Patent · US Active

Systems and methods for validating executable file integrity using partial image hashes

US7577848B2 · kind B2 · utility

59Cited by

5References

17Claims

0Family size

Assignee

Microsoft Corporation · US

Inventors

Jonathan Schwartz · Seattle, US
Yu Lin Sie · Bellevue, US
Philip J. Hallin · Port Townsend, US

Key dates

Filing date	Jan 18, 2005
Grant date	Aug 18, 2009
Priority date	—
Expiry date	Jul 6, 2027

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/64
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into memory for execution, a validation hash of the portion is computed. The validation hash is compared to a partial hash of the multiple partial image hashes to determine code integrity of the portion. The partial hash represents a same code segment as the portion.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.