A data processing system comprising: an operating system providing an application programming interface; an application supported by the operating system and operable to make calls to the application programming interface; an intercept library configured to intercept calls of a predetermined set of call types made by the application to the application programming interface; and a configuration data structure defining at least one action to be performed for each of a plurality of sequences of one or more calls having predefined characteristics, the one or more calls being of the predetermined set of call types; wherein the intercept library is configured to, on intercepting a sequence of one or more calls defined in the configuration data structure, perform the corresponding action(s) defined by the configuration data structure.

Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting using stack artifact verification. In aspects, function hooks may be added to one or more functions. When a hooked function executes, artifacts relating to the hooked function may be left on the stack memory (“stack”). The location of the artifacts on the stack may be stored in a local storage area. Each time a hook in a hooked function is subsequently executed, protection may be executed to determine whether an artifact remains in the location stored in the local storage area. If the artifact is no longer in the same location, a stack pivot may be detected and one or more remedial actions may be automatically performed.

An intercept library of a network device may detect a socket system call from an application associated with a user space of the network device. The intercept library may be associated with the user space, and the socket system call may be addressed to a kernel associated with the network device. The intercept library may generate an intercept socket based on the socket system call, and may detect a subscription for asynchronous network state information, wherein the subscription may be generated by the application. The intercept library may provide the subscription to a service daemon via the intercept socket.

An Application Programming Interface (API) call that is directed from a first application to a second application is intercepted. A first version number is identified for the first application and a second version number is identified for the second application. One or more transformations are processed on the API call to produce a compatible API call that is compatible with the second application. The compatible API call is provided to the second application for processing on behalf of the first application.

A technique is described for handling forks in operations mapped to direct access persistent memory (PMEM). In an example embodiment, access by a parent operation of an allocated portion of PMEM is monitored to determine a portion of the allocated PMEM that is in use by the parent operation. In response to a fork call indicating that the parent operation will copy itself to create a child operation, a clone of the portion of allocated PMEM is created to facilitate processing of the child operation. The cloned portion of PMEM can be created just before the child operation is created (i.e., pre-fork) or after the child operation is created (i.e., post-fork). To create the clone post-fork, a user-space page fault notification mechanism can be implemented to detect a next buffer access by the child operation and create the clone in response to the detected access.

In various embodiments, a service worker processes network requests by proxying the network requests via a content distribution network. The service worker intercepts a network request from a client application, generates a duplicate network request, and changes certain elements of the duplicate network request. The intercepted request can be an initial document request used to load a webpage or a subsequent request that includes an application programming interface (API) call. The service worker transmits the duplicate network request to a content distribution network that proxies the duplicate request to a cloud computing system, thereby accelerating that request.

Described are examples for tracking memory usage of a driver. A memory allocation request related to the driver to allocate a portion of memory for the driver can be traced in a kernel mode of an operating system. One or more associated allocation parameters can be recorded, and an allocation history of the driver over a period of time can be reported during execution of the driver and based on the one or more allocation parameters indicated by the memory allocation request.

Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

According to examples, an apparatus may include a processor that may identify and execute workflows based on simulated network addresses such as simulated uniform resource locations (“URLs”). The system may generate recorded automation scripts that automatically completes some or all of the tasks of a workflow. The system may store the automation scripts in association with the workflow and a simulated URL. The simulated URL may include a string that does not literally resolve to a document on a networked resource. Rather, the simulated URL may instead identify and indicate that a corresponding workflow is to be executed. A browser extension of a browser may intercept URLs that are provided to a browser, determine that a simulated URL has been entered, and provide the simulated URL to a replay engine that identifies and executes the automated script associated with the simulated URL.