System, method and computer program product for inserting an emulation layer in association with a COM server DLL
First Claim
Patent Images
1. A method, comprising:
- identifying a COM server dynamic link library;
inserting an emulation layer in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library, utilizing a processor, wherein it is ascertained that there is no running application thread with a thread-function residing within the COM server dynamic link library prior to inserting the emulation layer;
identifying, utilizing the emulation layer, at least one infected COM server dynamic link library; and
in response to the identifying the at least one infected COM server dynamic link library;
retrieving an identifier associated with an application thread that loaded, prior to the inserting the emulation layer, the at least one infected COM server dynamic link library; and
freeing, utilizing the emulation layer, the at least one infected COM server dynamic link library from memory based on the identifier.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided. In use, a COM server dynamic link library is identified. Further, an emulation layer is inserted in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library. As an option, it may be determined whether the COM server DLL is loaded, and the emulation layer may be inserted in response to the determination.
14 Citations
20 Claims
-
1. A method, comprising:
-
identifying a COM server dynamic link library; inserting an emulation layer in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library, utilizing a processor, wherein it is ascertained that there is no running application thread with a thread-function residing within the COM server dynamic link library prior to inserting the emulation layer; identifying, utilizing the emulation layer, at least one infected COM server dynamic link library; and in response to the identifying the at least one infected COM server dynamic link library; retrieving an identifier associated with an application thread that loaded, prior to the inserting the emulation layer, the at least one infected COM server dynamic link library; and freeing, utilizing the emulation layer, the at least one infected COM server dynamic link library from memory based on the identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19)
-
-
10. A computer program product embodied on a tangible non-transitory computer readable medium, comprising:
-
computer code for identifying a COM server dynamic link library; computer code for inserting an emulation layer in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library, wherein it is ascertained that there is no running application thread with a thread-function residing within the COM server dynamic link library prior to inserting the emulation layer; computer code for identifying, utilizing the emulation layer, at least one infected COM server dynamic link library; and computer code for, in response to the identifying the at least one infected COM server dynamic link library; and retrieving an identifier associated with an application thread that loaded, prior to the inserting the emulation layer, the at least one infected COM server dynamic link library; and freeing, utilizing the emulation layer, the at least one infected COM server dynamic link library from memory based on the identifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a processor for identifying a COM server dynamic link library, inserting an emulation layer in association with the COM server dynamic link library to emulate interfaces exported by the COM server dynamic link library, wherein it is ascertained that there is no running application thread with a thread-function residing within the COM server dynamic link library prior to inserting the emulation layer; identifying, utilizing the emulation layer, at least one infected COM server dynamic link library; and in response to the identifying the at least one infected COM server dynamic link library; retrieving an identifier associated with an application thread that loaded, prior to the inserting the emulation layer, the at least one infected COM server dynamic link library; and freeing, utilizing the emulation layer, the at least one infected COM server dynamic link library from memory based on the identifier. - View Dependent Claims (20)
-
Specification