×

Computer exploit detection using heap spray pattern matching

  • US 9,438,623 B1
  • Filed: 06/20/2014
  • Issued: 09/06/2016
  • Est. Priority Date: 06/06/2014
  • Status: Active Grant
First Claim
Patent Images

1. A computerized method, comprising:

  • determining whether an amount of memory allocated for an application exceeds a predetermined threshold;

    responsive to determining the amount of allocated memory exceeds the predetermined threshold, scanning a region of the allocated memory for a predefined number of a first pattern, wherein the predefined number appears in a contiguous manner, the region being less than an entirety of the allocated memory; and

    responsive to detecting at least the predefined number of the first pattern in the contiguous manner, scanning a remainder of the allocated memory for a sequence of a first No Operation (NOP) sled and potential shellcode, wherein the remainder of the allocated memory excludes a subset of the allocated memory a Read permission from the scanning of the region of the allocated memory for the predefined number of the first pattern, and the subset being less than an entirety of the allocated memory.

View all claims
  • 5 Assignments
Timeline View
Assignment View
    ×
    ×