| 摘要 |
Stack buffer overrun situations may be handled by a computer program that checks the memory location from where a particular function is called. As long as the return address for the function call is from a memory location of a known library that is loaded in memory, normal operation continues. If the memory location is not from a known library, the function call is suspect and execution may be terminated, since such a location may cause malicious software to be executed or abnormal program execution to happen. The memory location may also be verified by additional means, including testing whether the memory page permissions permit execution. The computer program may be a plug-in to an existing application and may also have a user-editable component. The computer program can enable a quick deployment of a temporary fix to a malicious software problem before a more permanent solution may be deployed.
|
