Code module operating system (OS) interactions intercepting...

Information security – Monitoring or scanning of software or data including attack... – Intrusion detection

Reexamination Certificate

Rate now

[ 0.00 ] – not rated yet Voters 0 Comments 0

Details Code module operating system (OS) interactions intercepting... Code module operating system (OS) interactions intercepting...

: 2008-03-06
: 2011-11-22
: Vu, Kim (Department: 2435)
: Information security
: Monitoring or scanning of software or data including attack...
: Intrusion detection

: C726S022000, C713S164000
: Reexamination Certificate
: active
: 08065734
: ABSTRACT:
A method includes creating an intercept function for a tracked Dynamic Link Library (DLL) function of a Dynamic Link Library (DLL) being loaded into a suspicious module. Further, the import address table entry for the tracked DLL function is replaced with the respective address of the intercept function. In this manner, a call from the suspicious module to the tracked DLL function is intercepted by the intercept function. The suspicious module is associated with the thread presently executing and the call is passed to the tracked DLL function. Accordingly, any actions associated with the thread are attributed to the suspicious module instead of to a process containing the suspicious module.

REFERENCES:
patent: 2003/0021282 (2003-01-01), Hospodor
patent: 2003/0191969 (2003-10-01), Katsikas
patent: 2004/0015712 (2004-01-01), Szor
patent: 2005/0149726 (2005-07-01), Joshi et al.
patent: 2005/0198645 (2005-09-01), Marr et al.
patent: 2007/0136728 (2007-06-01), Saito
“Understanding the Import Address Table”, pp. 1-6 [online] . Retrieved on Feb. 26, 2008 from the Internet: <URL:http://sandsprite.com/CodeStuff/Understanding—imports.html>. No author provided.
“Dynamic-link library”, pp. 1-9 [online]. Retrieved on Feb. 27, 2008 from the Internet: <URL:http://en.wikipedia.org/wiki/Dynamic-link—library>. No author provided.
Kennedy et al., “Direct Call into System DLL Detection System and Method”, U.S. Appl. No. 12/163,747, filed Jun. 27, 2008.

Affiliated with

Kennedy Mark

Inventor

[ 0.00 ] – not rated yet Voters 0 Comments 0

Also associated with

Gunnison McKay & Hodgson, L.L.P.

Law Firm

[ 0.00 ] – not rated yet Voters 0 Comments 0

Hodgson Serge J.

Attorney

[ 0.00 ] – not rated yet Voters 0 Comments 0

Paliwal Yogesh

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

Symantec Corporation

Corporate Assignee

[ 0.00 ] – not rated yet Voters 0 Comments 0

Vu Kim

Examiner

[ 0.00 ] – not rated yet Voters 0 Comments 0

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Code module operating system (OS) interactions intercepting... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Code module operating system (OS) interactions intercepting..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Code module operating system (OS) interactions intercepting... will most certainly appreciate the feedback.

Rate now

Comments { 0 }

Profile ID: LFUS-PAI-O-4310434

All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.

Canada

Charities
Companies
MP Candidates
Patents
Employee Salary Disclosure

World

Places of the World
Scientific Papers

United States

Banks
Companies
Counties
Patents
Employee Salary Disclosure