Exploit detection based on profiling events

摘要

Certain embodiments described herein execute, for an application, an application in a system having an operating system, event trace for the application, analyze each instruction pointer from the event trace, An electronic device is provided that can be configured to determine whether a pointer indicates an orphan page of memory. An orphan page may be an area of code that is not associated with an application, an area of unidentified code, or an abnormal code that is not associated with an application. Further, the event trace is an embedded application that is a part of the operating system.