The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 02, 2013
Filed:
Jun. 21, 2010
Jinwook Shin, Redmond, WA (US);
John Joseph Lambert, Redmond, WA (US);
Joshua Lackey, Snohomish, WA (US);
Jinwook Shin, Redmond, WA (US);
John Joseph Lambert, Redmond, WA (US);
Joshua Lackey, Snohomish, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
Concepts and technologies are described herein for evaluating shellcode findings. In accordance with the concepts and technologies disclosed herein, shellcode findings can be evaluated to determine if the shellcode findings are legitimate, or if the shellcode findings are false positive shellcode findings. Legitimate shellcode findings can be determined based not simply upon patterns associated with the suspected shellcode itself, but also based upon a pattern of bit-level entropy in the memory around the suspected shellcode. Mathematical models of the memory can be generated and analyzed to determine if the shellcode finding is legitimate.