专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080320056A1 FUNCTION MATCHING IN BINARIES 失效
标题翻译：功能匹配在二进制
公开(公告)号：US20080320056A1
公开(公告)日：2008-12-25
申请号：US11767364
申请日：2007-06-22
申请人： Harish Mohanan , Perraju Bendapudi , Abishek Kumarasubramanian , Rajesh Jalan , Ramarathnam Venkatesan
发明人： Harish Mohanan , Perraju Bendapudi , Abishek Kumarasubramanian , Rajesh Jalan , Ramarathnam Venkatesan
IPC分类号： G06F17/30
CPC分类号： G06F11/3672 , G06F21/16
摘要： Which target functions in a target binary have target function basic blocks that match the source function basic blocks in a source function in a source binary is determined. For the target functions having matching target function basic blocks, a target function control flow graph is determined that has the greatest control flow matching strength to a source function control flow graph, wherein a node in the source function control graph represents a source function basic block, wherein a node in a target function control graph represents a target function basic block in a corresponding target function.
摘要翻译：确定目标二进制中的目标函数具有与源二进制中的源函数中的源函数基本块匹配的目标函数基本块。对于具有匹配的目标函数基本块的目标函数，确定对源函数控制流图具有最大控制流匹配强度的目标函数控制流程图，其中源函数控制图中的节点表示源函数基本块其中，目标函数控制图中的节点表示对应目标函数中的目标函数基本块。

2. 发明授权

US08166466B2 Function matching in binaries 失效
标题翻译：功能匹配二进制
公开(公告)号：US08166466B2
公开(公告)日：2012-04-24
申请号：US11767364
申请日：2007-06-22
申请人： Harish Mohanan , Perraju Bendapudi , Abishek Kumarasubramanian , Rajesh Jalan , Ramarathnam Venkatesan
发明人： Harish Mohanan , Perraju Bendapudi , Abishek Kumarasubramanian , Rajesh Jalan , Ramarathnam Venkatesan
IPC分类号： G06F9/45
CPC分类号： G06F11/3672 , G06F21/16
摘要： Which target functions in a target binary have target function basic blocks that match the source function basic blocks in a source function in a source binary is determined. For the target functions having matching target function basic blocks, a target function control flow graph is determined that has the greatest control flow matching strength to a source function control flow graph, wherein a node in the source function control graph represents a source function basic block, wherein a node in a target function control graph represents a target function basic block in a corresponding target function.
摘要翻译：确定目标二进制中的目标函数具有与源二进制中的源函数中的源函数基本块匹配的目标函数基本块。对于具有匹配的目标函数基本块的目标函数，确定对源函数控制流图具有最大控制流匹配强度的目标函数控制流程图，其中源函数控制图中的节点表示源函数基本块其中，目标函数控制图中的节点表示对应目标函数中的目标函数基本块。

3. 发明授权

US07739553B2 System crash analysis using path tracing technologies 有权
标题翻译：使用路径跟踪技术的系统崩溃分析
公开(公告)号：US07739553B2
公开(公告)日：2010-06-15
申请号：US11756546
申请日：2007-05-31
申请人： Perraju Bendapudi , Suryanarayana Harsha , Harish Mohanan , Rajesh Jalan
发明人： Perraju Bendapudi , Suryanarayana Harsha , Harish Mohanan , Rajesh Jalan
IPC分类号： G06F11/00
CPC分类号： G06F11/079 , G06F11/366
摘要： Technologies, systems and methods for code path analysis of an executable including: generating call graphs and control flow graphs of selected functions in the executable, and instrumenting the selected functions to provide for logging of path trace information for the selected functions upon execution of the instrumented executable, the path trace information usable for efficient system crash analysis and debugging. A stack trace from a crash dump may be utilized in the selection of the functions to analyze.
摘要翻译：可执行程序的代码路径分析的技术，系统和方法，包括：生成可执行程序中所选功能的调用图和控制流程图，以及对所选功能进行检测，以便在执行被检测功能时提供所选函数的路径跟踪信息的记录可执行的路径跟踪信息可用于高效的系统崩溃分析和调试。来自故障转储的堆栈跟踪可用于选择要分析的功能。

4. 发明申请

US20080301502A1 SYSTEM CRASH ANALYSIS USING PATH TRACING TECHNOLOGIES 有权
标题翻译：使用路径跟踪技术的系统碰撞分析
公开(公告)号：US20080301502A1
公开(公告)日：2008-12-04
申请号：US11756546
申请日：2007-05-31
申请人： Suryanarayana Harsha , Harish Mohanan , Perraju Bendapudi , Rajesh Jalan
发明人： Suryanarayana Harsha , Harish Mohanan , Perraju Bendapudi , Rajesh Jalan
IPC分类号： G06F11/07
CPC分类号： G06F11/079 , G06F11/366
摘要： Technologies, systems and methods for code path analysis of an executable including: generating call graphs and control flow graphs of selected functions in the executable, and instrumenting the selected functions to provide for logging of path trace information for the selected functions upon execution of the instrumented executable, the path trace information usable for efficient system crash analysis and debugging. A stack trace from a crash dump may be utilized in the selection of the functions to analyze.
摘要翻译：可执行程序的代码路径分析的技术，系统和方法，包括：生成可执行程序中所选功能的调用图和控制流程图，以及对所选功能进行检测，以便在执行被检测功能时提供所选函数的路径跟踪信息的记录可执行的路径跟踪信息可用于高效的系统崩溃分析和调试。来自故障转储的堆栈跟踪可用于选择要分析的功能。

