公开(公告)号：US20170185791A1

公开(公告)日：2017-06-29

申请号：US14998257

申请日：2015-12-24

Applicant: Intel Corporation

Inventor： Koichi YAMADA ,  Palanivelrajan SHANMUGAVELAYUTHAM ,  Chang Seok BAE

IPC: G06F21/62 ,  G06F21/55

CPC classification number: G06F21/52

Abstract: This disclosure is directed to a system for system for application program interface (API) monitoring bypass prevention. Operation of an API function may be preserved by generating a binary translation based on the API function native code. The native code may then be protected to prevent API monitoring bypassing. In one embodiment, access permission may be set to non-executable for a memory page in which the native code is stored. Attempts to execute the native code may generate exceptions triggering API monitoring. Alternatively, some or all of a body section of the native code may be replaced with at least one trap instruction that cause exceptions triggering API monitoring or engaging protective measures. Use of the trap instruction may be combined with at least one jump instruction added after a header section of the native code. Execution of the jump instruction may cause execution to be redirected to API monitoring.