Patent attributes
Examples of the present disclosure describe systems and methods for exploit detection via induced exceptions. In an example, one or more inspection points are generated by a threat processor. For instance, an inspection point may be generated by altering aspects of one or more APIs, setting a process or hardware breakpoint, and/or modifying permissions of one or more memory pages, among other examples. The threat processor may register one or more exception handlers corresponding to the generated inspection points. As a result, when a set of software instructions encounters an inspection point and throws an exception, the threat processor may catch the exception and process a context record associated with software execution according to identify the presence of an exploit. Accordingly, inspection points ensure that the software execution state is preserved, such that the call stack, registers, and other context information is available for analysis by the threat processor.
