US Patent 8407699 System and method for managing code isolation

A computing system is configured to use a trampoline to isolate sensitive code in a virtual environment and in other applications. An import table may describe the entry points of a privileged code module or driver that generates privileged code. A system and method loads a shadow kernel to facilitate isolating the linkage between drivers and the rest of the system. The shadow kernel may be a copy of the operating system kernel that does not have the same integral position in the operation of the computing device. The shadow kernel may be used as a template for creating a jump table to redirect more critical privileged resource access requests from specially loaded kernel mode drivers to the PVM. All requests may pass through the PVM, which redirects non-critical functions to the original kernel. Multiple copies of a given driver or code module may be loaded in a given session.