会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 56. 发明公开
    • A COMPUTER-IMPLEMENTED METHOD AND A SYSTEM FOR ENCODING A HEAP APPLICATION MEMORY STATE USING SHADOW MEMORY
    • 一种使用阴影存储器编码堆应用存储器状态的计算机实现的方法和系统
    • EP3299964A1
    • 2018-03-28
    • EP16306236.7
    • 2016-09-27
    • COMMISSARIAT À L'ÉNERGIE ATOMIQUE ET AUX ÉNERGIES ALTERNATIVES
    • VOROBYOV, KostyantynKOSMATOV, NikolaySIGNOLES, Julien
    • G06F12/02G06F12/14G06F21/52G06F21/54
    • A computer-implemented method for encoding an application memory that a program, executed on a computer, has access to, using a shadow memory corresponding to the application memory, the method comprising:
      - creating and initializing a shadow memory divided into a plurality of segments, each segment in the application memory being mapped to a corresponding segment in the shadow memory,
      - for each memory block (AM) in the application memory that the program allocates, encoding a corresponding shadow memory block (SM), in the shadow memory, by:
      • defining a meta segment (MS AM ) preceding the first segment (S1 AM ) of the memory block (AM) in the application memory, and a corresponding shadow meta segment (MS SM ) in the shadow memory block (SM),
      • writing in the shadow meta segment (MS SM ) a first value indicative of the size (L) of the memory block (AM),
      • writing, in each subsequent segment (S1 SM , S2 SM , S3 SM ,... SN SM ) of the shadow memory block (SM), a second value indicative of the offset (OFF 1 ,OFF 2 ,OFF 3 ,...OFF N ) between the segment (S1 SM , S2 SM , S3 SM ,... SN SM ) and the first segment (S1 SM ) of the shadow memory block (SM).
    • 一种用于编码应用程序存储器的计算机实现的方法,该程序在计算机上执行,使用与应用程序存储器相对应的影子存储器访问,该方法包括:创建并初始化分成多个段的影子存储器 ,应用程序存储器中的每个段被映射到影子存储器中的对应段, - 对于程序分配的应用程序存储器中的每个存储器块(AM),在影子存储器中编码相应的影子存储器块(SM) 通过:•定义应用程序内存中的内存块(AM)的第一个段(S1AM)之前的元段(MSAM),以及影子内存块(SM)中的相应的影子元段(MSSM),•写入 阴影元段(MSSM)指示存储块(AM)的大小(L)的第一值,·在影子存储块(S1SM,S2SM,S3SM,... SNSM)的每个后续片段 SM)表示的第二个值 在段(S1SM,S2SM,S3SM,... SNSM)与影子存储块(SM)的第一段(S1SM)之间的fset(OFF1,OFF2,OFF3,... OFFN)。
    • 58. 发明公开
    • AUTOMATED CLASSIFICATION OF EXPLOITS BASED ON RUNTIME ENVIRONMENTAL FEATURES
    • 基于运行环境特征的开源自动分类
    • EP3230919A1
    • 2017-10-18
    • EP16705830.4
    • 2016-02-11
    • Morphisec Information, Security 2014 Ltd.
    • GURI, MordechaiGORELIK, MichaelYEHOSHUA, Ronen
    • G06F21/54G06F21/55G06F21/56
    • G06F21/566G06F21/54G06F21/554G06F2221/033
    • Various approaches are described herein for the automated classification of exploit(s) based on snapshots of runtime environmental features of a computing process in which the exploit(s) are attempted. The foregoing is achieved with a server and local station(s). Each local station is configured to neutralize operation of malicious code being executed thereon, obtain snapshot(s) indicating the state thereof at the time of the exploitation attempt, and perform a classification process using the snapshot(s). The snapshot(s) are analyzed with respect to a local classification model maintained by the local station to find a classification of the exploit therein. If a classification is found, an informed decision is made as to how to handle the classified exploit. If a classification is not found, the snapshot(s) are provided to the server for classification thereby. The server provides an updated classification model containing a classification for the exploit to the local station(s).
    • 本文描述了基于其中尝试利用(一个或多个)的计算过程的运行时环境特征的快照对漏洞进行自动分类的各种方法。 以上是通过服务器和本地站实现的。 每个本地站被配置为中和正在其上执行的恶意代码的操作,获取指示在利用尝试时的状态的快照,并且使用快照执行分类处理。 根据本地站维护的本地分类模型分析快照以找到其中的漏洞分类。 如果发现分类,就如何处理分类的漏洞利用做出明智的决定。 如果未找到分类,则将快照提供给服务器以进行分类。 服务器向本地站提供包含漏洞分类的更新分类模型。
    • 60. 发明公开
    • DYNAMIC CODE PATCHING TECHNIQUES FROM USER-MODE PROCESS ADDRESS SPACE
    • 来自用户模式过程地址空间的动态代码修补技术
    • EP3223185A1
    • 2017-09-27
    • EP17158611.8
    • 2017-03-01
    • Crowdstrike, Inc.
    • IONESCU, Ion-AlexandruROBINSON, Loren C.
    • G06F21/54G06F9/445G06F9/54
    • G06F9/545G06F21/54G06F2209/542
    • Techniques are described herein for loading a user-mode component of a security agent based on an asynchronous procedure call (APC) built by a kernel-mode component of the security agent. The APC is executed while a process loads, causing the process to load the user-mode component. The user-mode component then identifies slack space of the process, stores instructions in the slack space, and hooks function(s) of the process, including modifying instruction(s) of the function(s) to call the instructions stored in the slack space. When those modified instruction(s) call the stored instructions, the stored instructions invoke the user-mode component, which receives data from the hooked function(s). Also, the security agent may bypass a control-flow protection mechanism of the operating system by setting a pointer of the control-flow protection mechanism to point to an alternate verification function.
    • 本文描述了用于基于由安全代理的内核模式组件构建的异步过程调用(APC)加载安全代理的用户模式组件的技术。 APC在进程加载时执行,导致进程加载用户模式组件。 用户模式组件然后识别进程的松弛空间,将指令存储在松弛空间中,并挂接进程的功能,包括修改功能的指令以调用存储在松弛的指令 空间。 当这些修改的指令调用所存储的指令时,所存储的指令调用用户模式组件,该用户模式组件从钩状函数接收数据。 而且,安全代理可以通过将控制流保护机制的指针设置为指向替代验证功能来绕过操作系统的控制流保护机制。