×

Detecting and preventing malcode execution

  • US 7,971,255 B1
  • Filed: 07/14/2005
  • Issued: 06/28/2011
  • Est. Priority Date: 07/15/2004
  • Status: Expired due to Fees
First Claim
Patent Images

1. A monitoring system for detecting and halting execution of malicious code, the system comprising:

  • a processor that includes a kernel-based system call interposition mechanism and a standard library function interception mechanism, wherein the processor;

    creates an alternative wrapper function that corresponds to one of a plurality of library functions in program code of an application, wherein the alternative wrapper function is interposed between the application and the plurality of library functions;

    uses the alternative wrapper function to intercept a system call request from the application to a library function, verify whether return addresses associated with one or more intermediate functions associated with the system call request are located in write protected memory regions and verify a preceding instruction in the write protected memory region, and transmit a verification indication to an operating system kernel executing the system call request; and

    uses the operating system kernel to execute the system call request based at least in part on the verification indication.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×