首页>
外国专利>
Malware investigation by analyzing computer memory
Malware investigation by analyzing computer memory
展开▼
机译:通过分析计算机内存进行恶意软件调查
展开▼
页面导航
摘要
著录项
相似文献
摘要
Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.
展开▼