Detection of malicious code in non-paged pool unused pages
US7797747B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Feb 21, 2006 |
| Grant date | Sep 14, 2010 |
| Priority date | — |
| Expiry date | Jul 17, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F12/145
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Subsets of non-paged pool unused pages entries are flushed from a translation lookaside buffer (TLB). An attempt to access malicious code within a not present page within the non-paged pool unused pages is made, e.g., by malicious code. The attempt to access the page generates a page fault, which is detected. The page is scanned for malicious code and a determination is made that the page contains malicious code. Protective action is taken to protect a host computer system from the malicious code. Accordingly, malicious code in a page marked not present, i.e., in a page that ordinarily would not be scanned for malicious code, is detected and defeated.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.