Import address table verification
The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Brender, Scott A Lafornara, Philip J Marr, Michael David Oliver, Robert Ian |
| description | The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred). |
| format | Patent |
| fullrecord | <record><control><sourceid>uspatents_EFH</sourceid><recordid>TN_cdi_uspatents_grants_07739516</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>07739516</sourcerecordid><originalsourceid>FETCH-uspatents_grants_077395163</originalsourceid><addsrcrecordid>eNrjZFD0zC3ILypRSExJKUotLlYoSUzKSVUoSy3KTMtMTizJzM_jYWBNS8wpTuWF0twMCm6uIc4euqXFBYklqXklxfHpRYkgysDc3NjS1NDMmAglAHfwJs4</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Import address table verification</title><source>USPTO Issued Patents</source><creator>Brender, Scott A ; Lafornara, Philip J ; Marr, Michael David ; Oliver, Robert Ian</creator><creatorcontrib>Brender, Scott A ; Lafornara, Philip J ; Marr, Michael David ; Oliver, Robert Ian ; Microsoft Corporation</creatorcontrib><description>The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).</description><language>eng</language><creationdate>2010</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7739516$$EPDF$$P50$$Guspatents$$Hfree_for_read</linktopdf><link.rule.ids>230,308,776,798,881,64012</link.rule.ids><linktorsrc>$$Uhttps://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7739516$$EView_record_in_USPTO$$FView_record_in_$$GUSPTO$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Brender, Scott A</creatorcontrib><creatorcontrib>Lafornara, Philip J</creatorcontrib><creatorcontrib>Marr, Michael David</creatorcontrib><creatorcontrib>Oliver, Robert Ian</creatorcontrib><creatorcontrib>Microsoft Corporation</creatorcontrib><title>Import address table verification</title><description>The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).</description><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2010</creationdate><recordtype>patent</recordtype><sourceid>EFH</sourceid><recordid>eNrjZFD0zC3ILypRSExJKUotLlYoSUzKSVUoSy3KTMtMTizJzM_jYWBNS8wpTuWF0twMCm6uIc4euqXFBYklqXklxfHpRYkgysDc3NjS1NDMmAglAHfwJs4</recordid><startdate>20100615</startdate><enddate>20100615</enddate><creator>Brender, Scott A</creator><creator>Lafornara, Philip J</creator><creator>Marr, Michael David</creator><creator>Oliver, Robert Ian</creator><scope>EFH</scope></search><sort><creationdate>20100615</creationdate><title>Import address table verification</title><author>Brender, Scott A ; Lafornara, Philip J ; Marr, Michael David ; Oliver, Robert Ian</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-uspatents_grants_077395163</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2010</creationdate><toplevel>online_resources</toplevel><creatorcontrib>Brender, Scott A</creatorcontrib><creatorcontrib>Lafornara, Philip J</creatorcontrib><creatorcontrib>Marr, Michael David</creatorcontrib><creatorcontrib>Oliver, Robert Ian</creatorcontrib><creatorcontrib>Microsoft Corporation</creatorcontrib><collection>USPTO Issued Patents</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Brender, Scott A</au><au>Lafornara, Philip J</au><au>Marr, Michael David</au><au>Oliver, Robert Ian</au><aucorp>Microsoft Corporation</aucorp><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Import address table verification</title><date>2010-06-15</date><risdate>2010</risdate><abstract>The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_uspatents_grants_07739516 |
| source | USPTO Issued Patents |
| title | Import address table verification |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-06T16%3A14%3A05IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-uspatents_EFH&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Brender,%20Scott%20A&rft.aucorp=Microsoft%20Corporation&rft.date=2010-06-15&rft_id=info:doi/&rft_dat=%3Cuspatents_EFH%3E07739516%3C/uspatents_EFH%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |