Electrical computers and digital processing systems: interprogra – Interprogram communication using message
Reexamination Certificate
1998-06-13
2004-04-27
Follansbee, John (Department: 2126)
Electrical computers and digital processing systems: interprogra
Interprogram communication using message
C719S312000, C719S328000, C718S100000, C707S793000
Reexamination Certificate
active
06728964
ABSTRACT:
BACKGROUND
This invention relates generally to monitoring functions useful with the Windows® 16 bit operating platform.
In a number of program monitoring applications, including scanning for viruses, it is important to prevent file execution prior to the monitoring operation. Other examples of monitoring include metering, protecting access and the like.
U.S. Pat. No. 5,257,381 to Cook teaches the use of an interceptor function for intercepting calls to global functions. Global functions could include file manipulation functions, such as open file. After interception, the interception function calls a monitoring function, such as a virus checker.
A variety of virus detectors exist which have various deficiencies. For example, some virus detectors are not adaptable to the Windows® 16 bit operating platforms. Systems which use virtual device drivers (VxDs) are effective in Windows 95® applications but may be subject to deficiencies when applied to other platforms. For example, the VxD virus detectors may require two copies of the virus checker to be stored. This is because the virus checker and the VxD may operate in different address spaces. As a result, a large amount of memory may be taken up by the two copies of the virus scan engine. In addition, some of these virus checkers may only allow re-booting of the system when a virus is detected.
One desirable attribute in certain monitoring functions is that they be foolproof. By foolproof it is intended to refer to the ability of the software to prevent access by another file that may otherwise bypass the monitoring function. A program would not be a foolproof monitoring function where it allows another file to be opened without monitoring, which might include scanning for viruses in particular applications. When other open calls can get through without being hooked and monitored, it is possible that viruses could infect a given system, causing adverse consequences.
Thus, there is a continuing need for a foolproof monitoring function which does not require duplicate copies of the monitoring function and which is applicable to the Windows® 16 bit operating platform.
SUMMARY
In accordance with one aspect, a method of monitoring that is useful in Windows® 16-bit applications includes obtaining the address of an open file routine. The code at that location is compared to expected code. Control is transferred to an interceptor function when an attempt to open a file is detected.
REFERENCES:
patent: 5257381 (1993-10-01), Cook
patent: 5491808 (1996-02-01), Geist, Jr.
patent: 5696702 (1997-12-01), Skinner et al.
patent: 5701463 (1997-12-01), Malcolm
patent: 5740370 (1998-04-01), Battersby et al.
patent: 5956481 (1999-09-01), Walsh et al.
patent: 5956507 (1999-09-01), Shearer et al.
patent: 6081664 (2000-06-01), Nowlin, Jr.
patent: 6272519 (2001-08-01), Shearer et al.
patent: 2002/0033838 (2002-03-01), Krueger et al.
Cowart, Robert. “Mastering Windows 3.1 Special Edition.” SYBEX Inc. 1993.*
Chambers et al., “Typecheckin and Modules for Multi-Methods” Oct. 1994, OOPSLA/ACM, pp. 1-15.*
Bohannon et al., “Recoverable User-Level Mutual Exclusion” Dec. 1995, IEEE, pp. 293-301.
Bullock, Jr. Lewis A.
Follansbee John
Intel Corporation
Trop Pruner & Hu P.C.
LandOfFree
Monitoring function does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Monitoring function, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Monitoring function will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3235122