Patent · US Active

Preserving DLL hooks

US12259967B2 · kind B2 · utility

0Cited by

193References

20Claims

0Family size

Assignee

SentinelOne, Inc. · US

Inventors

Anil Gupta · Chelmsford, US
Harinath Vishwanath Ramchetty · Kanchinakote, IN

Key dates

Filing date	Dec 28, 2023
Grant date	Mar 25, 2025
Priority date	—
Expiry date	Dec 28, 2043

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/577
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

DLL hooks are protected by mapping the starting address of the new executable to a sample of the former executable. Attempts to read the starting address are responded to with the sample of the former executable. Attempts to write to the starting address are responded to with confirmation of success without actually writing data. Debuggers are detected upon launch or by evaluating an operating system. A component executing in the kernel denies debugging privileges to prevent inspection and modification of DLL hooks.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.