Changing code execution path using kernel mode redirection
First Claim
1. A method of redirecting a code execution path in a running process, comprising:
- injecting an instruction into said code execution path;
passing control to a kernel handler;
executing a replacement function called by said kernel handler; and
returning to said code execution path.
2 Assignments
0 Petitions
Accused Products
Abstract
A mechanism for redirecting a code execution path in a running process. A one-byte interrupt instruction (e.g., INT 3) is inserted into the code path. The interrupt instruction passes control to a kernel handler, which after executing a replacement function, returns to continue executing the process. The replacement function resides in a memory space that is accessible to the kernel handler. The redirection mechanism may be applied without requiring a reboot of the computing device on which the running process is executing. In addition, the redirection mechanism may be applied without overwriting more than one byte in the original code.
21 Citations
20 Claims
-
1. A method of redirecting a code execution path in a running process, comprising:
-
injecting an instruction into said code execution path;
passing control to a kernel handler;
executing a replacement function called by said kernel handler; and
returning to said code execution path. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of changing a code execution path by using an interrupt to replace an existing function, comprising:
-
injecting said interrupt into said existing function;
passing control to a kernel handler;
executing a replacement function called by said kernel handler; and
returning to said code execution path. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer readable medium having computer executable instructions thereon for redirecting a code execution path in a running process, said computer executable instructions performing a method, comprising:
-
injecting an instruction into said code execution path passing control to a kernel handler;
executing a replacement function called by said kernel handler; and
returning to said code path. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification