×

Detecting data corruption by control flow interceptions

  • US 10,289,570 B2
  • Filed: 12/24/2015
  • Issued: 05/14/2019
  • Est. Priority Date: 12/24/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer program product tangibly embodied on a non-transient computer readable medium, the computer program product comprising instructions operable, when executed, to perform a method comprising:

  • intercepting, by an execution profiling handler implemented at least partially in hardware, an invocation by an executable application to a memory allocation library to allocate memory;

    observing, by the execution profiling handler, memory allocation information associated with the invocation of the memory allocation library, the memory allocation information indicating a module of the executable application that is run, a size of the memory, an address or range of the memory, an attribute of the memory, or a location of the memory, the attribute defined as at least one of READ, WRITE, or EXECUTE;

    setting a permission for accessing heap memory in an extended page table based on the memory allocation information;

    intercepting (i) an indirect branch execution from the executable application or (ii) an exploitation of heap memory; and

    determining, based on the permission set in the extended page table, to block (i) the indirect branch execution from accessing heap memory or (ii) the exploitation of heap memory.

View all claims
  • 10 Assignments
Timeline View
Assignment View
    ×
    ×