DETAILED ACTION
Claims 1-11 and 13-14 are pending in the current application.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-6, 9-11 and 13-14 are allowed.  An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in an interview with Martin Moynihan on 9/17/21.

In the Claims

1.	(Currently Amended) A computer implemented method of generating compiled intermediate code files adjusted to prevent return oriented programming exploitation, comprising:
receiving at least one intermediate code file generated by a compiler, the at least one intermediate code file comprising a plurality of routines;
adjusting the at least one intermediate code file prior to generation of a respective executable file to be executed by at least one processor, the adjusting comprising:

analyzing each of the plurality of routines to identify at least one indirect branch instruction in at least one of the plurality of routines,
replacing each indirect branch instruction detected in at least one of the plurality of routines with a direct branch instruction to invoke a respective verification code segment configured to verify, prior to executing the respective indirect branch operation, that the respective replaced indirect branch instruction pointed to the beginning address of one of the plurality of routines, and
updating the symbol table to reflect addition of the respective verification code segment to the at least one intermediate code file; and
outputting the at least one adjusted intermediate code file;
wherein, in runtime, in case the replaced indirect branch instruction did not point to the beginning address of one of the plurality of routines, the respective verification code segment causes the at least one processor to initiate at least one predefined action;
 	wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a predefined variable, the written address after retrieved from the predefined variable is used by the verification code segment for the verification.
 	 wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on verification of a unique code preceding each of the plurality of routines in the at least one intermediate code file, the unique code verification is applied by:
adding a unique code to the at least one intermediate code file in an address preceding the beginning address of each of the plurality of routines, and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function is preceded by the unique code.

2.	(Original) The method of claim 1, wherein the at least one intermediate code file is a member of a group consisting of: an object file, an archive file and a binary file.



4.	(Previously Presented) The method of claim 1, wherein the direct branch instruction points to the respective verification code segment.

5.	(Previously Presented) The method of claim 1, wherein adjusting the at least one routine further comprising inserting a push to stack instruction before the direct branch instruction for pushing into stack an address pointed by the indirect branch instruction, the pushed address after popped from the stack is used by the verification code segment for the verification.

6.	(Previously Presented) The method of claim 1, wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a pre-determined register, the written address after retrieved from the pre-determined register is used by the verification code segment for the verification.

7.	(Cancelled). 

8.	(Cancelled). 

9.	(Original) The method of claim 1, wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on a dataset mapping the beginning address of each of the plurality of routines, the dataset mapping verification is applied by:
constructing the dataset to map the beginning address of each of the plurality of routines, and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function matches the beginning address of one of the plurality of routines mapped in the dataset.



11.	(Original) The method of claim 1, wherein the at least one intermediate code file is adjusted to amend at least one of: an instruction and a data element affected by the replacement of the at least one indirect branch with the invocation of the respective verification code segment.

12.	(Cancelled)

13.	(Currently Amended) A system for generating compiled intermediate code files adjusted to prevent return oriented programming exploitation, comprising:
a program store storing a code; and
at least one processor coupled to the program store for executing the stored code, the code comprising:
code instructions to receive at least one intermediate code file generated by a compiler, the at least one intermediate code file comprising a plurality of routines;
code instructions to adjust the at least one intermediate code file prior to generation of a respective executable file to be executed by at least one processor, the adjusting comprising:
analyzing a symbol table of the at least one intermediate code file to identify a beginning address of each of the plurality of routines,
analyzing each of the plurality of routines to identify at least one indirect branch instruction in at least one of the plurality of routines,
replacing each indirect branch instruction detected in each of the plurality of routines with a direct branch instruction to invoke a respective verification code segment configured to verify, prior to executing the respective indirect branch 
updating the symbol table to reflect addition of the respective verification code segment to the at least one intermediate code file; and
code instructions to output the at least one adjusted intermediate code file;
wherein, in runtime, in case the replaced indirect branch instruction did not point to the beginning address of one of the plurality of routines, the respective verification code segment causes the at least one processor to initiate at least one predefined action;
	wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a predefined variable, the written address after retrieved from the predefined variable is used by the verification code segment for the verification.
 	 wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on verification of a unique code preceding each of the plurality of routines in the at least one intermediate code file, the unique code verification is applied by:
adding a unique code to the at least one intermediate code file in an address preceding the beginning address of each of the plurality of routines, and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function is preceded by the unique code.

14.	(Currently Amended) A computer program product comprising at least one executable file generated from at least one intermediate code file adjusted to prevent return oriented programming exploitation, comprising:
a non-transitory computer readable storage medium storing thereon:
a plurality of program instructions of at least one adjusted routine of a plurality of routines of an executable file generated for execution by at least one processor from at least one intermediate code file adjusted to support return address protection, each indirect branch instruction in the at least one adjusted routine is replaced with a direct branch instruction to invoke at least one verification code segment, and

verify that the replaced indirect branch instruction pointed to a beginning address of one of the plurality of routines, and
cause, in run-time, the at least one processor to initiate at least one predefined action in case the replaced indirect branch instruction did not point to the beginning address of one of the plurality of routines;
wherein if exists, a symbol table of the executable file created based on an updated symbol table of the at least one adjusted intermediate code reflects the addition of the at least one verification code segment to the at least one intermediate code file;
wherein the plurality of program instructions are executed by the at least one processor from the non-transitory computer readable storage medium;
	wherein adjusting the at least one routine further comprising inserting a write instruction before the direct branch instruction for writing an address pointed by the indirect branch instruction to a predefined variable, the written address after retrieved from the predefined variable is used by the verification code segment for the verification.
 	 wherein verification of the indirect branch instruction pointing to the beginning address of one of the plurality of routines is based on verification of a unique code preceding each of the plurality of routines in the at least one intermediate code file, the unique code verification is applied by:
adding a unique code to the at least one intermediate code file in an address preceding the beginning address of each of the plurality of routines, and
configuring the respective verification code segment to verify that the address pointed by the indirect branch function is preceded by the unique code.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to BRADFORD F WHEATON whose telephone number is (571)270-1779.  The examiner can normally be reached on Monday-Friday 8:00-5:00 EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Chat Do can be reached on 571-272-3721.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BRADFORD F WHEATON/Examiner, Art Unit 2193                                   

/Chat C Do/Supervisory Patent Examiner, Art Unit 2193