SYSTEM AND METHOD FOR HYPERVISOR BREAKPOINTS
First Claim
1. A method for debugging a computer program comprising:
- selecting a first memory location as a breakpoint location;
determining a first memory page that contains the first memory location;
replacing at least a portion of the first memory page with new content, the new content including a breakpoint instruction; and
setting a permission of the first memory page to execute only, such that attempts to read to or write from the first memory page by the computer program are prevented.
13 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems allow the use of hypervisors to use software breakpoints in the same manner as hardware breakpoints. A program to be tested is executed by a hypervisor running a virtual machine. A memory page containing the location of a breakpoint is copied to a temporary memory page. Then a new page is written containing breakpoint instructions at specified memory locations. The new page is tagged as execute only, so the program to be tested is unaware of any changes to the program. If the program attempts to read from the changed memory page, it will read from the temporary memory page instead. Such a method can be used to search websites for malware in relative safety because of the inability of the malware to write to memory locations that are located on a page that is execute only.
-
Citations
27 Claims
-
1. A method for debugging a computer program comprising:
-
selecting a first memory location as a breakpoint location; determining a first memory page that contains the first memory location; replacing at least a portion of the first memory page with new content, the new content including a breakpoint instruction; and setting a permission of the first memory page to execute only, such that attempts to read to or write from the first memory page by the computer program are prevented. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A machine-readable medium that stores instructions which, when executed by a machine, causes the machine to perform operations comprising:
-
selecting a first memory location as a breakpoint location; determining a first memory page that contains the first memory location; replacing at least a portion of the first memory location with new content, the new content including a breakpoint instruction; and wherein, the first memory page is marked as execute only, such that attempts to read from or write to the first memory page are prevented. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A system for debugging a computer program comprising:
-
memory, divided into pages including at least a first memory page; a processor coupled to the memory; wherein the processor is arranged to; select a first memory location as a breakpoint location; determine a first memory page that contains the first memory location; replace at least a portion of the first memory page with new content, the new content including a breakpoint instruction; and set the permission of the first memory page to execute only, such that attempts to read to or write from the first memory page by the computer program are prevented. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A method for determining the existence of malware on websites comprising:
-
using a browser that is executing on a virtual machine to load a website into a browser; setting a breakpoint to detect indicia of malware; and logging any detected indicia of malware. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification