Claims
- 1. A method for determining a machine independent unique identifier for an executable file, the method comprising:
receiving a request to uniquely identify an executable file that has been installed on a given machine; identifying portions of the executable file modified as a result of installation of the executable file on the given machine; and determining a machine independent unique identifier by performing a calculation on the executable file, said calculation excluding at least the identified portions of the executable file modified as a result of installation of the executable file on the given machine.
- 2. The method of claim 1, wherein said executable file comprises a computer program.
- 3. The method of claim 1, wherein said executable file comprises a loadable library.
- 4. The method of claim 1, wherein said executable file comprises a driver.
- 5. The method of claim 1, wherein said identifying step includes identifying import information in the executable file.
- 6. The method of claim 1, wherein said identifying step includes identifying at least one import table in the executable file.
- 7. The method of claim 6, wherein said at least one import table includes a bound import table.
- 8. The method of claim 6, wherein said at least one import table includes an import address table.
- 9. The method of claim 1, wherein said determining step includes substituting a zero value for portions of the executable file determined to be modified as a result of installation on the given machine.
- 10. The method of claim 1, wherein said determining step includes performing the calculation only on portions of the executable file determined not to be modified as a result of installation.
- 11. The method of claim 1, wherein said determining step includes excluding import information from the calculation.
- 12. The method of claim 1, wherein the calculation on the executable file comprises a checksum calculation.
- 13. The method of claim 1, wherein said determining step includes using an MD5 technique.
- 14. The method of claim 1, wherein said determining step includes using a cyclic redundancy check technique.
- 15. A computer-readable medium having computer-executable instructions for performing the method of claim 1.
- 16. A downloadable set of computer-executable instructions for performing the method of claim 1.
- 17. A method for calculating a fingerprint for a program capable of operating on a plurality of platforms, the method comprising:
receiving a request to calculate a fingerprint for a program installed on a particular computer, said program capable of operating on a plurality of different platforms, said program comprising segments having platform-specific features and segments without platform-specific features; identifying the segments of the program without platform-specific features; and calculating the fingerprint for the program based on the segments of the program identified to be without platform-specific features, such that the fingerprint is calculated without the segments of the program that have platform-specific features.
- 18. The method of claim 17, wherein said program comprises an executable file.
- 19. The method of claim 17, wherein said program comprises a loadable library.
- 20. The method of claim 17, wherein said calculating step includes replacing all segments of the program that have platform-specific features with a constant value.
- 21. The method of claim 20, wherein said constant value is zero.
- 22. The method of claim 17, wherein said calculating step includes using an MD5 technique.
- 23. The method of claim 17, wherein said calculating step includes using a cyclic redundancy check technique.
- 24. The method of claim 17, wherein said fingerprint is calculated by a security system for use in detecting modifications to the, program.
- 25. A computer-readable medium having computer-executable instructions for performing the method of claim 17.
- 26. A downloadable set of computer-executable instructions for performing the method of claim 17
- 27. A method for generating a unique signature for a file that has been installed, the method comprising:
installing the file on a particular machine; examining the file to determine portions of the file that are unmodified during installation of the file on the particular machine; and generating a unique signature for the file based on the portions of the file determined to have been unmodified during installation, so that the unique signature is generated without taking into account those portions of the file that have been modified during installation.
- 28. The method of claim 27, wherein said file comprises an executable file.
- 29. The method of claim 27, wherein said file comprises a loadable library.
- 30. The method of claim 27, wherein said file comprises a computer program.
- 31. The method of claim 27, wherein said examining step includes determining portions of the file comprising import information.
- 32. The method of claim 27, wherein said unique signature is used by a security system for file integrity checking.
- 33. The method of claim 27, wherein said unique signature is used for determining file identity across different machines.
- 34. The method of claim 27, wherein said methodology for generating a unique signature is provided as part of a security system.
- 35. The method of claim 27, wherein said step of generating a unique signature includes substituting a zero value for portions of the file that have been modified during installation.
- 36. The method of claim 27, wherein said step of generating a unique signature includes performing a checksum calculation on portions of the file determined to have been unmodified during installation.
- 37. The method of claim 27, wherein said step of generating a unique signature includes calculating a message digest for the file.
- 38. The method of claim 37, wherein calculating a message digest for the file includes using an MD5 technique.
- 39. In a security system, a method for generating a unique identifier for an executable file, the method comprising:
receiving a request to generate a unique identifier for an executable file that has been installed on a particular machine; determining portions of the executable file modified as a result of installation on the particular machine; and generating a unique identifier by performing a calculation based on selected portions of the executable file; said selected portions excluding the portions of the executable file determined to be modified as a result of installation of the executable file on the particular machine.
- 40. The method of claim 39, wherein said executable file comprises a loadable library.
- 41. The method of claim 39, wherein said executable file comprises a computer program.
- 42. The method of claim 39, wherein said determining step includes identifying portions of the executable file comprising import information.
- 43. The method of claim 39, wherein said generating step includes calculating a message digest for the executable file.
- 44. The method of claim 43, wherein calculating a message digest for the executable file includes using an MD5 technique.
- 45. The method of claim 39, further comprising:
using the unique identifier for determining integrity of the executable file.
- 46. The method of claim 39, further comprising:
using the unique identifier for determining identity of the executable file.
- 47. The method of claim 39, further comprising:
storing the unique identifier that has been generated; using the stored unique identifier for determining if the executable file is subsequently altered.
CROSS REFERENCE TO RELATED APPLICATIONS
[0001] The present application is related to and claims the benefit of priority of the following commonly-owned, presently-pending provisional application(s): application serial No. 60/426,620 (Docket No. VIV/0009.00), filed Nov. 15, 2002, entitled “Security System with Methodology for Computing Unique Signature for Executable File Employed across Different Machines”, of which the present application is a non-provisional application thereof. The disclosure of the foregoing application is hereby incorporated by reference in its entirety, including any appendices or attachments thereof, for all purposes.
Provisional Applications (1)
|
Number |
Date |
Country |
|
60426620 |
Nov 2002 |
US |