5. 发明授权

US07854002B2 Pattern matching for spyware detection 有权
标题翻译：间谍软件检测的模式匹配
公开(公告)号：US07854002B2
公开(公告)日：2010-12-14
申请号：US11796844
申请日：2007-04-30
申请人： Harish Mohanan , Perraju Bendapudi , Rajesh Jalan , SriSatya Aravind Akella
发明人： Harish Mohanan , Perraju Bendapudi , Rajesh Jalan , SriSatya Aravind Akella
IPC分类号： G06F21/22 , G06F9/45
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/564 , G06F21/566 , G06F2221/2145 , H04L63/0227
摘要： Spyware programs are detected even if their binary code is modified by normalizing the available code and comparing to known spyware patterns. Upon normalizing the known spyware code patterns, a signature of the normalized code is generated. Similar normalization techniques are employed to reduce the executable binary code as well. A match between the normalized spyware signature and the patterns in the normalized executable code is analyzed to determine whether the executable code includes a known spyware. For pattern matching, Deterministic Finite Automata (DFA) is constructed for basic blocks and simulated on the basic blocks of target executable, hash codes are generated for instructions in target code and known spyware code and compared, register usages are replaced with common variables and compared, and finally Direct Acyclic Graphs (DAGs) of all blocks are constructed and compared to catch reordering of mutually independent instructions and renamed variables.
摘要翻译：即使通过对可用代码进行规范化并与已知的间谍软件模式进行比较来修改其二进制代码，也会检测到间谍软件程序。在对已知的间谍软件代码模式进行归一化之后，生成归一化代码的签名。采用类似的归一化技术来减少可执行二进制码。分析归一化间谍软件签名与归一化可执行代码中的模式之间的匹配，以确定可执行代码是否包括已知的间谍软件。对于模式匹配，为基本块构建确定性有限自动机（DFA），并对目标可执行文件的基本模块进行模拟，为生成目标代码和已知间谍软件代码的指令生成哈希码，并将其与普通变量进行比较，最后构建和比较所有块的直接非循环图（DAG），以捕获相互独立的指令和重命名变量的重新排序。

6. 发明申请

US20080271147A1 Pattern matching for spyware detection 有权
标题翻译：间谍软件检测的模式匹配
公开(公告)号：US20080271147A1
公开(公告)日：2008-10-30
申请号：US11796844
申请日：2007-04-30
申请人： Harish Mohanan , Perraju Bendapudi , Rajesh Jalan , Sri Satya Aravind Akella
发明人： Harish Mohanan , Perraju Bendapudi , Rajesh Jalan , Sri Satya Aravind Akella
IPC分类号： G06F21/00
CPC分类号： H04L63/1416 , G06F21/552 , G06F21/564 , G06F21/566 , G06F2221/2145 , H04L63/0227
摘要： Spyware programs are detected even if their binary code is modified by normalizing the available code and comparing to known spyware patterns. Upon normalizing the known spyware code patterns, a signature of the normalized code is generated. Similar normalization techniques are employed to reduce the executable binary code as well. A match between the normalized spyware signature and the patterns in the normalized executable code is analyzed to determine whether the executable code includes a known spyware. For pattern matching, Deterministic Finite Automata (DFA) is constructed for basic blocks and simulated on the basic blocks of target executable, hash codes are generated for instructions in target code and known spyware code and compared, register usages are replaced with common variables and compared, and finally Direct Acyclic Graphs (DAGs) of all blocks are constructed and compared to catch reordering of mutually independent instructions and renamed variables.
摘要翻译：即使通过对可用代码进行规范化并与已知的间谍软件模式进行比较来修改其二进制代码，也会检测到间谍软件程序。在对已知的间谍软件代码模式进行归一化之后，生成归一化代码的签名。采用类似的归一化技术来减少可执行二进制码。分析归一化间谍软件签名与归一化可执行代码中的模式之间的匹配，以确定可执行代码是否包括已知的间谍软件。对于模式匹配，为基本块构建确定性有限自动机（DFA），并对目标可执行文件的基本模块进行模拟，为生成目标代码和已知间谍软件代码的指令生成哈希码，并将其与普通变量进行比较，最后构建和比较所有块的直接非循环图（DAG），以捕获相互独立的指令和重命名变量的重新排序。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式