Method and apparatus for preemptive monitoring of software binaries by instruction interception and dynamic recompilation
First Claim
1. A method of executing a program in a controlled environment, comprising:
- initiating execution of an operating system with which the program is adapted to execute;
inserting, at a beginning of the program, first redirection logic;
executing the program such that the first redirection logic is executed;
storing a current instruction pointer;
redirecting execution control to a program loader;
selecting, by the program loader, a first block of instructions of the program based at least in part on the stored current instruction pointer;
manipulating the selected first block of instructions to provide a first phantom instruction block; and
executing the first phantom instruction block in the controlled environment;
wherein the selected first block of instructions includes at least one instruction, and manipulating the selected first block includes copying at least a portion of the selected first block to form the first phantom instruction block.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of executing a program in a controlled environment includes initiating execution of an operating system with which the program is adapted to execute, inserting redirection logic at the beginning of the program, and executing the program such that the redirection logic is executed. A current instruction pointer is stored, and execution control is redirected to a program loader. The program loader selects a first block of instructions of the program, based at least in part on the stored current instruction pointer. This selected block of instructions is manipulated to provide a first phantom instruction block, which is executed in the controlled environment. This manipulation includes copying at least a portion of the selected first block to form the first phantom instruction block.
68 Citations
25 Claims
-
1. A method of executing a program in a controlled environment, comprising:
-
initiating execution of an operating system with which the program is adapted to execute;
inserting, at a beginning of the program, first redirection logic;
executing the program such that the first redirection logic is executed;
storing a current instruction pointer;
redirecting execution control to a program loader;
selecting, by the program loader, a first block of instructions of the program based at least in part on the stored current instruction pointer;
manipulating the selected first block of instructions to provide a first phantom instruction block; and
executing the first phantom instruction block in the controlled environment;
wherein the selected first block of instructions includes at least one instruction, and manipulating the selected first block includes copying at least a portion of the selected first block to form the first phantom instruction block. - View Dependent Claims (2, 3, 6, 7, 8, 9, 10, 11, 12)
-
-
4. (canceled)
-
5. (canceled)
-
13. A method of executing, in a controlled environment, a program having at least one block of instructions, comprising:
-
initiating execution of an operating system with which the program is adapted to execute; and
for at least one of the at least one blocks of instructions, performing acts including directing execution control to a program loader, selecting, by the program loader, a block of instructions of the program;
manipulating the selected block of instructions to provide a phantom instruction block, and executing the phantom instruction block in the controlled environment;
wherein each selected block includes at least one instruction, and manipulating the selected block includes copying at least a portion of the selected block to form the phantom instruction block. - View Dependent Claims (14, 15, 16, 19, 20, 21, 22, 23, 24)
-
-
17. (canceled)
-
18. (canceled)
-
25. (canceled)
Specification