Piracy prevention using unique module translation

US 7,603,552 B1
Filed: 05/04/2005
Issued: 10/13/2009
Est. Priority Date: 05/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing solidified software in a computing environment, comprising:

(a) creating a new reference for at least one function in a function table;

(b) copying an address of the at least one function and associating the address with the new reference;

(c) replacing the address associated with an old reference of the at least one function with a dummy address; and

(d) substituting each old reference in normal code with the new reference, wherein injected code is not able to execute in the computing environment.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

100 Citations

View as Search Results

26 Claims

1. A method for providing solidified software in a computing environment, comprising:
- (a) creating a new reference for at least one function in a function table;
  
  (b) copying an address of the at least one function and associating the address with the new reference;
  
  (c) replacing the address associated with an old reference of the at least one function with a dummy address; and
  
  (d) substituting each old reference in normal code with the new reference, wherein injected code is not able to execute in the computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the normal code comprises a set of instructions for execution on a computer that has been determined to have authorization to be install and execute in the computing environment.
  - 3. The method of claim 1, wherein the injected code comprises a set of instructions attempting to access the computing environment that has not been determined to have authorization to be installed or be executed in the computing environment.
  - 4. The method of claim 1, further comprising:
    - (e) randomizing entries for a plurality of functions with new references in the function table.
  - 5. The method of claim 4, wherein the randomizing (e) comprises:
    - (e1) reordering the entries.
  - 6. The method of claim 4, wherein the randomizing (e) comprises:
    - (e1) providing an intermediate mapping for the entries.
  - 7. The method of claim 4, wherein the randomizing (e) comprises:
    - (e1) providing non-operating entries into the function table.
  - 8. The method of claim 1, wherein the reference comprises one or more of the group consisting of:
    - a name;
      
      a number;
      
      an address; and
      
      a place in a data structure.

9. A method for providing solidified software in a computing environment, comprising:
- (a) creating a new reference for at least one function in a function table, wherein code for the at least one function is at a first storage location;
  
  (b) copying the code and placing the code in a second storage location and associating an address of the copied code with the new reference;
  
  (c) replacing the code at the first storage location with dummy code; and
  
  (d) substituting each reference of the at least one function in normal code with the new reference, wherein injected code is not able to execute in the computing environment.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein the normal code comprises a set of instructions for execution on a computer that has been determined to have authorization to be install and execute in the computing environment.
  - 11. The method of claim 9, wherein the injected code comprises a set of instructions attempting to access the computing environment that has not been determined to have authorization to be installed or be executed in the computing environment.
  - 12. The method of claim 9, further comprising:
    - (e) randomizing the copied code, such that a pattern of the randomized code does not match a pattern of the copied code, wherein the randomized code is semantically invariant from the copied code.
  - 13. The method of claim 12, wherein the randomizing (e) comprises:
    - (e1) inserting dummy code.
  - 14. The method of claim 12, wherein the randomizing (e) comprises:
    - (e1) utilizing a reverse peephole technique.
  - 15. The method of claim 12, wherein the randomizing (e) comprises:
    - (e1) interleaving non-operative instructions into the copied code.
  - 16. The method of claim 12, wherein the randomizing (e) comprises:
    - (e1) varying a size of the copied code.
  - 17. The method of claim 9, wherein the reference comprises one or more of the group consisting of:
    - a name;
      
      a number;
      
      an address; and
      
      a place in a data structure.

18. A method for providing solidified software in a computing environment, comprising:
- (a) creating a new reference for at least one function in a function table, wherein code for the at least one function is at a first storage location;
  
  (b) copying a first portion of the code for the at least one function and placing the copied code at a second storage location;
  
  (c) associating an address of the copied code with the new reference, wherein an end of the copied code references an address of a second portion of the code for the at least one function at the first storage location;
  
  (d) replacing the first portion of the code at the first storage location with dummy code; and
  
  (e) substituting each reference of the function in normal code with the new reference, wherein injected code is not able to execute in the computing environment.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method of claim 18, wherein the normal code comprises a set of instructions for execution on a computer that has been determined to have authorization to be install and execute in the computing environment.
  - 20. The method of claim 18, wherein the injected code comprises a set of instructions attempting to access the computing environment that has not been determined to have authorization to be installed or be executed in the computing environment.
  - 21. The method of claim 18, further comprising:
    - (e) randomizing the copied code, such that a pattern of the randomized code does not match a pattern of the copied code, wherein the randomized code is semantically invariant from the copied code.
  - 22. The method of claim 21, wherein the randomizing (e) comprises:
    - (e1) inserting dummy code.
  - 23. The method of claim 21, wherein the randomizing (e) comprises:
    - (e1) utilizing a reverse peephole technique.
  - 24. The method of claim 21, wherein the randomizing (e) comprises:
    - (e1) interleaving non-operative instructions into the copied code.
  - 25. The method of claim 21, wherein the randomizing (e) comprises:
    - (e1) varying a size of the copied code.
  - 26. The method of claim 18, wherein the reference comprises one or more of the group consisting of:
    - a name;
      
      a number;
      
      an address; and
      
      a place in a data structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sebes, E. John, Naik, Dilip, Bhargava, Rishi
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US11/122,872
Time in Patent Office

1,623 Days
Field of Search

726/26
US Class Current

713/164
CPC Class Codes

G06F 21/125 by manipulating the program...

Piracy prevention using unique module translation

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Piracy prevention using unique module translation

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links