DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This action is in response to application filed 02/07/2021. Claims 1-34 remain pending. 

Terminal Disclaimer
Electronic Terminal Disclaimer filed and approved on 02/19/2021 over co-pending applications 16/590,403, 16/590,404 and 16/594,115 is acknowledged.  

EXAMINER’S AMENDMENT
An Examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to Applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this Examiner’s Amendment was given in a telephone interview with Mr. Moynihan (Registration No. 40,338) on 02/19/2021. 

Amendments to the Claims:
This listing of claims will replace all prior versions and listing of the claims in the application.
Listing of Claims:


receiving at least one code file comprising a plurality of routines, the at least one code file was created for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks;
analyzing the at least one code file to identify at least one exploitation vulnerable routine of the plurality of routines, and
adjusting the at least one code file to include an allocation tracking code segment configured to maintain at least one recent allocation list to track, in runtime, a subset comprising a limited number of most recently allocated blocks of a plurality of blocks dynamically allocated in the dynamic memory region, each of the most recently allocated blocks is associated in the at least one recent allocation list with a pointer to the respective most recently allocated block, at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of the respective most recently allocated block and a size of the respective most recently allocated block;
adjusting the at least one code file to include a memory integrity code segment invoked upon execution completion of the at least one exploitation vulnerable routine, the memory integrity code segment is configured to detect a write operation exceeding from a memory space of at least one most recently allocated block of the subset of most recently allocated blocks to a memory space of at least one block adjacent to the at least one most recently allocated block, the exceeding write operation is detected using at least one of the plurality of markers, the memory integrity code segment identifies the subset of most recently allocated blocks by traversing the at least one recent allocation list; and
outputting the at least one adjusted code file;
 	wherein in runtime, in case the exceeding write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action,  
 	wherein the at least one recent allocation list is maintained by at least one adjusted memory management routine of the plurality of routines configured to conduct at least one memory allocation operation which is a member of a group consisting of: allocating a block in the dynamic memory region and releasing a block in the dynamic memory region, the at least one adjusted memory management routine is adjusted to invoke the allocation tracking code segment added to the at least one code file, the allocation tracking code segment is configured to:
add a newly allocated block to the at least one recent allocation list upon allocation of the newly allocated block by:
updating the at least one recent allocation list to add an entry for the newly allocated block, the added entry associates the newly allocated block with a respective unique marker, a pointer to the newly allocated block and a size of the newly allocated block, and
inserting the respective unique marker in at least one boundary of the newly allocated block; and
remove an allocated block from the at least one recent allocation list by:
validating the removed allocated block by determining whether an exceeding write operation occurred to the memory space of the removed allocated block by comparing between a respective unique marker inserted in the at least one boundary of the removed allocated block and the respective unique marker associated with the removed allocated block in the at least one recent allocation list, and
removing the entry mapping the removed allocated block from the at least one recent allocation list.

2.	(Previously Presented) The method of claim 1, wherein the at least one code file is a source code file adjusted prior to compilation by a compiler adapted to create at least one respective intermediate code file used for generation of at least one respective executable code file for execution by the at least one processor.

3.	(Previously Presented) The method of claim 1, wherein the at least one code file is an intermediate code file generated by a compiler prior to generation of at least one respective executable code file for execution by the at least one processor, the at least one intermediate code file is a member of a group consisting of: an object file and an archive file.

4.	(Original) The method of claim 1, wherein the at least one code file is an executable file comprising machine code generated for execution by the at least one processor.

5.	(Original) The method of claim 1, wherein each of the plurality of routines is a member of a group consisting of: a routine, a sub-routine and a function.

6.	(Previously Presented) The method of claim 1, wherein the at least one exploitation vulnerable routine is manually defined by at least one expert, the expert is a member of a group consisting of: a developer, an operator and a user.

7.	(Previously Presented) The method of claim 1, wherein the at least one exploitation vulnerable routine is automatically defined based on the analysis of the at least one code file.

8.	(Previously Presented) The method of claim 1, wherein the exceeding write operation is detected by checking a data overrun in a memory location in which the at least one marker is inserted.

9.	(Previously Presented) The method of claim 1, wherein in case the at least one code file is an intermediate code file, the memory integrity code segment is added by adding a trampoline branch function which is invoked instead of the at least one exploitation vulnerable routine and configured to first invoke the at least one exploitation vulnerable routine followed by invocation of the memory integrity code segment after the at least one exploitation vulnerable routine completes execution.

10.	(Previously Presented) The method of claim 1, wherein in case the at least one code file is an intermediate code file, the memory integrity code segment is added by adding a branch instruction at the end of the at least one exploitation vulnerable routine to invoke the memory integrity code segment immediately after the at least one exploitation vulnerable routine completes execution.

11.	(Previously Presented) The method of claim 1, wherein in case the at least one code file is an executable code file, the memory integrity code segment is added by creating at least one dynamically preloaded library configured to include a replacement routine for the at least one exploitation vulnerable routine, the replacement routine is configured to first invoke the at least one exploitation vulnerable routine followed by invocation of the memory integrity code segment after the at least one exploitation vulnerable routine completes execution.

12.	(Original) The method of claim 1, wherein the memory integrity code segment is added to at least one memory management routine inherent to an operating system executed by the at least one processor.

13.	(Previously Presented) The method of claim 1, wherein the memory integrity code segment is further configured to invoke prior to invocation of the at least one exploitation vulnerable routine to detect an imminent write operation by the at least one exploitation vulnerable routine which potentially exceeds from the memory space of at least one most recently allocated block of the subset of most recently allocated blocks, the memory integrity code segment detects the imminent write operation by analyzing an address range transferred to the at least one exploitation vulnerable routine for processing to determine whether the transferred address range crosses the at least one boundary.

14.	(Previously Presented) The method of claim 1, further comprising the subset of most recently allocated blocks includes all blocks allocated in the dynamic memory region.

15.	(Original) The method of claim 1, wherein context switches and interrupts are disabled upon invocation of the memory integrity code segment.

16.	(Previously Presented) The method of claim 1, wherein a maximum number of most recently allocated blocks listed in the at least one recent allocation list is predefined.

17.	(Previously Presented) The method of claim 1, wherein the memory integrity code segment detects the exceeding write operation by detecting that the value of the at least one marker inserted in the dynamic memory region in the at least one boundary of the most recently allocated block does not match the value of the at least one marker associated with the most recently allocated block in the at least one recent allocation list.

18.	(Cancelled)

1, wherein the allocation tracking code segment is further configured to insert the size of the newly allocated block in at least one boundary of the newly allocated block to serve as another one of the plurality of markers.

20.	(Currently Amended) The method of claim [[18]] 1, wherein the respective unique marker is randomly selected for the allocated block upon the allocation.

21.	(Currently Amended) The method of claim [[18]] 1, wherein in case an allocation of another newly allocated block is required while the at least one recent allocation list is full, the allocation tracking code segment removes a least recently allocated block from the at least one recent allocation list by:
validating the least recently allocated block, and
removing the entry mapping the least recently allocated block from the at least one recent allocation list.

22.	(Original) The method of claim 21, wherein the allocation tracking code segment is further configured to:
	replace the respective unique marker located in the at least one boundary of the least recently allocated block with a global marker, the global marker is randomly selected during at least one of: every startup event of the at least one processor and every initiation of at least one process by the at least one processor, and
insert a size of the least recently allocated block in a top boundary of the least recently allocated block.

23.	(Original) The method of claim 21, wherein the allocation tracking code segment is further configured to validate each released allocated block which is not listed in the at least one recent allocation list by determining whether an exceeding write operation occurred to the memory space of the released allocated block based on verification of the global marker inserted in the at least one boundary of the released block, the allocation tracking code segment retrieves the global marker using the size of the released allocated block inserted in the top boundary of the released allocated block.

24.	(Currently Amended) The method of claim [[18]] 1, wherein in case the at least one code file is an intermediate code file, the allocation tracking code segment is added by adding a trampoline branch function which is invoked instead of the at least one memory management routine and configured to invoke the allocation tracking code segment prior and following execution of the at least one memory management routine.

25.	(Currently Amended) The method of claim [[18]] 1, wherein in case the at least one code file is an intermediate code file, the allocation tracking code segment is added by adding a branch instruction at the beginning and at the end of the at least one memory management routine to invoke the allocation tracking code segment at the start of and at the end of execution of the at least one memory management routine.

26.	(Currently Amended) The method of claim [[18]] 1, wherein in case the at least one code file is an executable code file, the allocation tracking code segment is added by creating at least one dynamically preloaded library configured to include a replacement routine for the at least one memory management routine, the replacement routine is configured to invoke the allocation tracking code segment prior and following execution of the at least one memory management routine.

27.	(Previously Presented) The method of claim 1, wherein the memory integrity code segment is further configured to detect, upon execution completion of the at least one exploitation vulnerable routine, a write operation exceeding from a memory space of one of a subset of exploitation susceptible blocks of the plurality of blocks to a memory space of an adjacent one of the plurality of blocks using at least one of the plurality of markers, each of the subset of exploitation susceptible blocks was previously allocated in the dynamic memory for use by the at least one exploitation vulnerable routine.

