+

US20070261044A1 - Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries - Google Patents

Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries Download PDF

Info

Publication number
US20070261044A1
US20070261044A1 US11/381,715 US38171506A US2007261044A1 US 20070261044 A1 US20070261044 A1 US 20070261044A1 US 38171506 A US38171506 A US 38171506A US 2007261044 A1 US2007261044 A1 US 2007261044A1
Authority
US
United States
Prior art keywords
hook
stack
function
hooking
relevant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/381,715
Inventor
Jonathan Clark
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
VMware LLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US11/381,715 priority Critical patent/US20070261044A1/en
Publication of US20070261044A1 publication Critical patent/US20070261044A1/en
Assigned to VMWARE, INC. reassignment VMWARE, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CLARK, JONATHAN
Priority to US14/088,359 priority patent/US8978053B2/en
Priority to US14/618,220 priority patent/US9274814B2/en
Assigned to VMware LLC reassignment VMware LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: VMWARE, INC.
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44536Selecting among different versions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • G06F9/4484Executing subprograms

Definitions

  • the present invention relates to hook functions for runtime interception and redirection of a function call in a code executing computing environment.
  • the present invention relates to a single hook function intercepting and redirecting function calls to multiple versions of a distinct dynamically loaded library (DLL).
  • DLL dynamically loaded library
  • a code executing computing environment commonly referred to as system may include among other components an operating system, applications, and dynamically loaded libraries (DLLs) as are well known in the art.
  • DLLs dynamically loaded libraries
  • a number of functions commonly combined within standardized interfaces contribute to the system's overall behavior.
  • prior art applications may reroute execution through well known hook functions or plainly called hooks.
  • an application may invoke an original DLL function by utilizing the standardized interfaces.
  • hooks Prior to and during code execution of an application, modifications are made to insert hooks between an application and DLL functions in order to allow for dynamic runtime changes to the application without source code modifications of applications and/or system. Hooks may pass execution to the original DLL function with same or alternated parameters and then return filtered or unfiltered results to the application after executing said DLL function.
  • DLLs are continuously improved necessitating ongoing updating.
  • Applications undergo an evolutionary process that may be independent of the related DLLs' evolution.
  • Unambiguous interaction between applications and identically named DLLs has been recently facilitated by technologies such as well known Microsoft WindowsTM Side-by-sideTM DLL loading. It causes even more identically named DLLs being loaded into isolated process memory area.
  • a method for applying an enhanced hook to a reference referencing a predetermined function of a dynamically loaded library (DLL) loaded into an isolated process memory area by an executing software application.
  • the method includes a first steps of attempting to identify a relevant reference referencing a relevant function to be hooked. Relevant reference and relevant function are predetermined.
  • a relevant reference is identified during the first step, a second step takes places during which distinct hook entry code is dynamically generated for the relevant function referenced by the identified relevant reference.
  • the relevant reference is replaced with the hook entry code such that a consecutive invocation to said relevant function executes the hook entry code.
  • a version identifier is provided by the hook entry code. The version identifier is received and interpreted in an enhanced hook specifically configured for interpreting the version identifier. Consequently, the enhanced hook unambiguously identifies the correct DLL irrespective an eventual other identically named version of that DLL loaded into the same isolated process memory area.
  • Identification of relevant references may be attempted during an initial screening of the DLLs initially loaded at execution begin of the software application. Identification of relevant references may also be attempted during a continuous screening of DLLs loaded at runtime of the software application.
  • hook entry code is dynamically generated.
  • the dynamically generated hook entry code includes generated CPU instructions, which perform the following operations.
  • a return address of the relevant function is pushed onto a first stack location of a well known stack of the code executing computing system within which the software application is executing.
  • a target address of the relevant function is pushed onto the stack at a second stack location preferably on on top of the function return address at a seconfollowed by pushing the hook address onto the stack on top of the function target address.
  • a third step return address and target address are exchanged on their stack locations by intermediate use of a CPU register, the original value of which is temporarily stored on the stack.
  • Return, target and hook addresses are memory addresses within the isolated process memory area. Because of the version identifier, only a single hook may be utilized within the isolated process memory area.
  • execution control is transferred to hook.
  • the method may be provided by a hooking system that features a hook entry code generation sequence dynamically generating hook entry code including the DLL version identifier and the enhanced hook in receiving communication with hook entry code.
  • the hooking system may include an identification routine for the identification of the relevant references and an exchanger routine for the stack exchanging of the target address with the return address.
  • the hooking system may be part of a virtual operating system, eventually compressed together with the virtual operating system in an executable file.
  • the hooking system may be present with all its components solely in computer memory.
  • a basic configuration of the hooking system may include the dynamically generated hook entry code and the enhanced hook.
  • FIG. 1 is a block diagram of a software application executing in isolated process memory area.
  • Prior Art FIG. 2 is a block diagram of the executing software application of Prior Art FIG. 1 partially erroneously hooked by a prior art hooking method.
  • FIG. 3 is a block diagram of the executing software application of Prior Art FIG. 1 hooked by a hooking method of the present invention.
  • FIG. 4 is a detailed block diagram of an operating hooking system of the present invention.
  • FIG. 5 is a stack activity schematic of the present invention.
  • FIG. 6 is a pseudo code block diagram of a hook entry code generation sequence of the present invention.
  • FIGS. 7A, 7B schematically depict representative configurations of hooking systems in accordance with embodiments of the present invention.
  • Prior Art FIG. 1 depicts step blocks 101 - 108 of a well known executing software application 100 (see FIGS. 4, 6A , 6 B) relevant in the conjunction with the present invention.
  • the execution of a software application 100 may include additional steps not depicted in the Prior art FIG. 1 .
  • the software application 100 is loaded into isolated process memory area, which may be defined by the operating system 410 (see FIGS. 6A, 6B ) within an available memory space of a code executing computer system such as a personal computer.
  • Functions such as well known system functions that are needed by the software application for its predetermined execution within the operating system 410 may be contained in well known dynamically loaded libraries (DLLs).
  • DLLs dynamically loaded libraries
  • the operating system 410 performs an initial DLL loading at execution begin of the software application 100 .
  • Initially loaded DLLs may remain in isolated process memory area until termination of the software application 100 .
  • DLLs may also be loaded into the isolated process memory area.
  • references A, B, N may be made by the executing software application as indicated by paths 105 A, 105 B, 105 C.
  • the references A, B, N may reference functions FA, FB, FN contained in DLLs having names NA and NN. At least two DLLs may have an identical name NA but may be of distinct version VA, VB.
  • references A, B, N invokes the corresponding functions FA, FB, FN as illustrated by blocks 107 A, 107 B, 107 C.
  • All necessary information about DLL names, DLL versions, functions FA, FB, FN names for an unambiguous invocation of the functions FA, FB, FN via references A, B, N may be contained in the code of the software application 100 and/or well known associated data files
  • the loaded DLLs NA, NN are freed from the isolated memory process memory area as depicted in step 108 . Runtime loaded DLLs may be freed also during application runtime 104 .
  • Prior Art FIG. 2 There may be well known cases where the functionality of the software application 100 is to be modified without modification of the software application's 100 code.
