{"schema_version":"1.0","canonical_url":"https://patentable.app/patents/US-10528735","patent":{"patent_number":"US-10528735","title":"Malicious code protection for computer systems based on process modification","assignee":null,"inventors":[],"filing_date":"2015-05-08T00:00:00.000Z","publication_date":"2020-01-07T00:00:00.000Z","cpc_codes":["G06F","G06F","G06F","G06F"],"num_claims":20,"abstract":"Various approaches are described herein for, among other things, detecting and/or neutralizing attacks by malicious code. For example, instance(s) of a protected process are modified upon loading by injecting a runtime protector that creates a copy of each of the process' imported libraries and maps the copy into a random address inside the process' address space to form a “randomized” shadow library. The libraries loaded at the original address are modified into a stub library. Shadow and stub libraries are also created for libraries that are loaded after the process creation is finalized. Consequently, when malicious code attempts to retrieve the address of a given procedure, it receives the address of the stub procedure, thereby neutralizing the malicious code. When the original program's code (e.g., the non-malicious code) attempts to retrieve the address of a procedure, it receives the correct address of the requested procedure (located in the shadow library)."},"analysis":{"summary":null,"layman_explanation":null,"technical_analysis":null,"business_analysis":null,"faqs":null,"topics":[],"tech_cluster":null},"seo":{"title":"Malicious code protection for computer systems based on process modification","description":"Various approaches are described herein for, among other things, detecting and/or neutralizing attacks by malicious code. For example, instance(s) of a protected process are modified upon loading by i","keywords":[]},"attribution":{"source":"Patentable","source_url":"https://patentable.app","canonical_url":"https://patentable.app/patents/US-10528735","license":"CC-BY-4.0-like","license_terms":"AI-generated analysis on this page (summary, layman_explanation, technical_analysis, business_analysis, faqs) may be reused with attribution and a visible link back to the canonical URL above. Patent abstracts, claims, and bibliographic data are USPTO public domain.","required_link":"https://patentable.app/patents/US-10528735","citation_suggestion":"Patentable. \"Malicious code protection for computer systems based on process modification\" (US-10528735). https://patentable.app/patents/US-10528735","copyright_holder":"Nomic Interactive Technology LLC"},"links":{"html":"https://patentable.app/patents/US-10528735","json":"https://patentable.app/api/llm-context/US-10528735","site":"https://patentable.app","llms_txt":"https://patentable.app/llms.txt"},"generated_at":"2026-05-31T06:58:52.324Z"}