Memory injection, often referred to as process injection, is a technique where malicious

code is inserted into the address space of an already running, legitimate process.

Option C, "Malicious code is copied to the allocated space of an already running

process," accurately and directly describes this core action. This encompasses various

methods, such as allocating memory in a target process (e.g., using VirtualAllocEx in

Windows) and then writing the malicious code into that allocated space (e.g., using

WriteProcessMemory), followed by execution.

· A. Two processes access the same variable, allowing one to cause a privilege

escalation. This describes a vulnerability related to shared memory or a race

condition. While it can lead to privilege escalation by manipulating data, it's not

primarily about injecting new executable code into another process's memory space.

· B. A process receives an unexpected amount of data, which causes malicious

code to be executed. This describes a buffer overflow. While buffer overflows can be

a method to achieve memory injection (by overflowing a buffer with shellcode), option

C provides a more direct and general description of the act of memory injection itself.

Memory injection as a technique is not limited to vulnerabilities triggered by "unexpected

amounts of data" in this manner.

· D. An executable is overwritten on the disk, and malicious code runs the next

time it is executed. This describes a file-based attack, such as trojanizing an

application or replacing an executable. The malicious code executes when the modified

program is launched from the disk, not by injecting code into the memory of an already

running process.

1. MITRE. (2023). Process Injection, T1055. MITRE ATT&CK. o

URL: https://attack.mitre.org/techniques/T1055/

o Reference: The main description states, "Process injection is a method of executing

arbitrary code in the address space of a separate live process." Many sub-techniques

involve writing code into the target process's memory (supporting option C).

2. BINTI Zulkifli,

N. N., HASHIM,

A. S.

B. M., & YAAKOB,

N. (2018). Analysis of

Memory Injection Techniques for Bypassing Anti-Virus Software. IEEE Access, 6, 66131–

66143.

o DOI: https://doi.org/10.1109/ACCESS.2018.2876904

o Reference: Page 66131, Section I (Introduction): "Memory injection refers to a series

of techniques that inject malicious code into a running process..." This aligns directly

with option C. The paper discusses techniques like DLL injection and Process

Hollowing which involve copying/mapping code into a running process's memory.

3. Microsoft. (2021). WriteProcessMemory function (memoryapi.h). Microsoft Docs.

o URL: https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nfmemoryapi-writeprocessmemory

o Reference: This official API documentation describes a function that "writes data to

an area of memory in a specified process." This is a mechanism used in many memory

injection techniques, illustrating the "copying code to allocated space" described in option

C.

4. Erickson, J. (2008). Hacking: The Art of Exploitation, 2nd Edition. No Starch Press.

o Reference: Chapter 3 ("Exploiting Programs"), Section "Overflowing the Stack" (pp.

134-150 in some editions) explains how buffer overflows (related to option B) can inject

shellcode onto the stack. While this shows B as a method, option C is a more general

description of the injection act itself, which is preferred for precision. Option C covers

more forms of memory injection beyond just overflows.