Hooking of replacement and augmented API functions
First Claim
1. A method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
- providing a first hooker component in unprotected memory and a second hooker component in protected memory, the first hooker component adapted to modify the API table to include one or more pointers to new functions;
receiving, by the second hooker component, a request from the first hooker component to replace the API table with a replacement API table, the replacement API table having pointers to new functions;
validating, by the second hooker component, the request;
sending, by the second hooker component, a copy of the API table to the first hooker component;
receiving, by the second hooker component, the replacement API table from the first hooker component; and
using, by the operating system, the replacement API table.
2 Assignments
0 Petitions
Accused Products
Abstract
Hooking replacement and augmented API functions is disclosed. In one embodiment, an alternative implementation of one or more API functions is hooked into the operating system through utilization of a replacement API table. The functions that have been replaced, augmented, or otherwise modified have entries in the table pointing to their new implementation. The entries for functions that have not been change continue to point to their existing implementation. A bit array is also disclosed to track desired messages, as compared to undesired messages, where each bit of the array corresponds to a type of message. The table can be variably sized, and can support nested and re-entrant calls.
38 Citations
9 Claims
-
1. A method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
-
providing a first hooker component in unprotected memory and a second hooker component in protected memory, the first hooker component adapted to modify the API table to include one or more pointers to new functions;
receiving, by the second hooker component, a request from the first hooker component to replace the API table with a replacement API table, the replacement API table having pointers to new functions;
validating, by the second hooker component, the request;
sending, by the second hooker component, a copy of the API table to the first hooker component;
receiving, by the second hooker component, the replacement API table from the first hooker component; and
using, by the operating system, the replacement API table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsBermudez, Gerardo, Stall, Jeffrey E., Shea, Gerald P.
-
Primary Examiner(s)An, Meng-Al T.
-
Assistant Examiner(s)Truong, LeChi
-
Application NumberUS09/605,272Time in Patent Office1,735 DaysField of Search719/328, 709/328US Class Current719/328CPC Class CodesG06F 9/4486 Formation of subprogram jum...
