1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a behavior-blocking system and method.
2. Description of the Related Art
Buffer overflow techniques have been used by malicious hackers and virus writers to attack computer systems. Buffers are data storage areas, which generally hold a predefined amount of finite data. A buffer overflow occurs when a program attempts to store data into the buffer, where the data is larger than the size of the buffer.
One category of buffer overflow, sometimes called stack-based buffer overflow, involves overwriting stack memory. Stack-based buffer overflow is typically caused by programs that do not verify the length of the data being copied into a buffer.
When the data exceeds the size of the buffer, the extra data can overflow into the adjacent memory locations. In this manner, it is possible to corrupt valid data and possibly to change the execution flow and instructions. Thus, by exploiting a buffer overflow, it is possible to inject malicious code, sometimes called shell code, into the execution flow.
In the case of a kernel mode buffer overflow attack, the attacker gains kernel mode privilege of the host computer system. Because kernel mode privilege is the highest privilege, the attacker has the ability to do essentially anything on the host computer system, including reprogramming of the processor or other devices of the host computer system thus seriously damaging, destroying or otherwise exploiting the host computer system.