System and Method to Create a Number of Breakpoints in a Virtual Machine Via Virtual Machine Trapping Events
First Claim
Patent Images
1. A method to create a number of passive breakpoints in a virtual machine, the method comprising the steps of:
- triggering a virtualization trapping event in a hardware-assisted virtualization platform, during software execution within a guest virtual machine;
intercepting the virtualization trapping event via a hardware-assisted virtualization hypervisor;
independently registering the virtualization trapping event via an analysis engine; and
determining whether the virtualization trapping event includes any arbitrary software execution.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method for dynamic software analysis operable to describe program behavior via instrumentation of virtualization events.
-
Citations
13 Claims
-
1. A method to create a number of passive breakpoints in a virtual machine, the method comprising the steps of:
-
triggering a virtualization trapping event in a hardware-assisted virtualization platform, during software execution within a guest virtual machine; intercepting the virtualization trapping event via a hardware-assisted virtualization hypervisor; independently registering the virtualization trapping event via an analysis engine; and determining whether the virtualization trapping event includes any arbitrary software execution. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method to create a number of passive breakpoints in a virtual machine via instrumentation of common virtual machine trapping events, the method comprising the steps of:
-
parsing a configuration; installing an executor in a virtual machine; starting the virtual machine; executing malware in the virtual machine; detecting at least one event occurrence of the virtual machine; performing introspection within a memory of the virtual machine; dynamically resolving at least one hook address via a control interface; installing at least one hook in at least one of malware, an affected process, and a kernel of an operating system; and logging at least one hook result in a predetermined format.
-
-
7. A system to create a number of passive breakpoints in a virtual machine via instrumentation of common virtual machine trapping events, the system including:
an event driven hooking engine operable to manipulate at least one page permission in a virtual machine and utilize at least one virtual machine trap exposed by a hypervisor virtualization platform to provide execution at an arbitrary address within a process of the virtual machine. - View Dependent Claims (8, 9, 10, 11, 12, 13)
Specification