公开(公告)号：US20170243001A1

公开(公告)日：2017-08-24

申请号：US15590582

申请日：2017-05-09

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F21/53 ,  H04W12/02 ,  H04L29/06 ,  G06F21/31 ,  G06F9/445 ,  G06F9/54 ,  H04L29/08 ,  G06F21/54 ,  G06F21/60 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides system for facilitating replacement of a system function in an application with a customized function. During operation, the system shifts an existing load command in a file of an application to accommodate an additional load command. The system also adds the additional load command to the file. The additional load command identifies additional instructions that change a pointer of the application from a value that points to a system function to another value that points to a customized function.

公开(公告)号：US10037199B2

公开(公告)日：2018-07-31

申请号：US14689787

申请日：2015-04-17

Applicant: VMware, Inc.

Inventor： Perry Hung ,  Harvey Tuch ,  Craig F. Newell ,  Haim Tebeka

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F8/54 ,  G06F21/54 ,  G06F9/54 ,  G06F9/445 ,  G06F21/31 ,  G06F21/60 ,  G06F21/53 ,  H04W12/02 ,  G06F8/61 ,  H04L29/08 ,  H04L29/06 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/0027 ,  H04W12/02

Abstract: In an example, a method of creating a secured workspace in a mobile device includes installing an application management agent on the mobile device, wherein the application management agent is configured to communicate with a remote server to obtain a security policy. The method further includes installing a wrapped enterprise application to the mobile device. The wrapped enterprise application includes code injected therein that, when executed by the mobile device, causes the mobile device to intercept at least a portion of instructions being executed by the wrapped enterprise application and to interpose alternative instructions that comply with the security policy. The method further includes communicating among the wrapped enterprise application, the application management agent, and other wrapped enterprise applications through pasteboard and uniform resource locator (URL) handlers provided by an operating system of the mobile device.

公开(公告)号：US20140059573A1

公开(公告)日：2014-02-27

申请号：US13775047

申请日：2013-02-22

Applicant: VMWARE, INC.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/445

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the system disclosed herein facilitates identifying a system call in an application and replacing the identified system call with a customized function call. During operation, the system executes an executable file of the application, wherein the executable file has been modified to execute a hooking and injection manager at run time. Prior to executing the system call, the system executes the hooking and injection manager. While executing the hooking and injection manager, the system determines, from a symbol table, a symbol table index value corresponding to a symbol associated with the system call. The system further determines an import table entry storing a pointer to the system call based on the symbol table index value, and changes the pointer in the import table entry so that the pointer indicates an address of the customized function call.

Abstract translation: 本文公开的系统的一个实施例有助于在应用程序中识别系统调用，并用定制的功能调用替换所识别的系统调用。 在操作期间，系统执行应用程序的可执行文件，其中可执行文件已被修改以在运行时执行挂钩和注入管理器。 在执行系统调用之前，系统执行挂钩和注入管理器。 在执行挂钩和注入管理器时，系统从符号表确定与系统调用相关联的符号对应的符号表索引值。 系统还基于符号表索引值确定存储指向系统调用的指针的导入表条目，并且改变导入表条目中的指针，使得指针指示定制的函数调用的地址。

公开(公告)号：US20140059525A1

公开(公告)日：2014-02-27

申请号：US13756347

申请日：2013-01-31

Applicant: VMWARE, INC.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/445

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides a system for facilitating replacement of a system call in an application with a customized function call. During operation, the system re-links the application's executable file with additional code or dynamically injects the additional code to the application's executable file during run time. The additional code can change a pointer in a table which indicates addresses of imported functions so that the pointer indicates an address of the customized function call.

Abstract translation: 本发明的一个实施例提供了一种用于在具有定制的功能呼叫的应用中便于更换系统呼叫的系统。 在运行期间，系统将应用程序的可执行文件与其他代码重新链接，或者在运行时间内将附加代码动态地注入到应用程序的可执行文件中。 附加代码可以更改表中的指针，该指针指示导入的函数的地址，以便指针指示自定义函数调用的地址。

公开(公告)号：US10725756B2

公开(公告)日：2020-07-28

申请号：US16031205

申请日：2018-07-10

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F8/54 ,  G06F21/54 ,  G06F9/54 ,  G06F21/60 ,  H04W12/02 ,  H04L29/06 ,  H04W12/00 ,  G06F9/445 ,  G06F21/31 ,  G06F21/53 ,  G06F8/61 ,  H04L29/08

Abstract: The present invention involves systems and methods for replacement of function calls. In one embodiment, a function call is intercepted and modified to enforce a policy on a client device. The function call is intercepted by scanning code loaded for a launch of an application. The function call includes a first pointer value. The function call is modified by changing a first pointer value to a second pointer value. The second pointer value points to a customized function.

