Enforcing the execution exception to prevent packers from evading the scanning of dynamically created code
US8510828B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 31, 2007 |
| Grant date | Aug 13, 2013 |
| Priority date | — |
| Expiry date | Nov 6, 2031 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
To detect possible malicious code that is unpacked at runtime before it is executed, antivirus software requires that any dynamically created code be scanned before it can be executed by a host computer system. This requirement may be enforced by requiring memory pages to be either executable or writable, but not both. Before changing from writable but not executable to executable but not writable, the page is scanned for malicious code. To prevent packers from evading this scanning, the software may enforce the execution exception to prevent packers from changing whether a page is executable and thereby evading the scanning of dynamically created code. The software may also include exception handlers to allow a program to write to a page that contains the code being executed, but also limit such an operation (e.g., to a single step) to avoid evasion of the antivirus software.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.