  • well known hooking systems have been utilized in the prior art as illustrated in Prior Art FIG. 2 .
  • a prior art hooking system may provide for that purpose well known information about relevant functions FA, FB, FN to be hooked and to be replaced by substitute functions X, Y, Z during execution of the software application 100 to accomplish a predetermined modification of the software application's 100 functionality.
  • Well known prior art hooking functions or simply called hooks PH are also provided by prior art hooking systems as shown in block 202 .
  • Prior art hooks PH are configured for interpreting DLL names NA, NN and function names FA, FB, FN as is well known in the art.
  • Identification of relevant references A, B, N is attempted by prior art hooking systems as in block 203 . Identification may be attempted during initial DLL loading 102 with an initial screening 205 and during runtime DLL loading 103 with an continuous screening 207 . At the moment illustrated in block 209 when a relevant reference A/B/N is identified, it is immediately replaced with a corresponding hook reference RA/RB/RN as depicted by step 211 . Consequently, a hook PH of blocks 217 A/ 217 B/ 217 C may be invoked instead of functions FA/FB/FN. The invoked hook PH in turn may establish communication with respective substitute functions X, Y, Z of blocks 218 A, 218 B, 218 C.
  • the substitute functions X, Y, Z are intended to provide either independently or in conjunction with respective functions FA, FB, FN the predetermined functionality modification of the software application 100 .
  • the hook PH are also freed from the isolated process memory area. Multiple representations of the hook PH may be employed within the isolated process memory area as is clear to anyone skilled in the art.
  • Prior Art FIG. 2 and FIG. 3 at least two identically named DLLs NA of distinct version VA, VB are to be hooked.
  • an ambiguity error 111 may occur in conjunction with prior art hooking systems.
  • the ambiguity error 111 may occur, since hook references RA, RB only recognize DLL names NA, NN and function names FA, FB, FN and are not configured to distinguish between versions VA and VB.
  • substitute functions X or Y may be invoked via hook PH instead of function FA and function FB.
  • functions FA, FB, FN may be a large number.
  • a corresponding distinct hook entry code CA/CB/CN is dynamically generated as shown in step 310 .
  • Dynamically generated means in context with the present invention that the hook entry code CA/CB/CN is generated by hook entry code generation sequence 305 (see FIGS. 6, 7A , 7 B) during runtime of the software application 100 at the moment a relevant reference A, B, N is identified.
  • the relevant references A/B/N are replaced prior to their execution by the corresponding hook entry code CA/CB/CN in step 311 .
  • Generated hook entry code CA, CB, CN may remain in isolated process memory area until termination of the software application as in step 108 .
  • Steps 209 , 310 , 311 are repeated every time a relevant reference A/B/N is identified between execution begin and termination of the software application 100 .
  • a consecutive invocation to the corresponding relevant function FA/FB/FN executes the respective hook entry code CA/CB/CN, whereby version identifier IA/IB/IN is provided as illustrated in steps 316 A, 316 B, 316 C.
  • the version identifiers IA, IB, IN identify versions VA/VB/VN of DLLs NA, NN.
  • An enhanced hook EH also loaded into the isolated process memory area receives the version identifiers IA, IB, IN together with information about DLL names NA, NN and function names FA, FB, FN and correspondingly establishes communication with provided substitute functions X, Y, Z.
  • hook entry codes CA, CB, CN and enhanced hook EH are freed from isolated process memory area. Multiple representations of the enhanced hook EH may be loaded into and simultaneously active within the isolated process memory area.
  • Communication flow between the executing software application 100 , the hook entry codes CA, CB, CN of steps 316 A, 316 B, 316 C, the enhanced hook EH of step 317 , substitute functions X, Y, Z of steps 218 A, 218 B, 218 C and eventually functions FA, FB, FN of steps 218 A, 218 B, 218 C in accordance with the present invention is depicted in FIG. 4 .
  • Communication coming from the executing software application 100 is attributed with distinct version identifiers IA, IB, IN and redirected towards the single enhanced hook EH by the established distinct hook entry codes CA, CB, CN.
  • Communication between enhanced hook EH and respective substitute functions X, Y, Z as well as between substitute functions X, Y, Z and respective functions FA, FB, FN is bidirectional. Communication from the enhanced hook EH to the executing software application 100 may be directly.
  • stack blocks 3160 - 3169 schematically depict activity on a well known stack of the code executing computing system 400 during the dynamic generation of distinct hook entry codes CA, CB, CN.
  • the bottom to top loaded stack blocks 3160 - 3169 are presented for the sole purpose of general understanding without claim of accuracy.
  • commonly practiced top down depiction of stack loading activity in well known IntelTM based hardware architectures that may provide the code executing computing system 400 is disregarded in the FIG. 5 .
  • a pseudo code listing of code blocks 501 - 511 of the hook entry code generation sequence 305 is shown in FIG. 6 .
  • the hook entry code generation sequence 305 dynamically generates hook entry codes CA, CB, CN for each identified relevant reference A, B, N.
  • the hook entry codes CA, CB, CN remain loaded in the isolated process memory area during runtime of the software application 100 .
  • the hook entry codes CA, CB, CN are representations of the hook entry code generation sequence 305 adapted to the individual relevant references A/B/N, individual respective relevant functions FA/FB/FN, individual respective DLLs NA of version VA/VB/VN, individual respective enhanced hook(s) EH and individual respective predetermined substitute functions X/Y/Z as may be clear to anyone skilled in the art.
  • a return address of the respective relevant function FA/FB/FN is instructed by code block 502 to be pushed onto a first stack location of the stack as in stack block 3160 followed by instruction of code block 503 to push a target address of the respective relevant function FA/FB/FN onto a second stack location of the stack as in stack block 3161 .
  • an address of the enhanced hook EH is instructed by code block 504 to be pushed on the stack as in stack block 3162 .
  • a well known CPU register 401 is allocated as instructed by code block 505 . According to code block 506 , the CPU register's 401 original value is stored on the stack as in stack block 3163 .
  • the function's FA/FB/FN target address is instructed by code block 507 to be loaded from the second stack location into the allocated CPU register 401 .
  • the stack contents remains unaltered as shown in blocks 3163 and 3164 .
  • originally stacked return address at the first stack location and target address in the CPU register 401 are instructed by code block 508 to be preferably simultaneously exchanged as in stack block 3165 , or in other words exchanging the CPU register contents with the first stack location.
  • code block 509 instructs to replace the original target address at the second stack location with the return address contained in the CPU register 401 as in stack block 3166 , or in other words storing the CPU register content to the second stack location.
  • Code blocks 502 - 510 are an exchanger routine, which is part of the hook entry code generation sequence 305 .
  • the enhanced hook EH address is passed on together with the function return address to the enhanced hook EH as in block 3168 and as instructed by code block 511 .
  • the function return address is utilized as distinct version identifier IA, IB, IN.
  • the remaining function FA/FB/FN target address in block 3169 may be cleared from the stack according to code block 512 .
  • Each of the steps between blocks 3160 - 3169 takes about one well known CPU clocking interval.
  • the hooking system 300 of the present invention may include a well known application hooking information 201 including information about functions FA, FB, FN to be hooked, a well known relevant reference A, B, N identification and replacing routine 253 , the hook entry code generation sequence 305 , one or more enhanced hooks EH and substitute function(s) X, Y, Z.
  • the hooking system 300 may be part of a well known virtual operating system 600 that may exist together with the software application 100 in computer memory 420 of the code executing computing system 400 .
  • a hard stored operating system 410 may at least partially coexist together with the virtual operating system 600 in computer memory 420 .
  • the hooking system 305 may be compressed together with virtual operating system in an executable file. Alternately and as illustrated in FIG. 7B , the hooking system 300 may be embedded within the software application 100 .
  • the hooking system 305 may operate automatically without particular user input to provide functionality modification(s) to the software application 100 as predetermined by a software developing person and as may be well appreciated by anyone skilled in the art in accordance with the above teachings.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

