APPARATUS AND METHOD FOR PREVENTING VIRUS CODE EXECUTION
First Claim
Patent Images
1. An apparatus for preventing virus code execution, the apparatus comprising:
- a code converter configured to convert code of a kernel module or an application program into an interrupt instruction, in response to execution of the kernel module or the application program being detected;
a code check unit configured to determine, in response to an exception being generated by execution of the interrupt instruction, whether buffer overflow occurs; and
a virus detection engine configured to perform virus inspection on a program execution region moved by the buffer overflow.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for preventing virus code execution through buffer overflow management are provided. When buffer overflow occurs during execution of a kernel module or application program, the apparatus and method may perform virus inspection on a program execution region moved by the buffer overflow.
-
Citations
10 Claims
-
1. An apparatus for preventing virus code execution, the apparatus comprising:
-
a code converter configured to convert code of a kernel module or an application program into an interrupt instruction, in response to execution of the kernel module or the application program being detected; a code check unit configured to determine, in response to an exception being generated by execution of the interrupt instruction, whether buffer overflow occurs; and a virus detection engine configured to perform virus inspection on a program execution region moved by the buffer overflow. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for preventing virus code execution, the method comprising:
-
detecting execution of a kernel module or an application program; converting a code of the kernel module or the application program into an interrupt instruction; in response to an execution of the interrupt instruction generating an exception, determining whether buffer overflow occurs; and in response to determining that buffer overflow occurs, performing virus inspection on a program execution region moved by the buffer overflow. - View Dependent Claims (7, 8, 9, 10)
-
Specification