28.	(Original) The method of claim 27, wherein the subset of exploitation susceptible blocks is listed in a susceptible blocks list, each of the exploitation susceptible blocks is associated in the susceptible blocks list with a pointer to the respective exploitation susceptible block, a respective one of the plurality of markers and a size of the respective exploitation susceptible block, wherein a maximum number of exploitation susceptible blocks listed in the susceptible blocks list is predefined.

29.	(Original) The method of claim 1, further comprising adjusting the at least one code file to invoke execution of the memory integrity code segment prior to invocation of at least one critical routine.

30.	(Original) The method of claim 1, wherein the at least one predefined action is a member of a group consisting of: crashing execution of the at least one processor, halting execution of the at least one processor, causing the at least one processor to branch to a predefined address, preventing the at least one processor from executing at least one potentially malicious code instruction and generating an indication of a dynamic memory overrun.

31.	(Previously Presented) The method of claim 1, further comprising, in case the at least one code file is an intermediate code file, the at least one intermediate code file is adjusted to amend at least one of: an instruction and a data element affected by the inclusion of the code segments.

32.	(Previously Presented) The method of claim 1, further comprising, in case the at least one code file is an intermediate code file, the at least one intermediate code file is amended to update its symbol table to reflect the inclusion of the code segments and an increase to size of the adjusted routines.

33.	(Currently Amended) A system for generating code files adjusted to apply dynamic memory protection, comprising:
a tangible storage device storing a program code; and
at least one hardware processor coupled to the tangible storage device for executing the stored program code, the program code comprising:
code instructions to receive at least one code file comprising a plurality of routines, the at least one code file was created for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks;
code instructions to analyze the at least one code file to identify at least one exploitation vulnerable routine of the plurality of routines,
code instructions to adjust the at least one code file to include an allocation tracking code segment configured to maintain at least one recent allocation list to track, in runtime, a subset comprising a limited number of most recently allocated blocks of a plurality of blocks dynamically allocated in the dynamic memory region, each of the most recently allocated blocks is associated in the at least one recent allocation list with a pointer to the respective most recently allocated block, at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of the respective most recently allocated block and a size of the respective most recently allocated block;
code instructions to adjust the at least one code file to include a memory integrity code segment invoked upon execution completion of the at least one exploitation vulnerable routine, the memory integrity code segment is configured to detect a write operation exceeding from a memory space of at least one most recently allocated block of the subset of most recently allocated blocks to a memory space of at least one block adjacent to the at least one most recently allocated block, the exceeding write operation is detected using at least one of the plurality of markers, the memory integrity code segment identifies the subset of most recently allocated blocks by traversing the at least one recent allocation list, and
code instructions to output the at least one adjusted code file;
wherein in runtime, in case the exceeding write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action, 
wherein the at least one recent allocation list is maintained by at least one adjusted memory management routine of the plurality of routines configured to conduct at least one memory allocation operation which is a member of a group consisting of: allocating a block in the dynamic memory region and releasing a block in the dynamic memory region, the at least one adjusted memory management routine is adjusted to invoke the allocation tracking code segment added to the at least one code file, the allocation tracking code segment is configured to:
add a newly allocated block to the at least one recent allocation list upon allocation of the newly allocated block by:
updating the at least one recent allocation list to add an entry for the newly allocated block, the added entry associates the newly allocated block with a respective unique marker, a pointer to the newly allocated block and a size of the newly allocated block, and
inserting the respective unique marker in at least one boundary of the newly allocated block; and
remove an allocated block from the at least one recent allocation list by:
validating the removed allocated block by determining whether an exceeding write operation occurred to the memory space of the removed allocated block by comparing between a respective unique marker inserted in the at least one boundary of the removed allocated block and the respective unique marker associated with the removed allocated block in the at least one recent allocation list, and
removing the entry mapping the removed allocated block from the at least one recent allocation list.

34.	(Currently Amended) A computer program product implemented with dynamic memory protection, comprising:
a non-transitory computer readable storage medium; and
a plurality of program instructions each of a respective one of a plurality of routines of an executable file generated from at least one adjusted code file for execution by at least one processor using a dynamic memory region supporting run-time dynamic allocation of memory blocks, the at least one adjusted code file is adjusted to include an allocation tracking code segment and a memory integrity code segment, the allocation tracking code segment is configured to maintain at least one recent allocation list to track, in runtime, a subset comprising a limited number of most recently allocated blocks of a plurality of blocks dynamically allocated in the dynamic memory region, the memory integrity code segment invoked upon execution completion of at least one exploitation vulnerable routine of the plurality of routines is configured to detect a write operation exceeding from a memory space of at least one most recently allocated block of [[a]] the subset of most recently allocated blocks of [[a]] the plurality of blocks dynamically allocated in the dynamic memory region to a memory space of at least one block adjacent to the at least one most recently allocated block, the exceeding write operation is detected using at least one of a plurality of markers inserted in the dynamic memory region in at least one boundary of each of the most recently allocated blocks of the subset of most recently allocated blocks;
wherein the memory integrity code segment identifies the subset of most recently allocated blocks by traversing the at least one recent allocation list;
wherein in runtime, in case the exceeding write operation is detected, the memory integrity code segment causes the at least one processor to initiate at least one predefined action;
wherein each of the most recently allocated blocks is associated in the at least one recent allocation list with a pointer to the respective most recently allocated block, at least one of the plurality of markers inserted in the dynamic memory region in at least one boundary of the respective most recently allocated block and a size of the respective most recently allocated block;
wherein the plurality of program instructions are executed by the at least one processor from the non-transitory computer readable storage medium,  	wherein the at least one recent allocation list is maintained by at least one adjusted memory management routine of the plurality of routines configured to conduct at least one memory allocation operation which is a member of a group consisting of: allocating a block in the dynamic memory region and releasing a block in the dynamic memory region, the at least one adjusted memory management routine is adjusted to invoke the allocation tracking code segment added to the at least one code file, the allocation tracking code segment is configured to:
add a newly allocated block to the at least one recent allocation list upon allocation of the newly allocated block by:
updating the at least one recent allocation list to add an entry for the newly allocated block, the added entry associates the newly allocated block with a respective unique marker, a pointer to the newly allocated block and a size of the newly allocated block, and
inserting the respective unique marker in at least one boundary of the newly allocated block; and
remove an allocated block from the at least one recent allocation list by:
validating the removed allocated block by determining whether an exceeding write operation occurred to the memory space of the removed allocated block by comparing between a respective unique marker inserted in the at least one boundary of the removed allocated block and the respective unique marker associated with the removed allocated block in the at least one recent allocation list, and
removing the entry mapping the removed allocated block from the at least one recent allocation list.

Claim Objections:
In response to applicant’s corrective amendments, respective objections of record are withdrawn.

35 U.S.C. 112(b) rejections:
In response to applicant’s corrective amendments, respective 112(b) rejections of record are withdrawn.

35 U.S.C. 101:
In response to applicant’s corrective amendments, respective 101 rejection of record are withdrawn.

Double Patenting Rejection:
In response to filed e-TD, respective DP rejection of record is withdrawn.

35 U.S.C. 103:
After amendments entered by this action, Applicant’s arguments, Remarks: filed 02/07/2021, pages 17-21 are persuasive and the 103 rejection of claims 1-17 and 19-34 is withdrawn.

Allowable Subject Matter
The following is Examiner's comments per statement of reasons for allowance: 
After conducting an updated search, Gupta (US2019/0138725A1) and Cheng (US2010/0050266A1) have been noted as pertinent. Gupta is directed to inserting instructions into the computer application at nm time to collect runtime state of the application, and analyze the collected data against the stored model to perform detection of security events.  It discloses an exception handler to detect the security events based on unhandled memory access violations, wherein based upon the detection of the security events, a dynamic respond, such as modifying a computer routine associated with an active process of the computer application.  Modification may include installing or verifying an individual patch in memory associated with the computer application. Cheng is directed to a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator.  The method results in more secure operation, as malicious code or other malware is prevented from accessing protected memory locations.
Closest prior arts reviewed and made of record, alone or in combination, fail to anticipate and/or render obvious the claimed invention as a whole recited in claim 1 (as amended above) and similarly stated in claims 33 and 34 (as similarly amended above). 
Record of prosecution is clear and claims 1-17 and 19-34 are allowed.




Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Please note Examiner’s explanation of pertinence for Gupta (US2019/0138725A1) and Cheng (US2010/0050266A1) above under “Allowable Subject Matter” section.
Any comments considered necessary by Applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.” 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to AREZOO SHERKAT whose telephone number is (571)272-8533.  The examiner can normally be reached on Monday - Friday 8:30-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kambiz Zand can be reached on 571 - 272 - 3811.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/AREZOO SHERKAT/            Examiner, Art Unit 2434                                                                                                                                                                                            /KAMBIZ ZAND/Supervisory Patent Examiner, Art Unit 2434