Method to analyze a program for presence of computer viruses by examining the opcode for faults before emulating instruction in emulator
Number of patents in Portfolio can not be more than 2000
United States of America Patent
Stats
-
Oct 12, 1999
Grant Date -
N/A
app pub date -
Apr 16, 1997
filing date -
Apr 16, 1997
priority date (Note) -
In Force
status (Latency Note)
Importance
Abstract
A computer-implemented apparatus and method for countering attempts of polymorphic viruses to evade detection by emulation-based scanners. Such attempts try to exploit differences between the real and virtual execution of instructions. The invention includes a fault manager (158) integrated into the CPU emulator (154) of a virus scanner software product. Before each instruction is emulated by the CPU emulator (154), the fault manager (158) examines the opcode of the instruction to determine (310) whether a 'fault' is triggered. If a fault is triggered, the fault manager (158) saves (314) a state record on a fault stack (162), then interrupts (316) to a corresponding fault handler routine (160). The criteria for triggering a fault and the corresponding fault handler routine (160) may be obtained from an updatable data file (164).
First Claim
Family
International Classification(s)
Cited Art Landscape
Patent Citation Ranking
Advertisement
Advertisement
Advertisement
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully