Patent•
System and method for capturing kernel-resident information
12 Nov 2003-
TL;DR: In this paper, a system, method and interface for consistently capturing kernel resident information are provided, and a user mode module initiates a kernel mode information request through an application program interface identifying one or more process threads of interest.
Abstract: A system, method and interface for consistently capturing kernel resident information are provided. An operating system architecture includes user mode modules and kernel mode applications. A user mode module initiates a kernel mode information request through an application program interface identifying one or more process threads of interest. A kernel mode module captures information corresponding to standard kernel mode information and corresponding to the specifically identified process threads. The information is returned in a pre-allocated buffer.
Citations
More filters
Patent•
25 Mar 2009
TL;DR: In this article, a computationally implemented method includes, but is not limited to acquiring subjective user state data including data indicating incidence of at least a first subjective user states associated with a first user and data indicating the incidence of a second subjective state associated with another user.
Abstract: A computationally implemented method includes, but is not limited to acquiring subjective user state data including data indicating incidence of at least a first subjective user state associated with a first user and data indicating incidence of at least a second subjective user state associated with a second user; acquiring objective occurrence data including data indicating incidence of at least a first objective occurrence and data indicating incidence of at least a second objective occurrence; and correlating the subjective user state data with the objective occurrence data. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.
208 citations
Patent•
13 Jul 2005TL;DR: In this article, the authors present a kernel application programming interface validation device that includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel modes calls, and a validation engine operating to determine if a kernel mode call is valid using the results of the analysis engine.
Abstract: Systems and method of computer security are provided. In one implementation, a method is provided. The method includes monitoring incoming kernel mode calls and identifying a kernel mode call to verify using a predetermined criterion. The method also includes validating the identified kernel mode call, and processing the kernel mode call in accordance with the results of the validation of the kernel mode call. In another implementation a kernel application programming interface validation device is provided. The kernel application programming interface validation device includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel mode calls, a validation engine operable to determine if a kernel mode call is valid using the results of the analysis engine, and a processing engine.
55 citations
Patent•
IBM1
TL;DR: A method and structure for notifying operating system events, including standard filesystem interfaces provided for event consumers to use for one or more of registering for event notifications of a set of events, receiving an event notification when each event occurs, and getting details of events that have occurred.
Abstract: A method and structure for notifying operating system events, includes standard filesystem interfaces provided for event consumers to use for one or more of registering for event notifications of a set of events, receiving an event notification when each event occurs, and getting details of events that have occurred.
36 citations
Patent•
08 Jun 2004TL;DR: In this article, a method for analyzing an application involving obtaining a thread dump of a plurality of threads executing the application, analyzing the thread dump to obtain a result using an aggregation mechanism, and determining a potential error location in source code of the application using the result.
Abstract: A method for analyzing an application involving obtaining a thread dump of a plurality of threads executing the application, analyzing the thread dump to obtain a result using an aggregation mechanism, and determining a potential error location in source code of the application using the result.
33 citations
Patent•
29 Jul 2009
TL;DR: A computationally implemented method includes, but is not limited to, presenting to a user a hypothesis identifying at least a relationship between a first event type and a second event type, receiving from the user one or more modifications to modify the hypothesis; and executing actions based, at least in part, on a modified hypothesis resulting from the reception of the one or multiple modifications.
Abstract: A computationally implemented method includes, but is not limited to: presenting to a user a hypothesis identifying at least a relationship between a first event type and a second event type; receiving from the user one or more modifications to modify the hypothesis; and executing one or more actions based, at least in part, on a modified hypothesis resulting, at least in part, from the reception of the one or more modifications. In addition to the foregoing, other method aspects are described in the claims, drawings, and text forming a part of the present disclosure.
21 citations
References
More filters
Patent•
15 Dec 2000TL;DR: In this article, a system and method for generating a summary dump file from a system or application crash dump or core dump file without the need for referencing a large symbol table file is presented.
Abstract: A system and method is provided for generating a summary dump file from a system or application crash dump or core dump file without the need for referencing a large symbol table file. A crash dump file with a referencing portion containing references to certain pertinent information (e.g., data structures) including references conventionally not found in crash dump files. The data structures referenced in the referencing portion have been found to be optimal for analyzing faults residing in a crash dump file. The crash dump file may be a complete crash dump file of an operating system or a kernel memory dump. Alternatively, the crash dump file may be a crash dump file of an application program. A stand alone extraction tool is also provided for extracting pertinent information from the crash dump or core dump file by utilizing information in the referencing portion. The stand alone tool generates a summary or mini dump file of the crash dump file.
83 citations
Patent•
30 Sep 2002TL;DR: In this paper, an event subscription and publication system for dynamically notifying user level applications of kernel level events is presented. But the system does not provide the user application with specific information classifying the nature and details of the event, and it requires the user level application to interrupt the normal processing states to identify these events when they occur.
Abstract: An event subscription and publication system for dynamically notifying user level applications of kernel level events. The kernel level events may include hardware and software events as well as system level errors that occur in the kernel. User level applications that need information on these kernel level events subscribe to the event monitoring and publication framework of the present invention and are notified of these kernel level events when they occur. Upon notification of an event, the user application also is provided with specific information classifying the nature and details of the event. The kernel event monitoring and publication system of the present invention allows user level applications to be dynamically notified of kernel level events without requiring the user level application to interrupt the normal processing states to identify these events when the events occur.
83 citations
Patent•
10 Nov 2004TL;DR: In this paper, a system, methodology and/or computer architecture that facilitates processing device interrupts (including level-triggered interrupts) in a user-mode process is provided.
Abstract: A system, methodology and/or computer architecture that facilitates processing device interrupts (including level-triggered interrupts) in a user-mode process is provided. The kernel interrupt handler can cause a dedicated thread in the process to wake and invoke the driver interrupt service routine. This thread can then return control to the kernel interrupt handler. In addition to processing interrupts in an isolated mode, the context switching technique could be used in any isolated environment to process interrupts via dedicated execution context methods.
72 citations
Patent•
06 Feb 1997TL;DR: In this paper, the user virtual address space is mapped to an offset position within the kernel address space, which allows for sharing of position-dependent code, while still allowing the kernel to access the entire user address space.
Abstract: A computer system has a microprocessor that can execute in a non-privileged user mode and a privileged kernel mode. A user virtual address space is used when the microprocessor is in the user mode, and a kernel virtual address space is used when the microprocessor is in the kernel mode. Each of the address spaces has the same range of virtual addresses that is designated for shared components. The user virtual address space is mapped to an offset position within the kernel address space. When a user process calls a kernel function with a pointer argument, the pointer is biased before being dereferenced to account for the offset of the user address space within the kernel address space. This allows for sharing of position-dependent code, while still allowing the kernel to access the entire user address space.
71 citations
Patent•
30 May 2003TL;DR: In this paper, a method and system for event publication and subscription with an event channel from user level and kernel level is described, which includes an event queue for an event sent by a publisher and a dispatcher for dispatching based on filtering criteria the event to the subscriber-based queue if the corresponding subscriber has subscribed to receive delivery of the event.
Abstract: A method and system for event publication and subscription with an event channel from user level and kernel level are disclosed. The system comprises an event channel. The event channel includes an event queue for an event sent by a publisher. Additionally, the event channel has a plurality of subscriber-based queues each corresponding to a subscriber. If the corresponding subscriber has subscribed to receive delivery of the event, the subscriber-based queue includes the event. Moreover, the event channel further comprises a dispatcher for dispatching based on filtering criteria the event to the subscriber-based queue if the corresponding subscriber has subscribed to receive delivery of the event, and a delivery mechanism for delivering the event from the subscriber-based queue to the corresponding subscriber. The publisher can be a user level publisher or a kernel level publisher. The subscriber can be a user level subscriber or a kernel level subscriber.
44 citations