Safe memory scanning

Information security – Monitoring or scanning of software or data including attack... – Vulnerability assessment

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C726S022000, C726S023000, C726S024000, C713S165000, C713S167000, C713S188000

Reexamination Certificate

active

10371945

ABSTRACT:
A kernel mode memory scanning driver for use in safely scanning loaded drivers in the memory of computer systems utilizing Windows® NT based operating systems, such as Windows® 2000, Windows® XP, and other operating systems utilizing the Windows® NT kernel base, for viruses. Prior to scanning the loaded drivers for viruses, the kernel mode memory scanning driver hooks a driver unload function of the operating system, and stalls any calls to the driver unload function to prevent the loaded drivers from being unloaded during scanning. After scanning is complete, any stalled calls to the driver unload function are released. In one embodiment, the kernel mode memory scanning driver is implemented as a Windows® NT 4.0 kernel mode memory scanning driver, and thus can be used on computer systems utilizing Windows® 2000 or Windows® NT without platform specific code.

REFERENCES:
patent: 5274819 (1993-12-01), Blomfield-Brown
patent: 5361359 (1994-11-01), Tajalli et al.
patent: 5398196 (1995-03-01), Chambers
patent: 5822517 (1998-10-01), Dotan
patent: 7028305 (2006-04-01), Schaefer
patent: 7085928 (2006-08-01), Schmid et al.
Danseglio, D., ‘Why rootkits mean you must nuke your machine’, CNET Networks, 2005, entire document, http://www.zdnet.co.uk/misc/print/0,1000000169,39237277-39001093c,00.htm.
Finnegan, J., ‘Pop Open a Privileged Set of APIs with Windows NT Kernel Mode Drivers’, Microsoft Corp., Microsoft Systems Journal, Mar. 1998, entire article, http://www.microsoft.com/MSJ/0398/driver.aspx.
Szor, P., “Attacks on WIN32”, Virus Bulletin Conference, Oct. 1998, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 57-84.
Szor, P., “Memory Scanning Under Windows NT”, Virus Bulletin Conference, Sep. 1999, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-22.
Szor, P., “Attacks on WIN32-Part II”, Virus Bulletin Conference, Sep. 2000, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 47-68.
Chien, E. and Szor, P., “Blended Attacks Exploits, Vulnerabilities and Buffer-Overflow Techniques In Computer Viruses”, Virus Bulletin Conference, Sep. 2002, Virus Bulletin Ltd., The Pentagon, Abingdon, Oxfordshire, England, pp. 1-36.
Buysse, J., “Virtual Memory: Window NT® Implementation”, pp. 1-15 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://people.msoe.edu/˜barnicks/courses/cs384/papers19992000/buyssej-Term.pdf>.
Dabak, P., Borate, M. and Phadke, S., “Hooking Windows NT System Services”, pp. 1-8 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.windowsitlibrary.com/Content/356/06/2.html>.
Fedotov, A., “Paging Files Sample”, Alex Fedotov.com, pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.alexfedotov.com/samples/pagefile.asp>.
“How Entercept Protects: System Call Interception”pp. 1-2 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/kernelmode.asp>. No author provided.
“How Entercept Protects: System Call Interception”, p. 1 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.entercept.com/products/technology/interception.asp>. No author provided.
Kath, R., “The Virtual-Memory Manager in Windows NT”, pp. 1-11 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://msdn.microsoft.com/library/en-us/dngenlib/html/msdn—ntvmm.asp?frame=true>.
Szor, P. and Kaspersky, E., “The Evolution of 32-Bit Windows Viruses”, Windows & .NET Magazine, pp. 1-4 [online]. Retrieved on Apr. 16, 2003. Retrieved from the Internet:<URL:http://www.winnetmag.com/Articles/Print.cfm?ArticleID=8773>.

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Safe memory scanning does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Safe memory scanning, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Safe memory scanning will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-3789427

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.