DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 04/07/2021 is in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statement is being considered by the examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claims 10-18 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Claim 10 recites "a computer readable medium”.  The computer readable medium broadly interpreted in light of the specification (see paragraph 18) would suggest to one of ordinary skill in the art signals or other forms of propagation and transmission media that fails to be statutory. Therefore, claim 10 is directed to non-statutory subject matter. Examiner respectfully suggests amending the claims to include "non-transitory computer readable medium" to make the claim statutory under 35 U.S.C. 101. 
Dependent claims 11-18 are also rejected under 35 U.S.C. 101 as being directed to non-statutory subject matter for the same reasons set forth above. 
	Allowable Subject Matter
Claims 1-9 and 19-20 are allowed. Claims 10-18 would be allowable if the 101 rejection, set forth in this Office action, are overcome.
The following is a statement of reasons for the allowance:
The prior art on record:
Prior art Maximilien et al. (WO 2021026938) teaches a shellcode detection method and apparatus, a computer device and a computer non-volatile readable storage medium, relating to the technical field of information network security. The present application is able to monitor the kernel and key specific memory pages of an operating system, and is able to detect an anomalous operating behavior in time and effectively find the execution of a shellcode attack behavior. Said method comprises: monitoring an operation behavior of a preset memory page; and if the operation behavior of the preset memory page occurs, determining the validity of the operation behavior of the preset memory page, so as to detect whether an attack behavior executed by shellcode occurs. Said method is applicable to detection of shellcode.
Prior art Evtyushkin et al. (NPL: Jump Over ASLR: Attacking Branch Predictors to Bypass ASLR, IDS reference) teaches an attack to derive kernel and user-level ASLR offset using a side-channel attack on the branch target buffer (BTB). Our attack exploits the observation that an adversary can create BTB collisions between the branch instructions of the attacker process and either the user-level victim process or on the kernel executing on its behalf. These collisions, in turn, can impact the timing of the attacker's code, allowing the attacker to identify the locations of known branch instructions in the address space of the victim process or the kernel. We demonstrate that our attack can reliably recover kernel ASLR in about 60 milliseconds when performed on a real Haswell processor running a recent version of Linux.. 
Prior art Gras et al. (NPL: ASLRonthe Line: Practical Cache Attacks on the MMU, IDS reference) teaches the first cache side-channel attack against a hardware component (i.e., the processor’s MMU), which allows malicious JavaScript code to derandomize the layout of the browser’s address space, solely by accessing memory. Since AnC does not rely on any specific instruction or software feature, it cannot be easily mitigated without naively disabling CPU caches. 
However, none of cited prior art teaches or suggests, alone or in combination, the particular combination of steps or elements as recited in the independent claims. Specifically, the cited prior art on record does not specifically disclose, teach or suggest as a whole the limitation “identifying memory locations of the stack layout that are writable; reading a currently stored library instruction address of a library at the identified memory locations; and iteratively incrementing the currently stored library instruction address by one and overwriting the identified memory locations until a remote shell is successfully spawned or another malicious instruction is executed” including all the other limitation recited in the independent claims.
The limitations of the independent claims were searched, but did not result in any applicable prior art.  After further considering the amendments, each of the independent claims as a whole are clearly distinguished from the prior art, and thus allowed.  
Dependent claims 2-9, 20 are also allowed for incorporating the allowable feature recited in the independent claims. 
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure. See PTOL-892.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/MENG LI/
Primary Examiner, Art Unit 2437