System to bypass a compromised mass storage device driver stack and method thereof
First Claim
Patent Images
1. A method to circumvent malicious software in a computing device, the method comprising the steps of:
- identifying a dump port driver having a function;
transmitting at least one command configured to obtain information related to a physical hardware device, the physical hardware device (i) in communication with the computing device and (ii) configured to execute an I/O command;
exploiting data from an information leak to (i) locate a dump port device extension and (ii) initialize a memory space; and
causing the function to be executed for transmission of the I/O command to the physical hardware device.
8 Assignments
0 Petitions
Accused Products
Abstract
A method to circumvent malicious software via a system configured to bypass a device driver stack and, consequently, also bypass the malicious software that may be adversely affecting the device driver stack by using an alternative stack such as a crash dump I/O stack. The crash dump I/O stack is poorly documented relative to the device driver stack and functions independently from the device driver stack.
174 Citations
27 Claims
-
1. A method to circumvent malicious software in a computing device, the method comprising the steps of:
-
identifying a dump port driver having a function; transmitting at least one command configured to obtain information related to a physical hardware device, the physical hardware device (i) in communication with the computing device and (ii) configured to execute an I/O command; exploiting data from an information leak to (i) locate a dump port device extension and (ii) initialize a memory space; and causing the function to be executed for transmission of the I/O command to the physical hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method to circumvent malicious software in a computing device via a physical hardware device linked to a computing device, the method comprising:
-
identifying a dump port driver; getting boot device information to enable transmission of an I/O command to a boot device; determining an entry point for a function for transmitting the command to the physical hardware device; exploiting data from an information leak to (i) locate a dump port device extension and (ii) initialize a memory space; and causing the function to be executed for transmission of the command to the physical hardware device. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system to command a physical hardware device in communication with a computing device, the system comprising:
-
a bypass command driver configured to identify a dump port driver, obtain boot device information, find a function, locate a dump port device extension and initialize a memory space, and call the function, the dump port driver in communication with the bypass command driver; a computer program comprising the function, the function configured to transmit a command to the physical hardware device; a mini port driver in communication with the dump port driver; a bus driver in communication with the mini port driver and the dump port driver; a hardware bus in communication with the bus driver; and a physical hardware device in communication with the hardware bus, wherein, the bypass command driver is configured to locate the dump port device extension using data obtained from an information leak. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A method to circumvent malicious software in a computing device, the method comprising the steps of:
-
identifying a dump port driver having a function; transmitting at least one command configured to obtain information related to a physical hardware device, the physical hardware device (i) in communication with the computing device and (ii) configured to execute an I/O command; locating a dump port device extension using an information leak; and causing the function to be executed for transmission of the I/O command to the physical hardware device, wherein, the information leak is data from an internal source that is unintentionally exposed to an external source.
-
Specification