发明名称 |
METHODS OF DETECTION OF SOFTWARE EXPLOITATION |
摘要 |
A method for detecting software exploitation broadly comprises the steps of gathering information about processes and threads executing on a computing device, monitoring instructions executed by a thread that is currently running, performing the following steps if a function to create a process or a function to load a library is called, examining a thread information block, determining whether an address included in a stack pointer of the thread is in a range of addresses for a stack specified by the thread information block, and determining whether a first plurality of no-operation instructions is followed by shell code that is followed by a second plurality of no-operation instructions. |
申请公布号 |
US2015089652(A1) |
申请公布日期 |
2015.03.26 |
申请号 |
US201414558265 |
申请日期 |
2014.12.02 |
申请人 |
ESET, spol. s r. o. |
发明人 |
Mirski Pawel;Hlavaty Peter;Kosinar Peter |
分类号 |
G06F21/56 |
主分类号 |
G06F21/56 |
代理机构 |
|
代理人 |
|
主权项 |
1. A non-transitory computer-readable storage medium with an executable program stored thereon for detecting software exploitation, wherein the program instructs a processing element to perform the following steps:
gathering information about processes, threads, and applets executing on a computing device; monitoring instructions executed by processes, threads, and applets that are currently running; monitoring any file that is created by the applets; determining whether the file is being executed as an additional process; and determining whether the file is being loaded as a library. |
地址 |
Bratislava SK |