CODE INJECTION AND CODE INTERCEPTION IN AN OPERATING SYSTEM WITH MULTIPLE SUBSYSTEM ENVIRONMENTS
First Claim
1. A method, comprising:
- Creating, by a computing device, a virtual process associated with a target process;
Analyzing, by the computing device, the virtual process; and
Injecting, by the computing device, a first portion of code into the target process based at least on an outcome of the analyzing action.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods, and apparatuses are provided for code injection and code interception in an operating systems having multiple subsystem environments. Code injection into a target process can rely on generation of a virtual process that can permit analysis of information loaded in a memory image of the target process regardless of the host environment in which the target process is executed. Based at least on information collected via the analysis, code can be injected into the target process while preserving integrity of the target process. Code interception also can exploit the analysis for suitable hooking that preserves integrity of target process. Code interception can utilize relocatable tokenized code that can be parameterized through token replacement.
-
Citations
44 Claims
-
1. A method, comprising:
-
Creating, by a computing device, a virtual process associated with a target process; Analyzing, by the computing device, the virtual process; and Injecting, by the computing device, a first portion of code into the target process based at least on an outcome of the analyzing action. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
5. The method of claim 5, wherein the loading action comprises loading a dynamic link library of relocatable parameterized code.
-
23. An apparatus, comprising:
-
a memory having computer-executable instructions encoded thereon; and a processor functionally coupled to the memory and configured by the computer-executable instructions, to create a virtual process associated with a target process; to analyze the virtual process; and to injecting a first portion of code into the target process based at least on an outcome of the analyzing action. - View Dependent Claims (22, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
Specification