The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 20, 2013
Filed:
Feb. 08, 2011
Glenn T. Nethercutt, Raleigh, NC (US);
Glenn T. Nethercutt, Raleigh, NC (US);
BlueStripe Software, Inc., Morrisville, NC (US);
Abstract
Provided are methods and computer program products for monitoring system calls in an operating system using safely removable system function table chaining. Methods may include loading a collector application driver providing one or more dispatch functions corresponding to one or more system functions, each dispatch function operable to call a pre-hook function prior to calling a system function, to call the system function, and to call a post-hook function following the call to the system function. A metadata block in pinned kernel memory contains, for each system function, access descriptors to the system function and the pre- and/or post-hook functions for the system function. The dispatch functions are copied into the pinned kernel memory, and the operating system's access descriptors for the system functions are altered to instead point to the corresponding dispatch functions.