Electrical computers and digital processing systems: interprogra – Dynamic linking – late binding
Reexamination Certificate
2000-02-07
2004-08-17
An, Meng-Al T. (Department: 2126)
Electrical computers and digital processing systems: interprogra
Dynamic linking, late binding
C719S332000
Reexamination Certificate
active
06779187
ABSTRACT:
FIELD OF INVENTION
This invention relates to computer operating systems. More specifically, it relates to a method and system for dynamic interception of exported function calls to dynamic link in a windowed operating system.
BACKGROUND OF THE INVENTION
Software applications, such as 32-bit applications (e.g., Win32) for windowed operating systems, such as Windows 95/98/NT, (hereinafter “Windows”) by Microsoft Corporation of Redmond, Wash., execute as separate processes that execute within their own address space. The Windows operation systems typically limit code that can execute within an address space to the code associated with a main executable module (e.g., “.EXE”) and Dynamic Link Library (“DLL”) modules loaded by a process associated with the main executable module. As is known in the art, a Dynamic Link Library provides a mechanism for linking applications to libraries of functions at run-time.
There are situations where it is desirable to intercept calls to functions that are exported by Dynamic Link Libraries. As is known in the art, when a function in a Dynamic Link Library is made available to an executable module (“EXE”) or another Dynamic Link Library, the function is “exported.” The interception of a function call can be used to monitor an application calling the function or alter the behavior of the application. For example, intercepting exported function calls from the Windows core operating system modules in a Dynamic Link Library can be used to identify or correct problems associated with an application running different computing platforms. Most Windows based applications gain access to module files, data files, registry settings, and other resources via functions exported by Dynamic Link Libraries. By intercepting exported function calls for Dynamic Link Libraries, a monitoring application can determine what resources are being used by a Windows based application. In addition, an interception function can also alter the behavior of specific functions or alter how an application performs.
Current interception techniques for Dynamic Link Libraries known in the art typically work by altering exported function address entries in an import table for specific functions. The exported function address entries are replaced with the address of an interception routine. The interception routine can record the intercepted function calls, alter the parameters of the function call and call the export function, or call a replacement function.
One problem with the interception techniques for Dynamic Link Libraries known the art is that the techniques are designed to work only for one specific target application. Such interception techniques typically use debugging functions from the Debugging Application Program Interface (“API”) provided with Windows to attach to a single application's address space to intercept exported Dynamic Link Library function calls.
Another problem is that the techniques are typically designed to perform only a single function such as Application Program Interface function call monitoring from a Dynamic Link Library. This limits the ability to support dynamic interception of multiple function calls for multiple purposes for multiple applications.
Another problem is that the techniques do not work on all processes, typically do not intercept calls to any exported Dynamic Link Library function from any non-operating system applications, or set-up interception logic before any application related logic is executed. This limits the type of applications that interceptions can be performed on.
Yet another problem is that the techniques do not provide the ability to execute multiple callback functions before an exported function from a Dynamic Link Library is called, execute multiple callback functions that replace an exported function or execute multiple callback functions after the exported function is called.
Thus, it is desirable to provide new interception techniques for exported functions from Dynamic Link Libraries. The new interception techniques should work with virtually any application used on Windows operating systems and provide a flexible way to intercept exported function calls for Dynamic Link Libraries.
SUMMARY OF THE INVENTION
In accordance with preferred embodiments of the present invention, some of the problems associated with intercepting exported function calls to dynamic link libraries in a windowed operating system are overcome. Methods and system for dynamically intercepting exported function calls to dynamic link libraries into a process in a windowed operating system are provided.
One aspect of the invention includes a method for preparing for dynamic interception of exported function calls for dynamic link libraries. This method includes loading an interception driver that determines if any function calls to any dynamic link libraries should be intercepted for applications that run on a windowed operating system.
Another aspect of the invention includes a method for allowing dynamically intercepting exported function calls for dynamic link libraries. This method includes loading an interception dynamic link library from an interception driver to intercept exported function calls for dynamic link libraries.
Another aspect of the invention includes a method for initializing dynamic interception of exported function calls for dynamic link libraries. This method includes locating import and export tables for an application and creating an interception table in an interception dynamic link library to intercept exported function calls for dynamic link libraries included in the import and export tables.
Another aspect of the invention includes a method for dynamic interception of exported functions call to a dynamic link libraries using a global interception function. The global information function allows one or more before-interception functions, replacement functions and after-interception functions called in a predetermined priority order to alter the behavior of an application based on an intercepted function call.
Another aspect of the invention includes a system for dynamic interception of exported function calls for dynamic link libraries. The system includes an interception driver, and interception dynamic link library, and interception table and a global interception function.
The methods and system of preferred embodiments of the present invention allow calls to exported functions in a dynamic link library on a windowed operating system to be dynamically intercepted. The methods and system may be used to determine what resources a process uses on a windowed operating system, alter the behavior of specific functions in order to alter how an application executes, or for other monitoring or debugging purposes. The methods and system described herein may also be used to intercept exported function calls for virtually any process on a windowed operating system such as Windows 95, Windows 98, Windows NT and others, and supports dynamic interception of multiple exported functions for multiple processes.
The foregoing and other features and advantages of preferred embodiments of the present invention will be more readily apparent from the following detailed description, which proceeds with references to the accompanying drawings.
REFERENCES:
patent: 5583761 (1996-12-01), Chou
patent: 5673315 (1997-09-01), Wolf
patent: 5812848 (1998-09-01), Cohen
patent: 5958010 (1999-09-01), Agarwal et al.
patent: 6141698 (2000-10-01), Krishnan et al.
patent: 6202199 (2001-03-01), Wygodny et al.
patent: 6463583 (2002-10-01), Hammond
patent: 6698016 (2004-02-01), Ghizzoni
patent: 0752647 (1997-01-01), None
patent: 9833106 (1998-07-01), None
Jeffrey Richter, “Breaking Through Process Boundary Walls”, Advanced Windows 3rd ed., Microsoft Press, pp. 899-969, 1997.
Hunt G. et al., “Detours: Binary Interception of Win32 Functions”, Tech. Rep. MSR-TR-98-33, Microsoft Research, Microsoft Corp., .research.microsoft.com/pub/tr/tr-98-33, pdf., pp. 1-9.
“DLLaGator Version 2.0 General Availability”, Chicago-Soft, Hanover, NH, Apr. 6, 1998, .chicagosoft
An Meng-Al T.
Gardner & Carton & Douglas LLP
Ho The Thanh
Novadigm, Inc.
LandOfFree
Method and system for dynamic interception of function calls... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for dynamic interception of function calls..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for dynamic interception of function calls... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3362167