Analytical virtual machine
First Claim
1. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor comprising:
- a behavior record storing behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a sequencer that stores a sequence in which behavior flags are set in the behavior record during virtual execution of the computer code under analysis; and
simulated memory and a simulated operating system representative of a host real computer system, the computer code under analysis interacting with the simulated memory and the simulated operating system to generate the behavior flags;
wherein the virtual machine passes data representative of the behavior record to the host real computer system prior to termination of the virtual machine.
4 Assignments
0 Petitions
Accused Products
Abstract
An analytical virtual machine (AVM) analyzes computer code using a software processor including a register that stores behavior flags indicative of behaviors identified by virtually executing the code within the virtual machine. The AVM includes a sequencer that stores the sequence in which behavior flags are set in the behavior flags register. The AVM analyzes machine performance by emulating execution of the code being analyzed on a fully virtual machine and records the observed behavior. When emulation and analysis are complete, the AVM returns the behavior flags register and sequencer to the real machine and terminates.
-
Citations
10 Claims
-
1. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor comprising:
-
a behavior record storing behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a sequencer that stores a sequence in which behavior flags are set in the behavior record during virtual execution of the computer code under analysis; and
simulated memory and a simulated operating system representative of a host real computer system, the computer code under analysis interacting with the simulated memory and the simulated operating system to generate the behavior flags;
wherein the virtual machine passes data representative of the behavior record to the host real computer system prior to termination of the virtual machine.
-
-
2. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor, comprising:
-
a register or structure that stores behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a register or structure that stores a sequence in which behavior flags are set in the behavior flags register or structure;
an entry point table that stores all entry points to the computer code under analysis within the virtual machine;
a structure that stores interrupt vector addresses, pointing at interrupt service routines loaded into memory reserved by the virtual machine when the virtual machine is initialized;
a memory structure simulating input and output ports;
a memory structure simulating processor memory;
one or more operating system simulation shells that simulate values returned by a real operating system under which the computer code under analysis is intended to operate. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
Specification