×

METHODS OF DETECTION OF SOFTWARE EXPLOITATION

  • US 20150020198A1
  • Filed: 07/15/2013
  • Published: 01/15/2015
  • Est. Priority Date: 07/15/2013
  • Status: Active Grant
First Claim
Patent Images

1. A non-transitory computer-readable storage medium with an executable program stored thereon for detecting software exploitation, wherein the program instructs a processing element to perform the following steps:

  • gathering information about processes and threads executing on a computing device;

    monitoring instructions executed by a thread that is currently running; and

    performing the following steps if a function to create a process or a function to load a library is calledexamining a thread information block,determining whether an address included in a stack pointer of the thread is in a range of addresses for a stack specified by the thread information block,examining the contents of a plurality of memory addresses, anddetermining whether a first plurality of no-operation instructions is followed by shell code that is followed by a second plurality of no-operation instructions.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×