US 12,259,967 B2
Preserving DLL hooks
Anil Gupta, Bangalore (IN); and Harinath Vishwanath Ramchetty, Bangalore (IN)
Assigned to SentinelOne, Inc., Mountain View, CA (US)
Filed by SentinelOne, Inc., Mountain View, CA (US)
Filed on Dec. 28, 2023, as Appl. No. 18/398,791.
Application 18/398,791 is a continuation of application No. 17/374,087, filed on Jul. 13, 2021, granted, now 11,899,782.
Prior Publication US 2024/0176874 A1, May 30, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/54 (2013.01); G06F 21/55 (2013.01); G06F 21/57 (2013.01)
CPC G06F 21/54 (2013.01) [G06F 21/554 (2013.01); G06F 21/577 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
modifying memory to include a reference to a security dynamic link library (DLL) such that invocation of a function associated with a native DLL is redirected to the security DLL using the reference to the security DLL;
generating an entry in a mapping, wherein the entry comprises the reference to the security DLL and a native DLL signature of the native DLL;
receiving, from a source, instructions referencing an address in memory;
restricting the address in memory from access by the source based on a determination that the address in memory corresponds to the entry in the mapping;
in response to a write request to write to the address, blocking writing and returning a confirmation of successful execution of the write request; and
returning at least a portion of the native DLL signature back to the source.