{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T07:50:53Z","timestamp":1769932253294,"version":"3.49.0"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319112114","type":"print"},{"value":"9783319112121","type":"electronic"}],"license":[{"start":{"date-parts":[[2014,1,1]],"date-time":"2014-01-01T00:00:00Z","timestamp":1388534400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11212-1_14","type":"book-chapter","created":{"date-parts":[[2014,8,14]],"date-time":"2014-08-14T16:36:45Z","timestamp":1408034205000},"page":"237-256","source":"Crossref","is-referenced-by-count":15,"title":["SigPath: A Memory Graph Based Approach for Program Data Introspection and Modification"],"prefix":"10.1007","author":[{"given":"David","family":"Urbina","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yufei","family":"Gu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"4","key":"14_CR1","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1016\/j.diin.2006.10.001","volume":"3","author":"N.L. Petroni Jr.","year":"2006","unstructured":"Petroni Jr., N.L., Walters, A., Fraser, T., Arbaugh, W.A.: Fatkit: A framework for the extraction and analysis of digital forensic data from volatile system memory. Digital Investigation\u00a03(4), 197\u2013210 (2006)","journal-title":"Digital Investigation"},{"issue":"suppl.-1","key":"14_CR2","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1016\/j.diin.2006.06.010","volume":"3","author":"A. Schuster","year":"2006","unstructured":"Schuster, A.: Searching for processes and threads in Microsoft Windows memory dumps. Digital Investigation\u00a03(suppl.-1), 10\u201316 (2006)","journal-title":"Digital Investigation"},{"key":"14_CR3","unstructured":"Walters, A.: The volatility framework: Volatile memory artifact extraction utility framework, \n                  \n                    https:\/\/www.volatilesystems.com\/default\/volatility"},{"key":"14_CR4","unstructured":"Lin, Z., Rhee, J., Wu, C., Zhang, X., Xu, D.: Dimsum: Discovering semantic data of interest from un-mappable memory with confidence. In: Proceedings of Network and Distributed System Security Symposium, San Diego, CA (February 2012)"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Carbone, M., Cui, W., Lu, L., Lee, W., Peinado, M., Jiang, X.: Mapping Kernel Objects to Enable Systematic Integrity Checking. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL (November 2009)","DOI":"10.1145\/1653662.1653729"},{"key":"14_CR6","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust Signatures for Kernel Data Structures. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL (November 2009)","DOI":"10.1145\/1653662.1653730"},{"key":"14_CR7","unstructured":"Lin, Z., Rhee, J., Zhang, X., Xu, D., Jiang, X.: SigGraph: Brute Force Scanning of Kernel Data Structure Instances Using Graph-based Signatures. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2011)"},{"key":"14_CR8","doi-asserted-by":"crossref","unstructured":"Bursztein, E., Hamburg, M., Lagarenn, J., Boneh, D.: OpenConflict: Preventing Real Time Map Hacks in Online Games. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2011)","DOI":"10.1109\/SP.2011.28"},{"key":"14_CR9","unstructured":"Lin, Z., Zhang, X., Xu, D.: Automatic Reverse Engineering of Data Structures from Binary Execution. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2010)"},{"key":"14_CR10","unstructured":"Lee, J., Avgerinos, T., Brumley, D.: TIE: Principled Reverse Engineering of Types in Binary Programs. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2011)"},{"key":"14_CR11","unstructured":"Slowinska, A., Stancescu, T., Bos, H.: Howard: A Dynamic Excavator for Reverse Engineering Data Structures. In: Proceedings of the 18th Annual Network and Distributed System Security Symposium, San Diego, CA (February 2011)"},{"key":"14_CR12","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Proceedings of the 10th Annual Network and Distributed Systems Security Symposium, San Diego, CA (February 2003)"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., Lee, W.: Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2011)","DOI":"10.1109\/SP.2011.11"},{"key":"14_CR14","doi-asserted-by":"crossref","unstructured":"Fu, Y., Lin, Z.: Space Traveling across VM: Automatically Bridging the Semantic-Gap in Virtual Machine Introspection via Online Kernel Data Redirection. In: Proceedings of the IEEE Symposium on Security and Privacy, San Francisco, CA (May 2012)","DOI":"10.1109\/SP.2012.40"},{"key":"14_CR15","doi-asserted-by":"crossref","unstructured":"Jiang, X., Wang, X., Xu, D.: Stealthy Malware Detection Through VMM-Based Out-of-the-Box Semantic View Reconstruction. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA (November 2007)","DOI":"10.1145\/1315245.1315262"},{"key":"14_CR16","unstructured":"Cui, W., Peinado, M., Xu, Z., Chan, E.: Tracking Rootkit Footprints with a Practical Memory Analysis System. In: Proceedings of the USENIX Security Symposium (August 2012)"},{"key":"14_CR17","unstructured":"Cozzie, A., Stratton, F., Xue, H., King, S.T.: Digging for Data Structures. In: Proceedings of the 8th Symposium on Operating System Design and Implementation, San Diego, CA (December 2008)"},{"key":"14_CR18","unstructured":"Microsoft: Minidump definitions, \n                  \n                    http:\/\/msdn.microsoft.com\/en-us\/library\/windows\/desktop\/ms680378.aspx"},{"key":"14_CR19","unstructured":"Yin, H., Song, D.: TEMU: Binary Code Analysis via Whole-System Layered Annotative Execution. Technical Report UCB\/EECS-2010-3, EECS Department, University of California, Berkeley, CA (January 2010)"},{"key":"14_CR20","unstructured":"McDonald, J., Valasek, C.: Practical windows xp\/2003 heap exploitation (2009)"},{"key":"14_CR21","unstructured":"Russinovich, M., Cogswell, B.: Vmmap, \n                  \n                    http:\/\/technet.microsoft.com\/en-us\/sysinternals\/dd535533.asp"},{"key":"14_CR22","unstructured":"Russinovich, M.: Process explorer, \n                  \n                    http:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896653"},{"key":"14_CR23","unstructured":"Team, C.E.: Cheat engine, \n                  \n                    http:\/\/www.cheatengine.org\/"},{"key":"14_CR24","unstructured":"Biondi, P., Desclaux, F.: Silver Needle in the Skype. In: BlackHat Europe (March 2006)"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Lin, Z., Riley, R.D., Xu, D.: Polymorphing Software by Randomizing Data Structure Layout. In: Proceedings of the 6th SIG SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment, Milan, Italy (July 2009)","DOI":"10.1007\/978-3-642-02918-9_7"},{"key":"14_CR26","doi-asserted-by":"crossref","unstructured":"Chen, X., Slowinska, A., Bos, H.: Who Allocated my Memory? Detecting Custom Memory Allocators in C Binaries. In: Working Conference on Reverse Engineering (October 2013)","DOI":"10.1109\/WCRE.2013.6671277"},{"key":"14_CR27","unstructured":"Hoglund, G., McGraw, G.: Exploiting Online Games: Cheating Massively Distributed Systems, 1st edn. Addison-Wesley Professional (2007)"},{"key":"14_CR28","doi-asserted-by":"crossref","unstructured":"Petroni Jr., N.L., Hicks, M.: Automated Detection of Persistent Kernel Control-Flow Attacks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA (October 2007)","DOI":"10.1145\/1315245.1315260"},{"key":"14_CR29","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Leek, T., Hodosh, J., Lee, W.: Tappan zee (north) bridge: Mining memory accesses for introspection. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (November 2013)","DOI":"10.1145\/2508859.2516697"}],"container-title":["Lecture Notes in Computer Science","Computer Security - ESORICS 2014"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11212-1_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,22]],"date-time":"2019-09-22T20:05:17Z","timestamp":1569182717000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11212-1_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319112114","9783319112121"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11212-1_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}