In the recent past, computing devices have transformed from relatively expensive, low functionality machines to relatively inexpensive machines that can perform a variety of functions including browse the Internet, manage finances, generate documents, perform complex mathematical computations, etc. To allow for such functionality in modern computing devices, processors can be configured to execute relatively complex code. In an example, source code pertaining to a kernel of an operating system may be thousands or millions of lines of code, wherein such code can include generic pointers. Use of generic pointers in code renders it difficult to ascertain a type of a data object pointed to by such generic pointer.
Pursuant to an example, modern operating systems are vulnerable to various types of attacks. For instance, kernel mode malware represents a significant threat because of an ability to compromise the security of the kernel and thus an entirety of a software stack. For instance, kernel mode malware can tamper with kernel code and data to hide itself and collect useful information from certain system events (e.g., keystrokes). To mitigate the security threat, integrity of the kernel code in its entirety and data corresponding thereto should be verified. It is, however, relatively difficult to check integrity of dynamic data corresponding to the kernel of the operating system due to unpredictable memory locations of the dynamic data and constantly changing nature.
Locating dynamic kernel objects in memory in a computing system and identifying types of such objects is a first step toward enabling systematic integrity checks of dynamic kernel data. For example, to locate a dynamic data object, a reference to such object must be found which is often in the form of a pointer. In conventional systems that are configured to traverse memory of the computing system and follow pointer references to determine types of data objects, generic pointers are unable to be followed because such systems leverage type definitions only, and thus cannot ascertain target data object types of generic pointers.