A hooking system for hooking predetermined references to predetermined dynamically loaded library (DLL) functions includes a DLL version identifier provided by a hook entry code to an enhanced hook. The hook entry code is dynamically generated during runtime of an affected software application. The version identifier enables unambiguous communication of a single enhanced hook with functions of multiple versions of identically named DLLs loaded into the same isolated process memory area.

Description

    FIELD OF INVENTION
  • The present invention relates to hook functions for runtime interception and redirection of a function call in a code executing computing environment. In particular, the present invention relates to a single hook function intercepting and redirecting function calls to multiple versions of a distinct dynamically loaded library (DLL).
    • BACKGROUND OF INVENTION
  • A code executing computing environment commonly referred to as system may include among other components an operating system, applications, and dynamically loaded libraries (DLLs) as are well known in the art. A number of functions commonly combined within standardized interfaces contribute to the system's overall behavior. To alter the behavior of a system functions such as for file input-output, prior art applications may reroute execution through well known hook functions or plainly called hooks. In a conventional hook, an application may invoke an original DLL function by utilizing the standardized interfaces.
  • Prior to and during code execution of an application, modifications are made to insert hooks between an application and DLL functions in order to allow for dynamic runtime changes to the application without source code modifications of applications and/or system. Hooks may pass execution to the original DLL function with same or alternated parameters and then return filtered or unfiltered results to the application after executing said DLL function.
  • DLLs are continuously improved necessitating ongoing updating. Applications undergo an evolutionary process that may be independent of the related DLLs' evolution. To keep applications compatible with ever modifying systems, multiple versions of DLLs with identical name are kept accessible to applications. Unambiguous interaction between applications and identically named DLLs has been recently facilitated by technologies such as well known Microsoft Windows™ Side-by-side™ DLL loading. It causes even more identically named DLLs being loaded into isolated process memory area.
  • The inventor observed occasional and somewhat unpredictable failure of prior art hooks and discovered that such prior art hook failure was related to hooks directing execution to incorrect destination addresses when multiple versions of identically named DLLs were simultaneously loaded into well known isolated process memory areas. This is rooted in the fact that a particular application version may require functions embedded in distinct versions of an identically named DLL in order to execute in a predetermined manner inside a particular system version. In the case where updated versions of identically named functions having different functionality exist in several identically named DLLs, prior art hooks may eventually access and execute the wrong function. An error may result and/or may be detected only, if such ambiguously accessed functions differ in functionality to the extent, that the overlying application execution is adversely and/or noticeable effected. In praxis and at time this problem was discovered, occurrence may be estimated without claim for accuracy of less than one out of ten thousand implemented hooks. Irrespective such rare occurrence, this problem needs to be addressed for reliable implementation of hooks. Therefore, there exists a need for an improved hook function to be used with multiple target functions embedded in a number of identically named final destinations such as dynamically loaded libraries of distinct version. The present invention addresses this need.
    • SUMMARY
  • A method is introduced for applying an enhanced hook to a reference referencing a predetermined function of a dynamically loaded library (DLL) loaded into an isolated process memory area by an executing software application. The method includes a first steps of attempting to identify a relevant reference referencing a relevant function to be hooked. Relevant reference and relevant function are predetermined. In case a relevant reference is identified during the first step, a second step takes places during which distinct hook entry code is dynamically generated for the relevant function referenced by the identified relevant reference. Also during the second step and following the dynamic hook entry code generation, the relevant reference is replaced with the hook entry code such that a consecutive invocation to said relevant function executes the hook entry code. In a following third step, a version identifier is provided by the hook entry code. The version identifier is received and interpreted in an enhanced hook specifically configured for interpreting the version identifier. Consequently, the enhanced hook unambiguously identifies the correct DLL irrespective an eventual other identically named version of that DLL loaded into the same isolated process memory area.
  • Identification of relevant references may be attempted during an initial screening of the DLLs initially loaded at execution begin of the software application. Identification of relevant references may also be attempted during a continuous screening of DLLs loaded at runtime of the software application. In case a relevant reference is identified, hook entry code is dynamically generated. The dynamically generated hook entry code includes generated CPU instructions, which perform the following operations. In a first step, a return address of the relevant function is pushed onto a first stack location of a well known stack of the code executing computing system within which the software application is executing. In a second step, a target address of the relevant function is pushed onto the stack at a second stack location preferably on on top of the function return address at a seconfollowed by pushing the hook address onto the stack on top of the function target address. In a third step, return address and target address are exchanged on their stack locations by intermediate use of a CPU register, the original value of which is temporarily stored on the stack. Return, target and hook addresses are memory addresses within the isolated process memory area. Because of the version identifier, only a single hook may be utilized within the isolated process memory area. In a fourth step, execution control is transferred to hook.
  • The method may be provided by a hooking system that features a hook entry code generation sequence dynamically generating hook entry code including the DLL version identifier and the enhanced hook in receiving communication with hook entry code. The hooking system may include an identification routine for the identification of the relevant references and an exchanger routine for the stack exchanging of the target address with the return address. The hooking system may be part of a virtual operating system, eventually compressed together with the virtual operating system in an executable file. The hooking system may be present with all its components solely in computer memory. A basic configuration of the hooking system may include the dynamically generated hook entry code and the enhanced hook.
    • BRIEF DESCRIPTION OF THE FIGURES
  • Prior Art FIG. 1 is a block diagram of a software application executing in isolated process memory area.
  • Prior Art FIG. 2 is a block diagram of the executing software application of Prior Art FIG. 1 partially erroneously hooked by a prior art hooking method.
  • FIG. 3 is a block diagram of the executing software application of Prior Art FIG. 1 hooked by a hooking method of the present invention.
  • FIG. 4 is a detailed block diagram of an operating hooking system of the present invention.
  • FIG. 5 is a stack activity schematic of the present invention.
  • FIG. 6 is a pseudo code block diagram of a hook entry code generation sequence of the present invention.
  • FIGS. 7A, 7B schematically depict representative configurations of hooking systems in accordance with embodiments of the present invention.
    • DETAILED DESCRIPTION
  • Prior Art FIG. 1, depicts step blocks 101-108 of a well known executing software application 100 (see FIGS. 4, 6A, 6B) relevant in the conjunction with the present invention. As may be clear to anyone skilled in the art, the execution of a software application 100 may include additional steps not depicted in the Prior art FIG. 1. During step 101, the software application 100 is loaded into isolated process memory area, which may be defined by the operating system 410 (see FIGS. 6A, 6B) within an available memory space of a code executing computer system such as a personal computer. Functions such as well known system functions that are needed by the software application for its predetermined execution within the operating system 410 may be contained in well known dynamically loaded libraries (DLLs).
  • During step 102, the operating system 410 performs an initial DLL loading at execution begin of the software application 100. Initially loaded DLLs may remain in isolated process memory area until termination of the software application 100. During runtime of the software application 100, DLLs may also be loaded into the isolated process memory area. At varying times during application runtime as indicated by path 104, references A, B, N may be made by the executing software application as indicated by paths 105A, 105B, 105C. The references A, B, N may reference functions FA, FB, FN contained in DLLs having names NA and NN. At least two DLLs may have an identical name NA but may be of distinct version VA, VB. The processing of the references A, B, N as shown in steps 106A, 106B, 106C invokes the corresponding functions FA, FB, FN as illustrated by blocks 107A, 107B, 107C. All necessary information about DLL names, DLL versions, functions FA, FB, FN names for an unambiguous invocation of the functions FA, FB, FN via references A, B, N may be contained in the code of the software application 100 and/or well known associated data files During termination of the software application 100, the loaded DLLs NA, NN are freed from the isolated memory process memory area as depicted in step 108. Runtime loaded DLLs may be freed also during application runtime 104.
  • There may be well known cases where the functionality of the software application 100 is to be modified without modification of the software application's 100 code. For that purpose, well known hooking systems have been utilized in the prior art as illustrated in Prior Art FIG. 2. As in step 201, a prior art hooking system may provide for that purpose well known information about relevant functions FA, FB, FN to be hooked and to be replaced by substitute functions X, Y, Z during execution of the software application 100 to accomplish a predetermined modification of the software application's 100 functionality. Well known prior art hooking functions or simply called hooks PH are also provided by prior art hooking systems as shown in block 202. Prior art hooks PH are configured for interpreting DLL names NA, NN and function names FA, FB, FN as is well known in the art.
  • Identification of relevant references A, B, N is attempted by prior art hooking systems as in block 203. Identification may be attempted during initial DLL loading 102 with an initial screening 205 and during runtime DLL loading 103 with an continuous screening 207. At the moment illustrated in block 209 when a relevant reference A/B/N is identified, it is immediately replaced with a corresponding hook reference RA/RB/RN as depicted by step 211. Consequently, a hook PH of blocks 217A/217B/217C may be invoked instead of functions FA/FB/FN. The invoked hook PH in turn may establish communication with respective substitute functions X, Y, Z of blocks 218A, 218B, 218C. The substitute functions X, Y, Z are intended to provide either independently or in conjunction with respective functions FA, FB, FN the predetermined functionality modification of the software application 100. At application termination 108, the hook PH are also freed from the isolated process memory area. Multiple representations of the hook PH may be employed within the isolated process memory area as is clear to anyone skilled in the art.
  • In the case illustrated in Prior Art FIG. 2 and FIG. 3, at least two identically named DLLs NA of distinct version VA, VB are to be hooked. In Prior Art FIG. 2 an ambiguity error 111 may occur in conjunction with prior art hooking systems. The ambiguity error 111 may occur, since hook references RA, RB only recognize DLL names NA, NN and function names FA, FB, FN and are not configured to distinguish between versions VA and VB. As a result, substitute functions X or Y may be invoked via hook PH instead of function FA and function FB. In praxis, functions FA, FB, FN may be a large number. Even functions FA, FB contained in different versions VA, VB of DLLs NA may be in large numbers with only slight and/or occasional functional differences. Consequently, the ambiguity error 111 may remain undetected as long as functionality of function FA and FB differs only insignificantly for the software application's 100 execution. With increasing numbers of identically named multiple version VA, VB DLLs NA simultaneously loaded into isolated process memory area, the likelihood of adverse ambiguity error 111 effects on the software application 100 execution may increase as well.
  • In the present invention depicted in FIG. 3, and immediately following the step 209 of identifying a relevant reference A/B/N a corresponding distinct hook entry code CA/CB/CN is dynamically generated as shown in step 310. Dynamically generated means in context with the present invention that the hook entry code CA/CB/CN is generated by hook entry code generation sequence 305 (see FIGS. 6, 7A, 7B) during runtime of the software application 100 at the moment a relevant reference A, B, N is identified. The relevant references A/B/N are replaced prior to their execution by the corresponding hook entry code CA/CB/CN in step 311. Generated hook entry code CA, CB, CN may remain in isolated process memory area until termination of the software application as in step 108. Steps 209, 310, 311 are repeated every time a relevant reference A/B/N is identified between execution begin and termination of the software application 100. A consecutive invocation to the corresponding relevant function FA/FB/FN executes the respective hook entry code CA/CB/CN, whereby version identifier IA/IB/IN is provided as illustrated in steps 316A, 316B, 316C. The version identifiers IA, IB, IN identify versions VA/VB/VN of DLLs NA, NN. An enhanced hook EH also loaded into the isolated process memory area receives the version identifiers IA, IB, IN together with information about DLL names NA, NN and function names FA, FB, FN and correspondingly establishes communication with provided substitute functions X, Y, Z. At application termination 108, hook entry codes CA, CB, CN and enhanced hook EH are freed from isolated process memory area. Multiple representations of the enhanced hook EH may be loaded into and simultaneously active within the isolated process memory area.
  • Communication flow between the executing software application 100, the hook entry codes CA, CB, CN of steps 316A, 316B, 316C, the enhanced hook EH of step 317, substitute functions X, Y, Z of steps 218A, 218B, 218C and eventually functions FA, FB, FN of steps 218A, 218B, 218C in accordance with the present invention is depicted in FIG. 4. Communication coming from the executing software application 100 is attributed with distinct version identifiers IA, IB, IN and redirected towards the single enhanced hook EH by the established distinct hook entry codes CA, CB, CN. Communication between enhanced hook EH and respective substitute functions X, Y, Z as well as between substitute functions X, Y, Z and respective functions FA, FB, FN is bidirectional. Communication from the enhanced hook EH to the executing software application 100 may be directly.
  • In FIG. 5, stack blocks 3160-3169 schematically depict activity on a well known stack of the code executing computing system 400 during the dynamic generation of distinct hook entry codes CA, CB, CN. The bottom to top loaded stack blocks 3160-3169 are presented for the sole purpose of general understanding without claim of accuracy. Notably, commonly practiced top down depiction of stack loading activity in well known Intel™ based hardware architectures that may provide the code executing computing system 400 is disregarded in the FIG. 5. A pseudo code listing of code blocks 501-511 of the hook entry code generation sequence 305 is shown in FIG. 6. The hook entry code generation sequence 305 dynamically generates hook entry codes CA, CB, CN for each identified relevant reference A, B, N. The hook entry codes CA, CB, CN remain loaded in the isolated process memory area during runtime of the software application 100. The hook entry codes CA, CB, CN are representations of the hook entry code generation sequence 305 adapted to the individual relevant references A/B/N, individual respective relevant functions FA/FB/FN, individual respective DLLs NA of version VA/VB/VN, individual respective enhanced hook(s) EH and individual respective predetermined substitute functions X/Y/Z as may be clear to anyone skilled in the art.
  • In case a relevant reference A/B/N and its respective relevant function FA/FB/FN is identified as in code block 501, a return address of the respective relevant function FA/FB/FN is instructed by code block 502 to be pushed onto a first stack location of the stack as in stack block 3160 followed by instruction of code block 503 to push a target address of the respective relevant function FA/FB/FN onto a second stack location of the stack as in stack block 3161. Then an address of the enhanced hook EH is instructed by code block 504 to be pushed on the stack as in stack block 3162. A well known CPU register 401 is allocated as instructed by code block 505. According to code block 506, the CPU register's 401 original value is stored on the stack as in stack block 3163. Once the original CPU register 401 value is stored on the stack, the function's FA/FB/FN target address is instructed by code block 507 to be loaded from the second stack location into the allocated CPU register 401. The stack contents remains unaltered as shown in blocks 3163 and 3164. Next, originally stacked return address at the first stack location and target address in the CPU register 401 are instructed by code block 508 to be preferably simultaneously exchanged as in stack block 3165, or in other words exchanging the CPU register contents with the first stack location. Next, code block 509 instructs to replace the original target address at the second stack location with the return address contained in the CPU register 401 as in stack block 3166, or in other words storing the CPU register content to the second stack location. Between 3160 and 3166 the return address is in fact exchanged with the target address at their respective stack location. Code blocks 502-510 are an exchanger routine, which is part of the hook entry code generation sequence 305. Once the original register value is loaded back into the CPU register as in block 3167 and as instructed by code block 510, the enhanced hook EH address is passed on together with the function return address to the enhanced hook EH as in block 3168 and as instructed by code block 511. The function return address is utilized as distinct version identifier IA, IB, IN. The remaining function FA/FB/FN target address in block 3169 may be cleared from the stack according to code block 512. Each of the steps between blocks 3160-3169 takes about one well known CPU clocking interval.
  • Referring to FIG. 7A, the hooking system 300 of the present invention may include a well known application hooking information 201 including information about functions FA, FB, FN to be hooked, a well known relevant reference A, B, N identification and replacing routine 253, the hook entry code generation sequence 305, one or more enhanced hooks EH and substitute function(s) X, Y, Z. The hooking system 300 may be part of a well known virtual operating system 600 that may exist together with the software application 100 in computer memory 420 of the code executing computing system 400. A hard stored operating system 410 may at least partially coexist together with the virtual operating system 600 in computer memory 420. The hooking system 305 may be compressed together with virtual operating system in an executable file. Alternately and as illustrated in FIG. 7B, the hooking system 300 may be embedded within the software application 100.
  • The hooking system 305 may operate automatically without particular user input to provide functionality modification(s) to the software application 100 as predetermined by a software developing person and as may be well appreciated by anyone skilled in the art in accordance with the above teachings.
  • Accordingly, the scope of the invention described in the Figures and Specification above is set forth by the following claims and their legal equivalent:

Claims (12)

1. A method for applying a hook to a reference referencing a predetermined function of a dynamically loaded library loaded into an isolated process memory area by an executing software application, said method comprising the steps of:
a. attempting to identify a relevant reference of said reference, said relevant reference referencing a relevant function of said function, said relevant function to be hooked by said hook;
b. in case of identifying during said step 1.a) said relevant reference:
i. dynamically generating distinct hook entry code for said relevant function;
ii. replacing said relevant reference with said dynamically generated hook entry code such that a consecutive invocation to said relevant function executes said dynamically generated hook entry code, whereby a version identifier is provided, said version identifier identifying a version of said dynamically loaded library; and
c. receiving and interpreting in an enhanced hook of said hook said version identifier such that said enhanced hook unambiguously identifies said dynamically loaded library having said version irrespective an eventual other identically named version of said dynamically loaded library loaded into said isolated process memory area.
2. The method of claim 1, whereby in case of identifying said relevant reference during said step 1.a) a return address of said relevant function is pushed onto a stack of a code executing computing system within which said software application is said executing followed by said step 1.b.i) including the steps of:
a. pushing a target address of said relevant function onto said stack; followed by
b. pushing a hook address onto said stack; followed by
c. exchanging said return address with said target address on said stack; followed by
d. processing of said hook address from said stack and simultaneously passing said function return address from said stack as said version identifier to said enhanced hook; and
whereby said return address, said target address and said hook address are memory addresses within said isolated process memory area.
3. The method of claim 2, wherein said return address is said pushed on a first stack location of said stack and said target address being said pushed on a second stack location of said stack, whereby said exchanging during said step 4.c) includes the steps of:
a. pushing a contents of a CPU register onto said stack;
b. loading said target address into said CPU register from said second stack location;
c. exchanging CPU register contents with said first stack location
d. storing CPU register contents to said second stack location; and
e. restoring original CPU register value from stack.
4. The method of claim 1, whereby said hook is a single hook within said isolated process memory area.
5. A hooking system hooking a function reference within an isolated memory area of a code executing computing system, said hooking system comprising:
a. a hook entry code generating sequence dynamically generating hook entry code including a dynamic link library version identifier;
b. an enhanced hook in receiving communication with said dynamically generated hook entry code, said hook interpreting said dynamically loaded library version identifier such that said hook unambiguously identifies a corresponding dynamically loaded library irrespective an eventual other identically named version of said dynamically loaded library and such that said hook establishes bidirectional communication with a function of said dynamic link library.
6. The hooking system of claim 5, further comprising an exchanger routine exchanging a return address with a target address on a stack of said code executing computing system, said return address and said target address being memory addresses within said isolated process memory area of a function relevant for hooking.
7. The hooking system of claim 5, being part of a virtual operating system.
8. The hooking system of claim 7, wherein said function reference hooking system is compressed together with said virtual operating system in an executable file.
9. The hooking system of claim 5 being present solely in computer memory.
10. A hooking system hooking a reference to a function of a dynamic link library within an isolated memory area of a code executing computing system, said hooking system comprising:
a. a dynamically generated hook entry code providing from a return address of said function a dynamic link library version identifier;
b. an enhanced hook in receiving communication with said dynamically generated hook entry code, said enhanced hook interpreting said dynamically loaded library version identifier such that said enhanced hook unambiguously identifies a corresponding one of said dynamically loaded library irrespective an eventual other identically named version of said dynamically loaded library and such that said enhanced hook establishes bidirectional communication with a function of said dynamically loaded library.
11. The hooking system of claim 10, being part of a virtual operating system.
12. The hooking system of claim 10, being present solely in computer memory.
US11/381,715 2006-05-04 2006-05-04 Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries Abandoned US20070261044A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US11/381,715 US20070261044A1 (en) 2006-05-04 2006-05-04 Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries
US14/088,359 US8978053B2 (en) 2006-05-04 2013-11-23 Enhanced hook function for use with different versions of a dynamically loaded library
US14/618,220 US9274814B2 (en) 2006-05-04 2015-02-10 Enhanced hook function for use with different versions of a dynamically loaded library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/381,715 US20070261044A1 (en) 2006-05-04 2006-05-04 Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/088,359 Continuation US8978053B2 (en) 2006-05-04 2013-11-23 Enhanced hook function for use with different versions of a dynamically loaded library

Publications (1)

Publication Number Publication Date
US20070261044A1 true US20070261044A1 (en) 2007-11-08

Family

ID=38662602

Family Applications (3)

Application Number Title Priority Date Filing Date
US11/381,715 Abandoned US20070261044A1 (en) 2006-05-04 2006-05-04 Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries
US14/088,359 Active US8978053B2 (en) 2006-05-04 2013-11-23 Enhanced hook function for use with different versions of a dynamically loaded library
US14/618,220 Active US9274814B2 (en) 2006-05-04 2015-02-10 Enhanced hook function for use with different versions of a dynamically loaded library

Family Applications After (2)

Application Number Title Priority Date Filing Date
US14/088,359 Active US8978053B2 (en) 2006-05-04 2013-11-23 Enhanced hook function for use with different versions of a dynamically loaded library
US14/618,220 Active US9274814B2 (en) 2006-05-04 2015-02-10 Enhanced hook function for use with different versions of a dynamically loaded library

Country Status (1)

Country Link
US (3) US20070261044A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090249368A1 (en) * 2008-03-25 2009-10-01 Microsoft Corporation Runtime Code Hooking
WO2010103247A1 (en) * 2009-03-12 2010-09-16 Giovanni Albani Methods and devices for updating a client/server application without a client-side application restart
US20100299659A1 (en) * 2009-05-20 2010-11-25 Microsoft Corporation Attribute based method redirection
KR101052586B1 (en) 2010-08-20 2011-07-29 주식회사 파수닷컴 Recording medium recording program for preventing hook re-entry and method thereof in computer
US20110239194A1 (en) * 2010-03-29 2011-09-29 Microsoft Corporation Automatically redirecting method calls for unit testing
US20120265946A1 (en) * 2011-04-12 2012-10-18 Appsense, Limited Bypassing user mode redirection
US8627305B1 (en) * 2009-03-24 2014-01-07 Mcafee, Inc. System, method, and computer program product for hooking code inserted into an address space of a new process
US8978053B2 (en) 2006-05-04 2015-03-10 Vmware, Inc. Enhanced hook function for use with different versions of a dynamically loaded library
US9141356B2 (en) 2011-12-14 2015-09-22 Microsoft Technology Licensing, Llc Process for generating dynamic type
CN105094878A (en) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 System library file integration method and apparatus
US9405515B1 (en) * 2015-02-04 2016-08-02 Rockwell Collins, Inc. Computing systems utilizing controlled dynamic libraries and isolated execution spaces
US20160321120A1 (en) * 2011-12-06 2016-11-03 Introspex, Inc. Analytics data collection with low integration cost for dynamic message passing systems
CN106371940A (en) * 2015-07-21 2017-02-01 腾讯科技(深圳)有限公司 Solution method and device for program crash
CN107391219A (en) * 2017-07-07 2017-11-24 腾讯科技(深圳)有限公司 Function Compilation Method and device
US9836315B1 (en) * 2014-06-25 2017-12-05 Amazon Technologies, Inc. De-referenced package execution
CN108446224A (en) * 2018-03-06 2018-08-24 福建天泉教育科技有限公司 The method for analyzing performance, storage medium of application program on mobile terminal
CN110045998A (en) * 2019-04-22 2019-07-23 腾讯科技(深圳)有限公司 Load the method and device of dynamic base
CN112416366A (en) * 2019-08-23 2021-02-26 华为技术有限公司 Method, device and equipment for dynamically hooking Java language hooks
CN112988353A (en) * 2021-03-12 2021-06-18 北京明朝万达科技股份有限公司 Operation control method and device for application program
US20240411568A1 (en) * 2020-09-17 2024-12-12 Pax Computer Technology (Shenzhen) Co., Ltd. Method for operating application program, terminal device and computer-readable storage medium

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8695060B2 (en) 2011-10-10 2014-04-08 Openpeak Inc. System and method for creating secure applications
US9465717B2 (en) * 2013-03-14 2016-10-11 Riverbed Technology, Inc. Native code profiler framework
US9232013B1 (en) 2014-09-05 2016-01-05 Openpeak Inc. Method and system for enabling data usage accounting
US8938547B1 (en) 2014-09-05 2015-01-20 Openpeak Inc. Method and system for data usage accounting in a computing device
US9350818B2 (en) 2014-09-05 2016-05-24 Openpeak Inc. Method and system for enabling data usage accounting for unreliable transport communication
US20160071040A1 (en) 2014-09-05 2016-03-10 Openpeak Inc. Method and system for enabling data usage accounting through a relay
US9100390B1 (en) 2014-09-05 2015-08-04 Openpeak Inc. Method and system for enrolling and authenticating computing devices for data usage accounting
CN105204903A (en) * 2015-09-24 2015-12-30 北京金山安全软件有限公司 Process module loading interception method and device
US10572245B1 (en) * 2016-08-30 2020-02-25 Amazon Technologies, Inc. Identifying versions of running programs using signatures derived from object files
US10235161B2 (en) * 2017-02-06 2019-03-19 American Megatrends, Inc. Techniques of adding security patches to embedded systems
CN108491736B (en) * 2018-04-02 2020-09-22 北京顶象技术有限公司 Tamper monitoring method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5946486A (en) * 1996-12-10 1999-08-31 International Business Machines Corporation Apparatus and method for tracing entries to or exits from a dynamic link library
US5974470A (en) * 1997-09-03 1999-10-26 Chicago-Soft, Ltd. System for reducing conflicts among dynamic link library modules by aliasing modules

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6253257B1 (en) 1997-07-31 2001-06-26 Bea Systems, Inc. Software Interface for dynamic API mapping
US6259985B1 (en) 1999-12-22 2001-07-10 Visteon Global Technologies, Inc. Method and system for indicating vehicle braking in an adaptive speed control system
US6779179B1 (en) 2000-03-20 2004-08-17 Exent Technologies, Inc. Registry emulation
GB0011020D0 (en) 2000-05-09 2000-06-28 Ibm Intercepting system API calls
US6874149B1 (en) * 2000-06-28 2005-03-29 Microsoft Corporation Hooking of replacement and augmented API functions
US20070261044A1 (en) 2006-05-04 2007-11-08 Jonathan Clark Chained Hook Function Serving Multiple Versions Of Identically Named Dynamically Loaded Libraries

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5946486A (en) * 1996-12-10 1999-08-31 International Business Machines Corporation Apparatus and method for tracing entries to or exits from a dynamic link library
US5974470A (en) * 1997-09-03 1999-10-26 Chicago-Soft, Ltd. System for reducing conflicts among dynamic link library modules by aliasing modules

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9274814B2 (en) 2006-05-04 2016-03-01 Vmware, Inc. Enhanced hook function for use with different versions of a dynamically loaded library
US8978053B2 (en) 2006-05-04 2015-03-10 Vmware, Inc. Enhanced hook function for use with different versions of a dynamically loaded library
US9274768B2 (en) 2008-03-25 2016-03-01 Microsoft Technology Licensing, Llc Runtime code hooking for print driver and functionality testing
US20090249368A1 (en) * 2008-03-25 2009-10-01 Microsoft Corporation Runtime Code Hooking
US8793662B2 (en) 2008-03-25 2014-07-29 Microsoft Corporation Runtime code hooking for print driver and functionality testing
WO2010103247A1 (en) * 2009-03-12 2010-09-16 Giovanni Albani Methods and devices for updating a client/server application without a client-side application restart
US8627305B1 (en) * 2009-03-24 2014-01-07 Mcafee, Inc. System, method, and computer program product for hooking code inserted into an address space of a new process
US20100299659A1 (en) * 2009-05-20 2010-11-25 Microsoft Corporation Attribute based method redirection
US8479177B2 (en) * 2009-05-20 2013-07-02 Microsoft Corporation Attribute based method redirection
US8954929B2 (en) * 2010-03-29 2015-02-10 Microsoft Corporation Automatically redirecting method calls for unit testing
US20110239194A1 (en) * 2010-03-29 2011-09-29 Microsoft Corporation Automatically redirecting method calls for unit testing
KR101052586B1 (en) 2010-08-20 2011-07-29 주식회사 파수닷컴 Recording medium recording program for preventing hook re-entry and method thereof in computer
US20120265946A1 (en) * 2011-04-12 2012-10-18 Appsense, Limited Bypassing user mode redirection
US9753791B2 (en) * 2011-12-06 2017-09-05 Appdynamics Llc Analytics data collection with low integration cost for dynamic message passing systems
US20160321120A1 (en) * 2011-12-06 2016-11-03 Introspex, Inc. Analytics data collection with low integration cost for dynamic message passing systems
US9141356B2 (en) 2011-12-14 2015-09-22 Microsoft Technology Licensing, Llc Process for generating dynamic type
CN105094878A (en) * 2014-05-22 2015-11-25 阿里巴巴集团控股有限公司 System library file integration method and apparatus
US9836315B1 (en) * 2014-06-25 2017-12-05 Amazon Technologies, Inc. De-referenced package execution
US9405515B1 (en) * 2015-02-04 2016-08-02 Rockwell Collins, Inc. Computing systems utilizing controlled dynamic libraries and isolated execution spaces
CN106371940A (en) * 2015-07-21 2017-02-01 腾讯科技(深圳)有限公司 Solution method and device for program crash
CN107391219A (en) * 2017-07-07 2017-11-24 腾讯科技(深圳)有限公司 Function Compilation Method and device
CN108446224A (en) * 2018-03-06 2018-08-24 福建天泉教育科技有限公司 The method for analyzing performance, storage medium of application program on mobile terminal
CN110045998A (en) * 2019-04-22 2019-07-23 腾讯科技(深圳)有限公司 Load the method and device of dynamic base
CN112416366A (en) * 2019-08-23 2021-02-26 华为技术有限公司 Method, device and equipment for dynamically hooking Java language hooks
US20240411568A1 (en) * 2020-09-17 2024-12-12 Pax Computer Technology (Shenzhen) Co., Ltd. Method for operating application program, terminal device and computer-readable storage medium
CN112988353A (en) * 2021-03-12 2021-06-18 北京明朝万达科技股份有限公司 Operation control method and device for application program

Also Published As

Publication number Publication date
US9274814B2 (en) 2016-03-01
US20140082641A1 (en) 2014-03-20
US20150154037A1 (en) 2015-06-04
US8978053B2 (en) 2015-03-10

Similar Documents

Publication Publication Date Title
US9274814B2 (en) Enhanced hook function for use with different versions of a dynamically loaded library
US6298479B1 (en) Method and system for compiling and linking source files
CN100492301C (en) Method and system for avoiding software conflict
US6112025A (en) System and method for dynamic program linking
US7392527B2 (en) Driver-specific context for kernel-mode shimming
EP2049992B1 (en) Software transactional protection of managed pointers
US20200326984A1 (en) Docker-container-oriented method for isolation of file system resources
US7735075B2 (en) System and method for a pseudo dynamic link library (DLL) linker for a monolithic image in a wireless device
US20090249289A1 (en) Detecting memory errors using write integrity testing
US7856637B1 (en) Runtime emulating static thread local storage of portable executable software code
EP3882768A1 (en) Automatic injection of agents into processes executing statically linked binaries
JP2003507811A (en) Protocol for managing downloaded program fragments, method for verifying and converting downloaded program fragments, and corresponding system
US7757224B2 (en) Software support for dynamically extensible processors
US6351848B1 (en) Unitary data structure systems, methods, and computer program products, for global conflict determination
US20240411568A1 (en) Method for operating application program, terminal device and computer-readable storage medium
US6810519B1 (en) Achieving tight binding for dynamically loaded software modules via intermodule copying
EP1727043A2 (en) Dynamic mapping of shared libraries
US20100299659A1 (en) Attribute based method redirection
US20040123308A1 (en) Hybird of implicit and explicit linkage of windows dynamic link labraries
EP1376342A2 (en) Single pass intermediate language verification algorithm
US20060123403A1 (en) Device and method for processing a program code
US6658658B1 (en) Implicit forwarding and resolving of a reference made by an importing module to an exporting module for a specified export
US6499094B1 (en) Management of memory heap space for data files accessible to programs operating in different addressing modes
US6856994B2 (en) System and method for condensing application software
EP3522006A1 (en) Method for protecting an executable code

Legal Events

Date Code Title Description
AS Assignment

Owner name: VMWARE, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CLARK, JONATHAN;REEL/FRAME:021707/0821

Effective date: 20081006

STCB Information on status: application discontinuation

Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION

AS Assignment

Owner name: VMWARE LLC, CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:VMWARE, INC.;REEL/FRAME:067529/0596

Effective date: 20231121

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载