Hooking of replacement and augmented API functions
First Claim
1. A computer-readable storage medium having computer-executable instructions for performing a method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
- receiving, by a second hooker component, a request from a first hooker component stored in unprotected memory to replace the API table with a replacement API table, the replacement API table having pointers to new functions, the second hooker component being stored in protected memory;
Validating, by the second hooker component, the request from the first hooker component;
sending, by the second hooker component, a copy of the API table to the first hooker component stored in the unprotected memory;
receiving in the protected memory, by the second hooker component, the replacement API table from the first hooker component; and
using, by the operating system, the replacement API table.
1 Assignment
0 Petitions
Accused Products
Abstract
Hooking replacement and augmented API functions is disclosed. In one embodiment, an alternative implementation of one or more API functions is hooked into the operating system through utilization of a replacement API table. The functions that have been replaced, augmented, or otherwise modified have entries in the table pointing to their new implementation. The entries for functions that have not been change continue to point to their existing implementation. A bit array is also disclosed to track desired messages, as compared to undesired messages, where each bit of the array corresponds to a type of message. The table can be variably sized, and can support nested and re-entrant calls.
12 Citations
20 Claims
-
1. A computer-readable storage medium having computer-executable instructions for performing a method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
-
receiving, by a second hooker component, a request from a first hooker component stored in unprotected memory to replace the API table with a replacement API table, the replacement API table having pointers to new functions, the second hooker component being stored in protected memory; Validating, by the second hooker component, the request from the first hooker component; sending, by the second hooker component, a copy of the API table to the first hooker component stored in the unprotected memory; receiving in the protected memory, by the second hooker component, the replacement API table from the first hooker component; and using, by the operating system, the replacement API table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium storage having computer-executable instructions for performing a method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
-
sending, by an application stored in unprotected memory on the computer, a request to register a replacement API table to the operating system for validation; receiving in the unprotected memory, by the application, a copy of the API table from the operating system; modifying the copy of the API table to create the replacement API table, the replacement API table having pointers to new functions; sending the replacement API table to the operating system for use when processing functions from the application; and storing the replacement API table in the protected memory of the computer. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A computer system comprising:
-
an operating system directing the operation of the computer system using an API table having pointers to existing functions; protected memory storing the API table, an operating system hooker component, and the existing functions; and unprotected memory storing an application configured to receive a copy of the API table and to modify the copy of the API table to create a replacement API table which has pointers to new functions stored in the unprotected memory; and wherein the operating system hooker component is operable to receive and validate a request from the application stored in the unprotected memory to replace in the protected memory the API table with the replacement API table and, in response to the request, the operating system hooker component is operable to receive the replacement API table from the application and to use the replacement API table to call the new functions stored in the unprotected memory. - View Dependent Claims (18, 19, 20)
-
Specification