公开(公告)号：US10936380B1

公开(公告)日：2021-03-02

申请号：US16198430

申请日：2018-11-21

Applicant: STEALTHbits Technologies, Inc.

Inventor： Mikalaj Abramau

IPC: G06F9/54 ,  G06F16/17

Abstract: A method is described. The method includes checking a raw event generated by a file system against a set of predicates conditions indicative of a high-level user operation. The method also includes filtering multiple raw events with a finite state machine (FSM) in response to determining that the raw event matches a predicate condition. The method further includes identifying a single high-level event for the high-level user operation based on the multiple raw events filtered by the FSM.

公开(公告)号：US09298432B1

公开(公告)日：2016-03-29

申请号：US14656507

申请日：2015-03-12

Applicant: STEALTHbits Technologies, Inc.

Inventor： Mikalaj Abramau

IPC: G06F9/45

CPC classification number: G06F8/41 ,  G06F9/44521 ,  G06F9/4552

Abstract: A computing device configured for replacing a target method in intermediate language code is described. The computing device includes a processor. The computing device also includes memory in electronic communication with the processor. The computing device further includes instructions stored in the memory. The instructions are executable to import a hook method and hook type into a caller method module. The instructions are also executable to replace, in intermediate language code, any call to the target method in a caller method body with a call to the hook method. The instructions are further executable to compile the intermediate language code to assembly language code. The instructions are additionally executable to call the hook method in place of the target method.

Abstract translation: 描述了用于替换中间语言代码中的目标方法的计算设备。 计算设备包括处理器。 计算设备还包括与处理器进行电子通信的存储器。 计算设备还包括存储在存储器中的指令。 这些指令是可执行的，可以将一个挂钩方法和钩子类型导入到调用方法模块中。 这些指令也是可执行的，用中间语言代码替换调用方法主体中对目标方法的任何调用。 指令还可执行，以将中间语言代码编译成汇编语言代码。 这些指令是可执行的，可以调用hook方法来代替目标方法。