公开(公告)号：US09665355B2

公开(公告)日：2017-05-30

申请号：US14826588

申请日：2015-08-14

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig F. Newell

IPC: G06F9/44 ,  G06F9/445 ,  G06F21/54 ,  G06F9/54 ,  G06F21/31 ,  G06F21/60 ,  G06F21/53 ,  H04W12/02 ,  H04L29/08 ,  H04L29/06 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: An example method includes modifying, prior to run time, an executable file of an application to cause an operating system loader to load additional code using a dynamically-linked library. Modifying the executable file includes determining whether the executable file includes sufficient unused space to accommodate a load command, and adding the load command to the executable file when the executable file includes sufficient unused space by: shifting, in the executable file, an existing load command that does not contain dependency information to make space for the load command; or identifying unused space outside of a data portion of the executable file that can be removed to accommodate the load command. The additional code, when executed by a processor, causes the processor to change a pointer in a table that indicates an address of an imported function implementing a system call so the pointer indicates an address of a customized function.

公开(公告)号：US09111087B2

公开(公告)日：2015-08-18

申请号：US13756347

申请日：2013-01-31

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/44 ,  G06F21/54 ,  G06F9/445 ,  G06F21/31 ,  G06F21/60 ,  G06F21/53 ,  H04W12/02 ,  H04L29/06 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the present invention provides a system for facilitating replacement of a system call in an application with a customized function call. During operation, the system re-links the application's executable file with additional code or dynamically injects the additional code to the application's executable file during run time. The additional code can change a pointer in a table which indicates addresses of imported functions so that the pointer indicates an address of the customized function call.

Abstract translation: 本发明的一个实施例提供了一种用于在具有定制的功能呼叫的应用中便于更换系统呼叫的系统。 在运行期间，系统将应用程序的可执行文件与其他代码重新链接，或者在运行时间内将附加代码动态地注入到应用程序的可执行文件中。 附加代码可以更改表中的指针，该指针指示导入的函数的地址，以便指针指示自定义函数调用的地址。

公开(公告)号：US20180329698A1

公开(公告)日：2018-11-15

申请号：US16031205

申请日：2018-07-10

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F8/54 ,  G06F9/54 ,  G06F21/54 ,  G06F21/60 ,  G06F21/31 ,  G06F9/445 ,  H04L29/08 ,  H04L29/06 ,  G06F8/61 ,  H04W12/02 ,  H04W12/00 ,  G06F21/53

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/0027 ,  H04W12/02

Abstract: The present invention involves systems and methods for replacement of function calls. In one embodiment, a function call is intercepted and modified to enforce a policy on a client device. The function call is intercepted by scanning code loaded for a launch of an application. The function call includes a first pointer value. The function call is modified by changing a first pointer value to a second pointer value. The second pointer value points to a customized function.

公开(公告)号：US10007782B2

公开(公告)日：2018-06-26

申请号：US15590582

申请日：2017-05-09

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/44 ,  G06F21/53 ,  G06F21/60 ,  H04W12/02 ,  H04L29/06 ,  H04W12/00 ,  G06F8/54 ,  G06F9/54 ,  G06F8/61 ,  H04L29/08 ,  G06F21/54 ,  G06F9/445 ,  G06F21/31

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/0027 ,  H04W12/02

Abstract: One embodiment of the present invention provides system for facilitating replacement of a system function in an application with a customized function. During operation, the system shifts an existing load command in a file of an application to accommodate an additional load command. The system also adds the additional load command to the file. The additional load command identifies additional instructions that change a pointer of the application from a value that points to a system function to another value that points to a customized function.

公开(公告)号：US09524154B2

公开(公告)日：2016-12-20

申请号：US13775047

申请日：2013-02-22

Applicant: VMware, Inc.

Inventor： Manish Jawa ,  Haim Tebeka ,  Craig Newell

IPC: G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/445 ,  G06F21/54 ,  G06F9/54 ,  G06F21/31 ,  G06F21/60 ,  G06F21/53 ,  H04W12/02 ,  H04L29/08 ,  H04L29/06 ,  H04W12/00

CPC classification number: G06F8/54 ,  G06F8/61 ,  G06F9/44521 ,  G06F9/54 ,  G06F21/31 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F21/604 ,  G06F2221/2107 ,  G06F2221/2143 ,  G06F2221/2149 ,  H04L63/0272 ,  H04L63/10 ,  H04L63/20 ,  H04L67/146 ,  H04W12/00 ,  H04W12/02

Abstract: One embodiment of the system disclosed herein facilitates identifying a system call in an application and replacing the identified system call with a customized function call. During operation, the system executes an executable file of the application, wherein the executable file has been modified to execute a hooking and injection manager at run time. Prior to executing the system call, the system executes the hooking and injection manager. While executing the hooking and injection manager, the system determines, from a symbol table, a symbol table index value corresponding to a symbol associated with the system call. The system further determines an import table entry storing a pointer to the system call based on the symbol table index value, and changes the pointer in the import table entry so that the pointer indicates an address of the customized function call.

Abstract translation: 本文公开的系统的一个实施例有助于在应用程序中识别系统调用，并用定制的功能调用替换所识别的系统调用。 在操作期间，系统执行应用程序的可执行文件，其中可执行文件已被修改以在运行时执行挂钩和注入管理器。 在执行系统调用之前，系统执行挂钩和注入管理器。 在执行挂钩和注入管理器时，系统从符号表确定与系统调用相关联的符号对应的符号表索引值。 系统还基于符号表索引值确定存储指向系统调用的指针的导入表条目，并且改变导入表条目中的指针，使得指针指示定制的函数调用的地址。