Abstract: Apparati, computer-implemented methods, and computer-readable media for thwarting map-loaded module (8) attacks on a digital computer (1). Within the computer (1) is an intermediate location such as a registry (10) containing mappings from generic names (4) of map-loaded modules (8) to specific locations (5) of the map-loaded modules (8). Coupled to the intermediate location (10) is a monitor module (20) adapted to monitor attempts to replace existing mappings (5) of map-loaded modules (8) with replacement mappings (5). Coupled to the map-loaded modules (8) is a file system monitor;module (70) adapted to monitor attempts to insert new map-loaded modules (8) into the computer (1). Coupled to the monitor module (20) and to the file system monitor module (70) is a programmable control module (30) adapted to determine when a change in mapping constitutes a malicious code attack.