FIELD: information security.
SUBSTANCE: invention relates to information security. Disclosed is at least one computer readable storage medium containing one or more instructions, which, when executed by at least one processor, cause: identification of code areas in the extended page table, which includes pages of the sensitive code of the application programming interface (API) to be monitored; probing and blocking code pages that include identified areas of code, and re-mapping said code pages as soon as the extended page table being executed in an alternative form; detection of page loading, and page loading refers to a page that does not include the proper API entry point; definition, based on a page load detection related to a page that does not include the proper API entry point, from the extended page table, whether the page referred to is to be tracked; and generation, based on the definition that the page is to be monitored, the failure of execution.
EFFECT: technical result is to protect the sensitive code from attempted execution with an improper API entry point without undue cost.
19 cl, 13 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| SYSTEM AND METHOD FOR AUTOMATIC PROCESSING OF SOFTWARE SYSTEM ERRORS | 2012 |
|
RU2521265C2 |
| PROGRAMMING INTERFACE FOR COMPUTING PLATFORM | 2004 |
|
RU2365978C2 |
| METHOD OF COMMUNICATION TRANSMISSION BETWEEN ADDRESS SPACES | 2016 |
|
RU2634172C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE | 2016 |
|
RU2637997C1 |
| METHOD OF IMPLEMENTATING INSTRUCTIONS IN SYSTEMIC MEMORY | 2016 |
|
RU2623883C1 |
| METHOD FOR TRANSFER OF CONTROL BETWEEN MEMORY AREAS | 2014 |
|
RU2580016C1 |
| DEBUGGING NATIVE CODE BY TRANSITIONING FROM EXECUTION IN NATIVE MODE TO EXECUTION IN INTERPRETED MODE | 2014 |
|
RU2668973C2 |
| AUTHENTICITY DISPLAY FROM HIGHLY RELIABLE MEDIUM TO NON-SECURE MEDIUM | 2004 |
|
RU2390836C2 |
| CLOUD SERVICE SECURITY BROKER AND PROXY | 2014 |
|
RU2679549C2 |
| EMULATOR AND METHOD FOR EMULATION | 2020 |
|
RU2757409C1 |
