Abstract: Systems, methods, and software can be used to detect software errors in a binary code. In some aspects, a method comprises: obtaining a binary code; generating a base memory-write profile for the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of the binary code according to a base input; for each of a plurality of test inputs, generating a test memory-write profile for the binary code, wherein the test memory-write profile comprises a count of memory updates for each memory location during an execution of the binary code according to the test input; comparing the base memory-write profile and the plurality of test memory-write profiles; and generating a notification based on the comparison, wherein the notification indicates whether there is a difference between the base memory-write profile and the plurality of test memory-write profiles.

Abstract: A computer-implemented method is disclosed. The method includes: identifying a set of program variables associated with a computer program; generating a profile of variable writes for the computer program based on tracking, for each variable in the set of program variables: a count of memory write operations for writing to the variable; and timestamps associated with the memory write operations; detecting a trigger condition associated with the set of program variables, the detecting including: monitoring a pattern of memory accesses by the computer program, the pattern of memory accesses indicating accesses of memory allocated to variables in the set of program variables; and detecting a deviation of the pattern of memory accesses from the profile of variable writes; and in response to detecting the trigger condition, generating a notification indicating an attack status on the computer program.

Abstract: Systems, methods, and software can be used to identify API use in a binary code. In some aspects, a method comprises: obtaining a base memory-write profile description for a binary code, wherein the description comprises: a base memory-write profile for each of a plurality of API calls in the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of a corresponding API call; receiving an execution request that invokes the binary code; generating an execution memory-write profile for the request, wherein the execution memory-write profile comprises a count of memory updates for each memory location during an execution of the request; determining, based on a comparison between the execution memory-write profile and the base memory-write profiles in the description, an API call corresponding to the request; and generating a notification indicating the determined API call.

Abstract: Methods and systems for monitoring the behavior of a process. A profile of a software module is obtained. An association request is received from a process. The association request includes an identifier. In response to receiving the association request, successfully validating the identifier based on the profile and establishing an association of a token to data associated with the identifier. A disassociation request is received from the process. The disassociation request includes a token. In response to receiving the disassociation request, using the token to retrieve the data associated with the identifier, determining that the disassociation request is invalid based on the profile and the data associated with the identifier, and based on the determination that the disassociation request is invalid, taking an action.

Abstract: Systems, methods, and software can be used to identify API use in a binary code. In some aspects, a method comprises: obtaining a base memory-write profile description for a binary code, wherein the description comprises: a base memory-write profile for each of a plurality of API calls in the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of a corresponding API call; receiving an execution request that invokes the binary code; generating an execution memory-write profile for the request, wherein the execution memory-write profile comprises a count of memory updates for each memory location during an execution of the request; determining, based on a comparison between the execution memory-write profile and the base memory-write profiles in the description, an API call corresponding to the request; and generating a notification indicating the determined API call.

Abstract: Systems, methods, and software can be used to detect software errors in a binary code. In some aspects, a method comprises: obtaining a binary code; generating a base memory-write profile for the binary code, wherein the base memory-write profile comprises a count of memory updates for each of a plurality of memory locations during an execution of the binary code according to a base input; for each of a plurality of test inputs, generating a test memory-write profile for the binary code, wherein the test memory-write profile comprises a count of memory updates for each memory location during an execution of the binary code according to the test input; comparing the base memory-write profile and the plurality of test memory-write profiles; and generating a notification based on the comparison, wherein the notification indicates whether there is a difference between the base memory-write profile and the plurality of test memory-write profiles.

Abstract: A computer-implemented method is disclosed. The method includes: identifying a set of program variables associated with a computer program; generating a profile of variable writes for the computer program based on tracking, for each variable in the set of program variables: a count of memory write operations for writing to the variable; and timestamps associated with the memory write operations; detecting a trigger condition associated with the set of program variables, the detecting including: monitoring a pattern of memory accesses by the computer program, the pattern of memory accesses indicating accesses of memory allocated to variables in the set of program variables; and detecting a deviation of the pattern of memory accesses from the profile of variable writes; and in response to detecting the trigger condition, generating a notification indicating an attack status on the computer program.

Abstract: There is provided a method for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language, in particular Java, wherein a protected application is created by adding a protection module to the application, analyzing a first method to be protected of a plurality of methods of a first class of the application and determining first parameters needed for executing the first method, generating first gate code depending on the determined first parameters, replacing the first code of the first method by said first gate code and storing the replaced first code such that it can be accessed by the protection module during execution of the protected application, wherein, when the first method is called during execution of the protected application, the first gate code collects first data based on the determined first parameters and transmits the collected first data to the protection module, the protection module accesses the stored first code and generates a

Abstract: There is provided a method for selectively protecting one of a plurality of methods of a class of an application written in an object-orientated language, in particular Java, wherein a protected application is created by adding a protection module to the application, analyzing a first method to be protected of a plurality of methods of a first class of the application and determining first parameters needed for executing the first method, generating first gate code depending on the determined first parameters, replacing the first code of the first method by said first gate code and storing the replaced first code such that it can be accessed by the protection module during execution of the protected application, wherein, when the first method is called during execution of the protected application, the first gate code collects first data based on the determined first parameters and transmits the collected first data to the protection module, the protection module accesses the stored first code and generates a