The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Jun. 15, 2010
Filed:
Mar. 05, 2004
Scott A. Brender, Kirkland, WA (US);
Philip J. Lafornara, Bellevue, WA (US);
Michael David Marr, Sammamish, WA (US);
Robert Ian Oliver, Issaquah, WA (US);
Scott A. Brender, Kirkland, WA (US);
Philip J. Lafornara, Bellevue, WA (US);
Michael David Marr, Sammamish, WA (US);
Robert Ian Oliver, Issaquah, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
The import address table of a software module is verified in order to prevent detouring attacks. A determination is made regarding which entries in the IAT must be verified; all of the entries may be verified or some subset of the entries that are critical may be verified. For each external function, the external module containing the external function is loaded, if it is not already loaded. The function address in the exported function table is found. That address is compared to the address for the function in the IAT. Additionally, the external module, in one embodiment, is verified to ensure that it has not been modified. For a delay load IAT, a similar procedure is followed; however the delay load IAT may be periodically checked to ensure that the delay load IAT entries are either valid (indicating that the external function has been bound) or in their initial state (indicating that no binding has yet occurred).