A method includes hooking a critical operating system function, stalling a call to the critical operating system function originating from a call module, determining a location of the call module in a kernel address space of a memory, and determining whether the location is in a driver area of the kernel address space. Upon a determination that the call module is not in the driver area, the method further includes taking protective action to protect a host computer system. In this event, it is highly likely that the call module is malicious code that has been injected into the kernel stack/heap through a malicious kernel mode buffer overflow attack. By taking protective action, exploitation, damage or destruction of the host computer system is prevented.
Please note there is up to 60 days of latency in this Status indicator for certain status conditions. You can obtain up-to-date Status indicator readings by ordering PAIR for the file.
An application with the status "Published" (which means it is pending) may be recently abandoned, but not yet updated to reflect its abandoned status. However, an application filed less than one year ago is unlikely to be abandoned.
A patent with the status "Granted" may be recently expired, but not yet updated to reflect its expired status. However, it is highly unlikely a patent less than 3.5 years old would be expired.
An application with the status "Abandoned" is almost always current, but there is a small chance it was recently revived and the status not yet updated.
This priority date is an estimated earliest
priority date and is purely an estimation. This date should not be
taken as legal conclusion. No representations are made as to the
accuracy of the date listed. Please consult a legal professional
before relying on this date.