Method and system for identifying software revisions from memory images
   
   

A method for identifying software executing on a computer system from a memory image defining at a particular time a state of the executing software. The method includes populating a comparison file for the computer system with executable signatures. The executable signatures correspond to preselected executables that can be run on the computer system, such as kernel software, and include version identifying information. Executables are located in the received memory image and are then processed to generate comparison information. The comparison information is compared to the version identifying information to identify software. Executable text segments in the preselected executables are isolated, and offset, size, and checksum are determined for inclusion in the executable signature. The executable text segments in the memory image are isolated and a checksum determined. The checksum information is then compared to achieve matches and to accurately identify software versions running on the computer system.

 
Web www.patentalert.com

< Multilayered optical thin-film filter, method of designing the same and filter module utilizing the same

< Wiring board, method of manufacturing the same, electronic component, and electronic instrument

> Photo-induced electron transfer fluorescent sensor molecules

> Multi-bank memory array architecture utilizing topologically non-uniform blocks of sub-arrays and input/output assignments in an integrated circuit memory device
~ 00113