Dynamic software wrapper
First Claim
Patent Images
1. In a distributed component object model server, a method for intercepting a non-exported function in an application software module, comprising:
- intercepting an operating system defined exported function to obtain a runtime class identifier for a class in which the non-exported function is defined;
locating the non-exported function; and
constructing interception code for the non-exported function;
wherein the non-exported function at least in part lacks compiler produced information in the application software module.
11 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed at the implementation of a dynamic wrapper for discovery of non-exported functions and subsequent method interception. A practical usage of dynamic wrappers is for security software packages to augment access controls applied to the wrapped modules. The invention permits interception of distributed component object model (DCOM) client initiated method calls at a DCOM server during runtime. The interceptor of the method call denies or grants access to the DCOM method to be executed. The actual logic to determine access permissions need not be part of the interceptor. The interceptor runs as part of the DCOM server. It contains logic to distinguish at runtime the identity of the principal associated with the DCOM client requesting the execution of the function call. The technique works with commercial-off-the-shelf (COTS) software and does not require modification of the application source code.
74 Citations
21 Claims
-
1. In a distributed component object model server, a method for intercepting a non-exported function in an application software module, comprising:
-
intercepting an operating system defined exported function to obtain a runtime class identifier for a class in which the non-exported function is defined;
locating the non-exported function; and
constructing interception code for the non-exported function;
wherein the non-exported function at least in part lacks compiler produced information in the application software module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
identifying an interface identifier for the non-exported function by searching the operating system registry using the class identifier; and
retrieving a memory location for the function by searching a table of pointers to functions in the operating system corresponding to a runtime object for the class identifier and the interface identifier.
-
-
11. The method of claim 1, comprising intercepting a plurality of non-exported functions in a plurality of application software modules, comprising the steps of:
-
intercepting an operating system defined exported function to obtain a plurality of runtime class identifiers for a plurality of classes in which the non-exported functions are defined;
locating the non-exported functions; and
constructing interception code for each non-exported function.
-
-
12. The method of claim 11, further comprising enforcing a plurality of access control policies by selectively granting access to a plurality of clients of the distributed component object model server to the plurality of non-exported functions by intercepting execution of the each of the plurality of non-exported functions by means of the interception code for each of the plurality of non-exported functions.
-
13. A system for intercepting a non-exported function in an application software module on a distributed component object model server comprising:
-
a distributed component object model server comprising a processor and an addressable memory unit for storing the non-exported function, and a registry for storing an identifier identifying the non-exported function;
an exported function stored in the memory unit, the exported function adopted to retrieve the identifier by scanning the registry;
a table for storing a memory address where the non-exported function is stored in the memory unit, the identifier further for identifying the memory address in the table; and
an interceptor software program for intercepting the exported function and for executing the exported function to retrieve the identifier from the registry, the interceptor software program further for locating the non-exported function in the memory unit by locating the memory address of the non-exported function in the table using the identifier, the interceptor software program further comprising interception code for intercepting the non-exported function;
wherein the non-exported function at least in part lacks compiler produced symbol information in the application software module. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A system for intercepting a non-exported function in an application software module on a distributed component object model server comprising:
-
a distributed component object model server comprising a processor and an addressable memory unit for storing the non-exported function, and a registry for storing an identifier identifying the non-exported function;
an exported function stored in the memory unit, the exported function adopted to retrieve the identifier by scanning the registry;
a table for storing a memory address where the non-exported function is stored in the memory unit, the identifier further for identifying the memory address in the table; and
an interceptor software program for intercepting the exported function and for executing the exported function to retrieve the identifier from the registry, the interceptor software program further for locating the non-exported function in the memory unit by locating the memory address of the non-exported function in the table using the identifier, the interceptor software program further comprising interception code for intercepting the non-exported function;
wherein the non-exported function at least in part lacks compiler produced symbol information in the application software module;
wherein the interceptor software program further comprises an access control subroutine for selectively granting access to the non-exported function to a client of the distributed component object model server;
wherein the memory unit is for storing a plurality of non-exported functions;
wherein the registry is for storing an identifier corresponding to each of a related group of non-exported functions;
wherein the table is for storing memory addresses for the related non-exported functions indexed by corresponding identifiers;
wherein the exported function is adopted to retrieve the corresponding identifiers for the non-exported functions from the registry;
wherein the interceptor software program is for executing the exported function to retrieve the identifiers, and for locating the corresponding non-exported functions in the memory unit by locating the corresponding memory addresses for the non-exported functions in the registry by locating the identifiers in the table, the interceptor software program further comprising interception code for intercepting the corresponding non-exported functions.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsHollingworth, Dennis, Chieu, David Pai-wei
-
Primary Examiner(s)Oberley, Alvin
-
Assistant Examiner(s)ZHEN, LI B
-
Application NumberUS09/464,375Time in Patent Office1,294 DaysField of Search709/316, 709/310, 709/313US Class Current719/313CPC Class CodesG06F 21/53 by executing in a restricte...G06F 21/54 by adding security routines...G06F 2221/2141 Access rights, e.g. capabil...G06F 9/468 Specific access rights for ...
