Patent · US Active

Method of and system for malicious software detection using critical address space protection

US8515075B1 · kind B1 · utility

57Cited by

99References

22Claims

0Family size

Assignee

McAfee, LLC · US

Inventors

Suman Saraf · Barwala, IN
Sharad Agrawal · Barwala, IN
Pankaj Kumar · Barwala, IN

Key dates

Filing date	Jan 29, 2009
Grant date	Aug 20, 2013
Priority date	—
Expiry date	Mar 14, 2030

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method of identifying malicious code based on identifying software executing out of writable memory of the computer system. In one embodiment, the identification of the malicious code occurs when the code accesses a predetermined memory address. This address can reside in the address space of an application, a library, or an operating system component. In one embodiment, the access to the predetermined address generates an exception invoking exception handling code. The exception handling code checks the memory attributes of the code that caused the exception and determines whether the code was running in writeable memory.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.