| 摘要 |
PROBLEM TO BE SOLVED: To provide systems and methods for validating executable file integrity. SOLUTION: In one aspect, a plurality of partial image hashes are generated, the combination of which represents a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into a memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into the memory for execution, a validation hash of the portion is computed. The validation hash is compared with a partial hash of the plurality of partial image hashes to determine code integrity of the portion. The partial hash represents the same code segment as the portion. COPYRIGHT: (C)2006,JPO&NCIPI |
