FIELD: information technology.
SUBSTANCE: method of checking an executable code before execution thereof involves determining memory page attribute values at the moment of selection thereof or modification of attributes; storing the memory page address with simultaneously established memory page attribute values associated with the permission to record and the permission to run the executable code; altering at least one of the memory page attributes associated with the permission to record or run the executable code; obtaining an exemption when accessing a memory page whose address was stored; determining attributes and the address of the memory page during access of which an exemption was made; checking the process flow whose access to the memory page caused the exemption, and/or the executable code recorded in the memory page during access of which an exemption was made.
EFFECT: detecting a program code exploiting vulnerabilities in software.
2 cl, 7 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| METHOD FOR CODE PERFORMANCE IN HYPERVISOR MODE | 2015 |
|
RU2609761C1 |
| SAFE AUTHENTICATION WITH LOGIN AND PASSWORD IN INTERNET NETWORK USING ADDITIONAL TWO-FACTOR AUTHENTICATION | 2016 |
|
RU2635276C1 |
| SYSTEM AND METHOD OF PROVIDING SAFETY OF ONLINE TRANSACTIONS | 2013 |
|
RU2587423C2 |
| FREE FROM BLOCKING FLOW TRANSFER OF DATA TO EXECUTED CODE | 2013 |
|
RU2639235C2 |
| VIRTUAL MACHINE MANAGER FACILITATED SELECTIVE CODE INTEGRITY ENFORCEMENT | 2014 |
|
RU2667713C2 |
| METHOD OF RECALL OF ORIGINAL FUNCTION AFTER ITS INTERCEPTION WITH SAVING OF STACK OF PARAMETERS | 2013 |
|
RU2546588C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
| SYSTEM AND METHOD FOR OPTIMISING EXECUTION OF ANTIVIRUS TASKS IN LOCAL AREA NETWORK | 2010 |
|
RU2453917C1 |
| METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
| SYSTEM AND METHOD OF ASSESSMENT OF HARMFULLNESS OF CODE EXECUTED IN ADDRESSING SPACE OF CONFIDENTIAL PROCESS | 2013 |
|
RU2531861C1 |
