The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 08, 2009
Filed:
Apr. 08, 2005
Kristjan R. Hatlelid, Sammamish, WA (US);
Uri London, Redmond, WA (US);
Vladimir A. Shubin, North Bend, WA (US);
Kristjan R. Hatlelid, Sammamish, WA (US);
Uri London, Redmond, WA (US);
Vladimir A. Shubin, North Bend, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
A method and system for efficient foreign code detection is presented. In one aspect of the invention, an authentication module examines pages which are referenced by thread stacks in a process space, where the pages may contain foreign code. The module can walk up the thread stacks to examine return address that reference such pages. In another aspect, the module checks random pages referenced by the stack. In yet another aspect, the module checks any nearby suspicious pages to checked pages referenced by the stack. Additionally, the module checks the instruction pointer referenced page, the pages and calling code described by the page fault history, and any pages with event handling functions, dynamic link library functions, or other functions that are likely to run.