Hooking of replacement and augmented API functions
1 Assignment
0 Petitions
Accused Products
Abstract
Hooking replacement and augmented API functions is disclosed. In one embodiment, an alternative implementation of one or more API functions is hooked into the operating system through utilization of a replacement API table. The functions that have been replaced, augmented, or otherwise modified have entries in the table pointing to their new implementation. The entries for functions that have not been change continue to point to their existing implementation. A bit array is also disclosed to track desired messages, as compared to undesired messages, where each bit of the array corresponds to a type of message. The table can be variably sized, and can support nested and re-entrant calls.
34 Citations
57 Claims
-
1-36. -36. (canceled)
-
37. A computer-readable medium having computer-executable instructions for performing a method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
-
receiving, by a second hooker component, a request from a first hooker component to replace the API table with a replacement API table, the replacement API table having pointers to new functions;
validating, by the second hooker component, the request;
sending, by the second hooker component, a copy of the API table to the first hooker component;
receiving, by the second hooker component, the replacement API table from the first hooker component; and
using, by the operating system, the replacement API table. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A computer-readable medium having computer-executable instructions for performing a method of adding new functions to an operating system on a computer, the operating system having an application programming interface (API) table stored in protected memory of the computer and the API table having pointers to existing functions also stored in protected memory of the computer, the method comprising:
-
sending, by an application on the computer, a request to register a replacement API table to the operating system;
receiving, by the application, a copy of the API table from the operating system;
modifying the copy of the API table to create the replacement API table, the replacement API table having pointers to new functions; and
sending the replacement API table to the operating system for use when processing functions from the application. - View Dependent Claims (47, 48, 49, 50, 51, 52)
-
-
53. A computer system comprising:
-
an operating system directing the operation of the computer system using an API table having pointers to existing functions;
protected memory storing the API table and the existing functions; and
unprotected memory; and
wherein the operating system includes an operating system hooker component operable to receive a request from an application in unprotected memory to replace the API table in protected memory with a replacement API table provided by the application and, in response to the request, receive the replacement API table from the application and use the replacement API table, wherein the replacement API table having pointers to at least one new function. - View Dependent Claims (54, 55, 56, 57)
-
Specification