Validation - Identifies injected code pages
Common Injection Techniques Detected:
- Classic DLL Injection (CreateRemoteThread)
- Reflective DLL Injection
- Process Hollowing
- IAT/EAT Hooking
- Inline Hooking (detours)
- APC Injection
- SetWindowsHookEx Injection
Configuration
JSON
{
"protections": {
"ProcessInjection": {
"enabled": true,
"action": "close"
}
}
}{
"protections": {
"ProcessInjection": {
"enabled": true,
"action": "close"
}
}
}Available Actions
| Action | Behavior |
|---|---|
| Close | Terminate immediately (recommended) |
| Log | Record injection attempt |
| Custom | Advanced security response |
When to Use
Recommended for:
- Gaming applications (anti-cheat)
- Financial applications
- DRM-protected software
- Applications with anti-piracy measures
Platform Compatibility
| Platform | Support | Notes |
|---|---|---|
| Windows | ✔ | Full support |
| Linux | ⚠️ | Limited (LD_PRELOAD detection) |
| macOS | ⚠️ | Limited (DYLD_INSERT_LIBRARIES) |
Related Protections
Actions
Configure responses