The present invention relates to a method and system for intercepting an application program interface within a computer system, in general and to a method and system of diverting control from an application program interface to user supplied functions within a computer system, in particular. The present invention further includes dynamic installation of associated software, within the user portion of an operating system and within the kernel portion of the operating system for the implementation thereof.
The present invention provides a method of implementing better security within a computer system and enhances security capabilities for systems such as Windows and NT. The present invention further provides a method of better control over function call routines also known as application program interface routines (API) in a manner transparent to the user.
Numerous security systems have previously been proposed and implemented in various systems such as UNIX and the like. None of the previous solutions provide an efficient, time saving and cost effective manner for controlling APIs. On the contrary, previous systems, relating to security in general, have resulted in high costs to users to implement, maintain and upgrade said systems.
Previously known systems, such as the Windows and NT operating systems, fail to secure computer systems making use of APIs from misuse of APIs. There is thus a need for a method for intercepting an application program interface within a computer system.
Therefore it is the object of the present invention to provide a method and system whereby API functions called by user applications are not allowed to execute unless the calling process has the requisite authority and privilege.
One application of such a system could be a security application whereby certain API functions called by user applications are not allowed to execute unless the calling process has the requisite authority and privilege.
Another application might include a system profiler whereby any or all API function calls issued by an application are tracked and used to generate statistics about the behavior of the user application.
Yet another application might include intensive parameter checking in conjunction with parameter filtering or parameter correction, whereby any or all API function input parameters sent by the calling application program and the return values from the API routine itself are handled according to prescribed rules.
Constructive in the abstraction of providing API function interception in a computerized environment is that the user-supplied code can be inserted and installed within the operating system where it can be accessed.