×

Method of and system for malicious software detection using critical address space protection

  • US 8,515,075 B1
  • Filed: 01/29/2009
  • Issued: 08/20/2013
  • Est. Priority Date: 01/31/2008
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • identifying particular code executing on a computer system and attempting to access a particular predetermined memory address of the computer system, wherein the predetermined memory address is associated with known access attempts by malicious code;

    determining, based on identifying that the particular code attempts to access the particular predetermined memory address, that the particular code executes from writable memory space of the computer system while attempting to access the particular predetermined memory address;

    identifying the particular code as malicious based, at least in part, on determination that the particular code attempts to access the particular predetermined memory address and executes from the writable memory space of the computer system, wherein an exception is to be generated that invokes an exception handler based at least in part on identifying the particular code as malicious;

    generating an indicator to identify that the particular code was identified as malicious;

    temporarily configuring the computer system to allow single stepping of the particular code following the exception; and

    causing single stepping of the particular code.

View all claims
  • 11 Assignments
Timeline View
Assignment View
    ×
    ×