Application program interface interception system and method
First Claim
1. In a computer system running an operating system platform, a method comprising:
- hooking at least one application program interface (API) routine; and
replacing hooked API routine code with different code;
wherein the replacing the hooked API routine code with different code, further comprises;
storing an API routine address associated with a re-direction of flow of execution;
wherein enhanced privileges relating to memory space associated with the API routine are enabled;
wherein the method is adapted for preventing intrusions.
8 Assignments
0 Petitions
Accused Products
Abstract
A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines'"'"' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module. A user-supplied code in a post-entry module of the API interception module might filter or change the return values of the API.
-
Citations
18 Claims
-
1. In a computer system running an operating system platform, a method comprising:
-
hooking at least one application program interface (API) routine; and replacing hooked API routine code with different code; wherein the replacing the hooked API routine code with different code, further comprises; storing an API routine address associated with a re-direction of flow of execution; wherein enhanced privileges relating to memory space associated with the API routine are enabled; wherein the method is adapted for preventing intrusions. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product embodied on a computer readable medium, comprising:
-
computer code for hooking at least one application program interface (API) routine; and computer code for replacing hooked API routine code with different code; wherein the replacing the hooked API routine code with different code, further comprises; storing an API routine address associated with a re-direction of flow of execution; wherein enhanced privileges relating to memory space associated with the API routine are enabled; wherein the method is adapted for preventing intrusions. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system, comprising:
-
logic for hooking at least one application program interface (API) routine; and logic for replacing hooked API routine code with different code; wherein the replacing the hooked API routine code with different code, further comprises; storing an API routine address associated with a re-direction of flow of execution; wherein enhanced privileges relating to memory space associated with the API routine are enabled; wherein the method is adapted for preventing intrusions. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification