哈尔滨工程大学学报2017,Vol.38Issue(12):1969-1976,8.DOI:10.11990/jheu.201607055
基于虚拟机的程序运行时监控方法
Virtual machine-based method for runtime monitoring of executing program
摘要
Abstract
To provide runtime monitoring for executing programs at system level, a dynamic monitoring framework based on virtual machine was designed and implemented.By utilizing an event-driven mechanism based on the theory of a translation program for virtual machines, this study selected a specific event as the target for registra-tion, and the CPU state was obtained for analysis to obtain dynamic running information on the tested program. This paper describes the structure of the dynamic monitoring framework, analyzes the working principle, and in-troduces the process of acquiring monitoring information.The analysis of suspicious programs based on control flow technique was used as an example to describe the entire process.The test results show that this method is ef-fective in conducting comprehensive monitoring.Furthermore, this method facilitates obtaining the kernel status of the operating system and process information to support the analysis of the dynamic behavior of the executing program.关键词
运行时监控/动态二进制分析/虚拟机/事件/翻译/控制流Key words
runtime monitoring/dynamic binary analysis/virtual machine/event/translation/control flow分类
信息技术与安全科学引用本文复制引用
王丹,陈嘉,赵文兵,林九川..基于虚拟机的程序运行时监控方法[J].哈尔滨工程大学学报,2017,38(12):1969-1976,8.基金项目
北京市自然科学基金项目(4173072) (4173072)
信息网络安全公安部重点实验室开放课题. ()
