Because of the nature of software calls between software modules, it is relatively easy to trap calls to steal input and output information generated by those calls. The “man in the middle” type of security attack is a means for rogue or virus software to masquerade as legitimate software. This type of rogue or virus software can thereby obtain critical data, because the caller assumes the target is valid. In a secure environment, target software needs to ensure that it is receiving calls from a trusted source—e.g. authorization & authentication—and delivering information back to the same trusted source. The calling software may also need to ensure a host is valid.
In the prior art, the security uses a handshake, password, or memory range checks of the callers. However, all of these security precautions are easily circumvented by a caller.
Another prior art method of solving the security problem is computing the hash of the complete target software for each function call or IOCTL, to determine whether it's legitimate caller. However generating such a complete hash is a time consuming activity. Furthermore, once the hash has been validated, virus software can step in to capture function calls.