	US 11,989,572 B2
	Computer system enabled with runtime software module tracking
Pavel Furman, Netanya (IL); Idan Bartura, Herzliya (IL); and Aviv Mussinger, Tel Aviv (IL)
Assigned to KODEM SECURITY LTD., Tel Aviv (IL)
Filed by Kodem Security Ltd., Tel Aviv (IL)
Filed on Jul. 18, 2022, as Appl. No. 17/813,220.
Prior Publication US 2024/0020140 A1, Jan. 18, 2024
Int. Cl. G06F 9/451 (2018.01); G06F 9/30 (2018.01); G06F 9/455 (2018.01)

CPC G06F 9/45508 (2013.01) [G06F 9/30043 (2013.01); G06F 9/30123 (2013.01)]

19 Claims

1. A processor-based method of runtime identification of a loading of a software-module, in a computer system, the software-module being associated with a first application framework, the method comprising:

a) detecting, by a first interposition function, an invocation of a first function, wherein the first function is associated with loading of software-modules within the first application framework;

b) identifying a software-module being loaded,

the identifying utilizing, at least one of:

i) parameter data supplied in the invocation of the first function,

ii) context of an operating system process invoking the first function, and

iii) data that was stored responsive to detecting, by a respective interposition function, one or more prior invocations of respective functions associated with loading of software-modules within the first application framework; and

c) adding the identified software-module to a list of software-modules, wherein the list comprises zero or more active software modules.