Operating system loader modification
First Claim
1. A computer-implemented method, comprising:
- applying a hook to a kernel of an operating system;
monitoring system calls made to the kernel using the hook;
injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for computer security are provided. In one implementation, a computer-implemented method is provided. The method includes applying a hook to a kernel of an operating system, monitoring system calls made to the kernel using the hook, and injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call. In another implementation, the method can further include initializing the injected new entry where the injected new entry is operable to examine process files prior to loading, examining the process files, and acting on the process according to a result of the examination
31 Citations
25 Claims
-
1. A computer-implemented method, comprising:
-
applying a hook to a kernel of an operating system;
monitoring system calls made to the kernel using the hook;
injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15)
-
-
13. An apparatus for inserting code into a process, comprising:
-
an operating system, including;
a loader operable to create one or more processes;
a kernel operable to receive a system call to create a new process; and
a hook module operable to create a kernel hook operable to monitor the kernel for incoming system calls.
-
-
16. A computer program product, tangibly stored on a computer-readable medium, comprising instructions operable to cause a programmable processor to:
-
apply a hook to a kernel of an operating system;
monitor system calls made to the kernel using the hook;
inject a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. The computer program product of 24, further comprising instructions to:
copy a dynamic link library to a position on the list of process files such that the dynamic link library is initialized prior to any process specific code.
Specification