Accelerated code injection detection using operating system controlled memory attributes

What is claimed is: 1. A method for malware detection implemented by a computing system, comprising: searching a volatile memory to locate a plurality of memory segments; determining memory segments of the located plurality of memory segments having a predetermined plurality of segment attributes to determine a set of memory segments that contains fewer memory segments than the plurality of memory segments; and providing an indication to enable the set of memory segments to be scanned for malware code in the volatile memory instead of scanning the plurality of memory segments for malware code. 2. The method of claim 1 , wherein a first segment attribute of the predetermined plurality of segment attributes indicates at least one of: a private type attribute; or an image type attribute. 3. The method of claim 2 , wherein a second segment attribute of the predetermined plurality of segment attributes comprises at least one of: an execute protection attribute; or a shared segment attribute. 4. The method of claim 1 , further comprising determining a ranking value for at least one memory segment of the set of memory segments based on at least one of: the predetermined plurality of segment attributes; or one or more observations for the at least one memory segment comprising a function call, a function available to call, a registry reference, an address range, or a system privilege. 5. The method of claim 4 , further comprising: initiating execution of an anti-malware application on each memory segment of the set of memory segments based on the determined ranking value; and providing an identifier for each memory segment of the set of memory segments to the anti-malware application for performance of an anti-malware process by the anti-malware application on each memory segment of the set of memory segments. 6. The method of claim 4 , further comprising: for each memory segment of the set of memory segments, performing at least one of: including the ranking value in the indication; or comparing the ranking value to a threat threshold value and providing the indication based on said comparing. 7. The method of claim 1 , further comprising: retrieving a stored attribute list that is configured to be dynamically updated, and that includes listed attributes corresponding to the predetermined plurality of segment attributes; and wherein determining whether the memory segments of the located plurality of memory segments have the predetermined plurality of segment attributes is performed via an application programming interface (API) configured to expose a memory manager, that tracks current segment attributes for the volatile memory, to attribute finder logic configured to perform said determining memory segments of the located plurality of memory segments having a predetermined plurality of segment attributes. 8. A system comprising: at least one volatile memory configurable to define a plurality of memory segments, the at least one volatile memory that stores: instructions associated with processes executing on the system, and program logic for malware search and detection; and at least one processor configured to access the at least one volatile memory and to execute the program logic, the program logic comprising: search logic configured to: search the at least one volatile memory to locate memory segments; attribute logic configured to: determine memory segments of the located plurality of memory segments having a first segment attribute to determine a first set of memory segments; and determine memory segments of the first set that also have a second segment attribute to determine a second set of memory segments; and indication logic configured to: provide an indication to enable the second set of memory segments to be scanned for malware code in the volatile memory instead of scanning the plurality of memory segments for malware code. 9. The system of claim 8 , wherein the first segment attribute indicates at least one of: a private type attribute; or an image type attribute; and wherein the second segment attribute comprises at least one of: an execute protection attribute; or a shared segment attribute. 10. The system of claim 9 , wherein the at least one volatile memory comprises: a system memory configured to store ones of the instructions for access by the processes executing on the system; and a virtual memory configured with the memory segments. 11. The system of claim 8 , wherein the program logic further comprises ranking logic configured to determine a ranking value: for one or more memory segments of the first set of memory segments based on the first segment attribute; or for one or more memory segments of the second set of memory segments based on the second segment attribute. 12. The system of claim 11 , wherein, for the one or more memory segments of the first set of memory segments or for the one or more memory segments of the second set of memory segments, the indication logic is configured to perform at least one of: including the ranking value in the indication; or comparing the ranking value to a threat threshold value and providing the indication based on said comparing. 13. The system of claim 12 , wherein the attribute logic is configured to perform one or more observations for memory segments of the first set of memory segments or the second set of memory segments, the observations comprising at least one of a function call, a registry reference, an address range for modified data, or a system privilege; and wherein the ranking value is also based on the one or more observations. 14. The system of claim 12 , wherein the at least one volatile memory stores an attribute list that is configured to be dynamically updated, and to include listed attributes corresponding to the first segment attribute and to the second segment attribute; and wherein the attribute logic is configured to determine whether a memory segment has at least one of the first segment attribute or the second segment attribute based on the listed attributes. 15. The system of claim 8 , wherein the attribute logic is configured to determine whether a memory segment has at least one of the first segment attribute or the second segment attribute via an application programming interface (API) configured to expose to the attribute logic a memory manager of the system that tracks current segment attributes in the at least one volatile memory. 16. The system of claim 8 , wherein the search logic is configured to: access the memory manager; and perform the search on a binary search tree associated with the memory manager. 17. A computer-readable program storage device having computer program instructions recorded thereon that, when executed by a processing device, perform a method for malware detection, the program instructions comprising: search instructions configured to: search a volatile memory of a system; and locate memory segments of the volatile memory; attribute instructions configured to: determine memory segments of the located memory segments having a predetermined plurality of segment attributes to determine a set of memory segments that contains fewer memory segments than the located memory segments; and indication instructions configured to: provide an indication to enable the set of memory segments to be scanned for malware code instead of scanning the plurality of memory segments for malware code. 18. The computer-readable program storage device of claim 17 , wherein the at