The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Aug. 23, 2016
Filed:
Mar. 18, 2013
Bitdefender Ipr Management Ltd., Nicosia, CY;
Mihai Chiriac, Bellevue, WA (US);
Teodor Stoenescu, Bucharest, RO;
Bitdefender IPR Management Ltd., Nicosia, CY;
Abstract
According to one aspect, a dynamic binary instrumentation (DBI) framework is used to identify rootkits and disable their malicious functionality. A user-mode or kernel-mode anti-rootkit (ARK) engine monitors the execution of a program running on a host machine in user more or kernel mode. Upon encountering calls to certain functions that may be used by rootkits to subvert system functionality (e.g. system calls used to manage the system registry, storage/disk, processes/threads, and/or network communications), the anti-rootkit engine executes translated versions of the functions in an isolated environment and continues execution of the program under analysis using the results of the translated code execution. The translated code execution replaces the execution of original code which may or may not have been subverted by a rootkit. Isolating the stack and registers of the isolated environment impedes detection of the monitoring process by rootkits.