| 发明名称 | Computer system and method for preventing dynamic-link library injection attack | ||
| 摘要 | A computer system and method for preventing a Dynamic-Link Library (DLL) injection attack are provided. The computer system monitors an operation where a process attempts to dynamically link an executable code library to another process, and intercepts the dynamic link of the executable code library. | ||
| 申请公布号 | US8966511(B2) | 申请公布日期 | 2015.02.24 |
| 申请号 | US201012885695 | 申请日期 | 2010.09.20 |
| 申请人 | Samsung Electronics Co., Ltd. | 发明人 | Kim Eun Ah;Jin Weon Il;Kim Hwan Joon |
| 分类号 | G06F9/44;G06F11/00;G06F17/30;G06F21/55;G06F9/445 | 主分类号 | G06F9/44 |
| 代理机构 | NSIP Law | 代理人 | NSIP Law |
| 主权项 | 1. A computer system comprising: a monitoring unit configured to monitor an injection operation by which a first process attempts to dynamically link an executable code library to a second process, the monitoring unit comprising a connection checking unit configured to determine that the injection operation occurs by determining that the first process attempts to create a thread in the second process, and by determining that a function of the created thread that is yet to be executed by the second process, will cause the second process to load the executable code library to the second process; and an intercept unit configured to intercept the dynamic link of the executable code library in response to the injection operation occurring, wherein the connection checking unit further checks whether the second process differs from the first process and whether a parameter of the function to be executed by the thread is a name of the executable code library, wherein the connection checking unit further checks whether the second process differs from the first process and whether a parameter of the function to be executed by the thread is name of the executable code library. | ||
| 地址 | Suwon-si KR | ||