Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries

Inactive Publication Date: 2007-11-08
VMWARE INC
View PDF2 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0007] Identification of relevant references may be attempted during an initial screening of the DLLs initially loaded at execution begin of the software application. Identification of relevant references may also be attempted during a continuous screening of DLLs loaded at runtime of the software application. In case a relevant reference is identified, hook entry code is dynamically generated. The dynamically generated hook entry code includes generated CPU instructions, which perform the following operations. In a first step, a return address of the relevant function is pushed onto a first stack location of a well known stack of the code executing computing system within which the software application is executing

Problems solved by technology

The inventor observed occasional and somewhat unpredictable failure of prior art hooks and discovered that such prior art hook failure was related to hooks directing execution to incorrect destination addresses when multiple versions of identically named DLLs were simultaneously loaded into well known isolated process memory areas.
In the case where updated versions of ide

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries
  • Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries
  • Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries

Examples

Experimental program
Comparison scheme
Effect test

Example

[0016] Prior Art FIG. 1, depicts step blocks 101-108 of a well known executing software application 100 (see FIGS. 4, 6A, 6B) relevant in the conjunction with the present invention. As may be clear to anyone skilled in the art, the execution of a software application 100 may include additional steps not depicted in the Prior art FIG. 1. During step 101, the software application 100 is loaded into isolated process memory area, which may be defined by the operating system 410 (see FIGS. 6A, 6B) within an available memory space of a code executing computer system such as a personal computer. Functions such as well known system functions that are needed by the software application for its predetermined execution within the operating system 410 may be contained in well known dynamically loaded libraries (DLLs).

[0017] During step 102, the operating system 410 performs an initial DLL loading at execution begin of the software application 100. Initially loaded DLLs may remain in isolated p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A hooking system for hooking predetermined references to predetermined dynamically loaded library (DLL) functions includes a DLL version identifier provided by a hook entry code to an enhanced hook. The hook entry code is dynamically generated during runtime of an affected software application. The version identifier enables unambiguous communication of a single enhanced hook with functions of multiple versions of identically named DLLs loaded into the same isolated process memory area.

Description

FIELD OF INVENTION [0001] The present invention relates to hook functions for runtime interception and redirection of a function call in a code executing computing environment. In particular, the present invention relates to a single hook function intercepting and redirecting function calls to multiple versions of a distinct dynamically loaded library (DLL). BACKGROUND OF INVENTION [0002] A code executing computing environment commonly referred to as system may include among other components an operating system, applications, and dynamically loaded libraries (DLLs) as are well known in the art. A number of functions commonly combined within standardized interfaces contribute to the system's overall behavior. To alter the behavior of a system functions such as for file input-output, prior art applications may reroute execution through well known hook functions or plainly called hooks. In a conventional hook, an application may invoke an original DLL function by utilizing the standard...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F9/44
CPCG06F9/4425G06F9/44536G06F9/44521G06F9/4484
Inventor CLARK, JONATHAN
Owner VMWARE INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap