公开(公告)号：US20170176979A1

公开(公告)日：2017-06-22

申请号：US15323032

申请日：2014-08-29

Applicant: Emmett LALISH ,  Yulin JIN ,  Kristofer IVERSON ,  Gheorghe GHEORGHESCU ,  Xin TONG ,  Yang LIU ,  Microsoft Technology Licensing, LLC

Inventor： Emmett Lalish ,  Yulin Jin ,  Kristofer N. Iverson ,  Gheorghe Marius Gheorghescu ,  Xin Tong ,  Yang Liu

IPC: G05B19/4099 ,  B33Y50/02 ,  B33Y30/00 ,  B29C67/00 ,  B33Y10/00

CPC classification number: G05B19/4099 ,  B29C64/106 ,  B29C64/386 ,  B29C64/40 ,  B33Y10/00 ,  B33Y30/00 ,  B33Y50/00 ,  B33Y50/02 ,  G05B2219/35134 ,  G05B2219/49007 ,  G06F17/50

Abstract: The claimed subject matter includes techniques for printing three-dimensional (3D) objects. An example method includes obtaining a 3D model and processing the 3D model to generate layers of tool path information. The processing includes automatically optimizing the orientation of the 3D model to reduce an amount of support material used in the printing. The method also includes printing the 3D object using layers.

公开(公告)号：US07861296B2

公开(公告)日：2010-12-28

申请号：US11154267

申请日：2005-06-16

Applicant: Mihai Costea ,  Adrian Bivol ,  Adrian M. Marinescu ,  Anil Francis Thomas ,  Cenk Ergan ,  David Goebel ,  George C. Chicioreanu ,  Marius Gheorghe Gheorghescu ,  Michael R. Fortin

Inventor： Mihai Costea ,  Adrian Bivol ,  Adrian M. Marinescu ,  Anil Francis Thomas ,  Cenk Ergan ,  David Goebel ,  George C. Chicioreanu ,  Marius Gheorghe Gheorghescu ,  Michael R. Fortin

IPC: G06F11/00

CPC classification number: G06F21/51 ,  G06F21/566

Abstract: The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.

Abstract translation: 本发明涉及一种用于将数据有效地加载到存储器中以便扫描恶意软件的数据的系统，方法和计算机可读介质。 本发明提供的逻辑提高了用户在操作受防病毒软件保护的计算机时的体验。 本发明的一个方面是从计算机可读介质中识别文件中的数据被加载到存储器中的模式的方法。 然后，该方法识别可以以最小化在文件中读取数据所需的时间的方式将文件中的数据加载到存储器中的模式。 当调度文件的后续扫描时，该方法会使文件中的数据使用最小化文件中读取数据所需的时间的模式加载到内存中。

公开(公告)号：US20090199297A1

公开(公告)日：2009-08-06

申请号：US12025142

申请日：2008-02-04

Applicant: Michael S. Jarrett ,  Adrian M. Marinescu ,  Marius Gheorghe Gheorghescu ,  George C. Chicioreanu

Inventor： Michael S. Jarrett ,  Adrian M. Marinescu ,  Marius Gheorghe Gheorghescu ,  George C. Chicioreanu

IPC: G06F21/24

CPC classification number: G06F21/566

Abstract: An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.

Abstract translation: 提供扫描和修补在计算机系统上运行的其他合法进程中执行的注入的恶意软件代码的布置，​​其中通过提取进程的线程的开始地址然后在这些地址附近进行搜索，其中恶意代码位于进程的存储器中。 由每个起始地址识别的代码调用的内存中的其他代码块也被识别，然后将块与已知恶意软件线程相关的扫描签名进行匹配。 如果整个签名可以与块的子集进行匹配，则确定线程被感染。 受感染的线程被暂停，并且执行内存中的修改来修补注入的代码以使其无害化。 可以恢复或终止线程以禁用恶意软件的保护机制，而不会对注入线程的进程造成任何损害。

公开(公告)号：US08387139B2

公开(公告)日：2013-02-26

申请号：US12025142

申请日：2008-02-04

Applicant: Michael S. Jarrett ,  Adrian M Marinescu ,  Marius Gheorghe Gheorghescu ,  George C. Chicioreanu

Inventor： Michael S. Jarrett ,  Adrian M Marinescu ,  Marius Gheorghe Gheorghescu ,  George C. Chicioreanu

IPC: G06F12/14 ,  G06F12/16 ,  G06F11/00

CPC classification number: G06F21/566

Abstract: An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.

Abstract translation: 提供扫描和修补在计算机系统上运行的其他合法进程中执行的注入的恶意软件代码的布置，​​其中通过提取进程的线程的开始地址然后在这些地址附近进行搜索，其中恶意代码位于进程的存储器中。 由每个起始地址识别的代码调用的内存中的其他代码块也被识别，然后将块与已知恶意软件线程相关的扫描签名进行匹配。 如果整个签名可以与块的子集进行匹配，则确定线程被感染。 受感染的线程被暂停，并且执行内存中的修改来修补注入的代码以使其无害化。 可以恢复或终止线程以禁用恶意软件的保护机制，而不会对注入线程的进程造成任何损害。

公开(公告)号：US07660797B2

公开(公告)日：2010-02-09

申请号：US11139409

申请日：2005-05-27

Applicant: Adrian M Marinescu ,  George C Chicioreanu ,  Marius Gheorghe Gheorghescu ,  Scott A Field

Inventor： Adrian M Marinescu ,  George C Chicioreanu ,  Marius Gheorghe Gheorghescu ,  Scott A Field

IPC: G06F7/00 ,  G06F17/30 ,  G06F11/00 ,  G06F12/14 ,  G06F12/16 ,  G08B23/00

CPC classification number: G06F21/56

Abstract: The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when antivirus software on a computer encounters a file with a restrictive access attribute that prevents the file from being scanned. More specifically, the method includes identifying the restrictive access attribute that limits access to the file; bypassing the restrictive access attribute to access data in the file; and using a scan engine to scan the data in the file for malware.

Abstract translation: 本发明涉及一种系统，方法和计算机可读介质，其扫描文件以维护限制对该文件的访问的限制性访问属性的恶意软件。 根据本发明的一个方面，当计算机上的防病毒软件遇到具有阻止文件被扫描的限制性访问属性的文件时，提供了用于执行恶意软件扫描的方法。 更具体地，该方法包括识别限制对文件的访问的限制性访问属性; 绕过限制访问属性访问文件中的数据; 并使用扫描引擎来扫描文件中的恶意软件数据。

公开(公告)号：US20060123244A1

公开(公告)日：2006-06-08

申请号：US11005000

申请日：2004-12-06

Applicant: Gheorghe Gheorghescu ,  Adrian Marinescu ,  Adrian Stepan

Inventor： Gheorghe Gheorghescu ,  Adrian Marinescu ,  Adrian Stepan

IPC: H04L9/32

CPC classification number: G06F21/566 ,  G06F21/563

Abstract: The present invention includes a system and method for translating potential malware devices into safe program code. The potential malware is translated from any one of a number of different types of source languages, including, but not limited to, native CPU program code, platform independent .NET byte code, scripting program code, and the like. Then the translated program code is compiled into program code that may be understood and executed by the native CPU. Before and/or during execution, the present invention causes a scanner to search for potential malware stored in memory. If malware is not detected, the computing device causes the CPU to execute the translated program code. However, execution and/or analysis of potential malware may be interrupted if computer memory that stores potential malware is altered during execution. In this instance, the potential malware now stored in memory is translated into safe program code before being executed.

公开(公告)号：US20060161988A1

公开(公告)日：2006-07-20

申请号：US11035584

申请日：2005-01-14

Applicant: Mihai Costea ,  Adrian Marinescu ,  Anil Thomas ,  Gheorghe Gheorghescu ,  Kyle Larsen ,  Vadim Bluvstein

Inventor： Mihai Costea ,  Adrian Marinescu ,  Anil Thomas ,  Gheorghe Gheorghescu ,  Kyle Larsen ,  Vadim Bluvstein

IPC: G06F11/00

CPC classification number: G06F21/56 ,  G06F21/6209 ,  G06F21/64

Abstract: The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.

Abstract translation: 本发明提供了用于隔离文件的系统，方法和计算机可读介质。 本发明的实施例包括在维护用户界面的防病毒软件中。 从用户界面，用户可能会发出隔离文件的命令，或者在识别恶意软件后，防病毒软件可以自动启动隔离进程。 当文件被标记为隔离区时，本发明的方面用可逆的功能对文件数据进行编码。 然后识别一组描述文件属性的元数据，包括用于限制对文件访问的任何更高级的安全功能。 元数据移动到隔离文件夹，而编码文件保留在文件系统中的相同位置。 因此，编码文件保持与原始，未隔离文件相同的文件属性，包括任何更高级的安全功能。