DETECTION OF MALICIOUS INVOCATION OF APPLICATION PROGRAM INTERFACE CALLS
First Claim
Patent Images
1. At least one computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the process to:
- receive an application program interface (API) call at a kernel driver;
extract metadata from the API call;
determine that the API call should be hooked based on the extracted metadata; and
hook the API call.
11 Assignments
0 Petitions
Accused Products
Abstract
Particular embodiments described herein provide for an electronic device that includes a binder kernel driver. The binder kernel driver can be configured to receive an application program interface (API) call, extract metadata from the API call, determine that the API call should be hooked based on the extracted metadata, and hook the API call.
-
Citations
25 Claims
-
1. At least one computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the process to:
-
receive an application program interface (API) call at a kernel driver; extract metadata from the API call; determine that the API call should be hooked based on the extracted metadata; and hook the API call. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus comprising:
a kernel driver, wherein the kernel driver is configured to; receive an application program interface (API) call; extract metadata from the API call; determine that the API call should be hooked based on the extracted metadata; and hook the API call. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
17. A method comprising:
-
receiving an application program interface (API) call at a kernel driver; extracting metadata from the API call; determining that the API call should be hooked based on the extracted metadata; and hooking the API call. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A system for detecting and mitigating malicious invocation of sensitive code, the system comprising:
a binder kernel driver, wherein the binder kernel driver is configured to; receive an application program interface (API) call; extract metadata from the API call; determine that the API call should be hooked based on the extracted metadata; and hook the API call. - View Dependent Claims (25)
Specification