Patent · US Active

Preserving DLL hooks

US11899782B1 · kind B1 · utility

0Cited by

171References

18Claims

0Family size

Assignee

SentinelOne, Inc. · US

Inventors

Anil Gupta · Chelmsford, US
Harinath Vishwanath Ramchetty · Kanchinakote, IN

Key dates

Filing date	Jul 13, 2021
Grant date	Feb 13, 2024
Priority date	—
Expiry date	Feb 28, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/577
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.