System and method for logging operations of virtual machines
First Claim
Patent Images
1. A method, comprising:
- redirecting a reference from a first address to a second address, whereinthe reference initially refers to the first address,the first address is an address of a function to be executed by a virtual machine, andthe second address is an address of a second memory location in a memory page within the virtual machine;
installing an execution event at the second memory location;
in response to a request to load a software module in the virtual machine, triggering the execution event, whereinthe execution event, when triggered, is configured to cause an indication to be sent to a hypervisor;
in response to the triggering of the execution event, sending the indication to the hypervisor that the software module is loaded in the virtual machine;
in response to the sending, accessing a first memory location in the virtual machine, whereinthe accessing is performed using the hypervisor,a value is stored in the first memory location, andthe value identifies the software module; and
returning the value to the hypervisor.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for logging operations of guest virtual machines are provided. An execution event is triggered, in response to a request to load a software module in a virtual machine. A processor sends an indication to a hypervisor that the software module is loaded in the virtual machine, in response to the triggering of the execution event. A security appliance accesses, using the hypervisor, a first memory location in the virtual machine, in response to the indication. A value is stored in the first memory location. The value identifies the software module. The security appliance returns the value to the hypervisor.
-
Citations
20 Claims
-
1. A method, comprising:
-
redirecting a reference from a first address to a second address, wherein the reference initially refers to the first address, the first address is an address of a function to be executed by a virtual machine, and the second address is an address of a second memory location in a memory page within the virtual machine; installing an execution event at the second memory location; in response to a request to load a software module in the virtual machine, triggering the execution event, wherein the execution event, when triggered, is configured to cause an indication to be sent to a hypervisor; in response to the triggering of the execution event, sending the indication to the hypervisor that the software module is loaded in the virtual machine; in response to the sending, accessing a first memory location in the virtual machine, wherein the accessing is performed using the hypervisor, a value is stored in the first memory location, and the value identifies the software module; and returning the value to the hypervisor. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer system comprising:
-
at least one processor; a computer-readable storage medium coupled to the at least one processor; and computer code, encoded in the computer-readable storage medium, configured to cause the at least one processor to redirect a reference from a first address to a second address, wherein the reference initially refers to the first address, the first address is an address of a function to be executed by a virtual machine, and the second address is an address of a second memory location in a memory page within the virtual machine, install an execution event at the second memory location, trigger the execution event, in response to a request to load a software module in the virtual machine, wherein the execution event, when triggered, is configured to cause an indication to be sent to a hypervisor, send the indication to the hypervisor that the software module is loaded in the virtual machine, in response to the triggering of the execution event, access a first memory location in the virtual machine, in response to the indication, wherein the accessing is performed using the hypervisor, a value is stored in the first memory location, and the value identifies the software module, and return the value to the hypervisor. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium comprising computer code, when executed, the computer code is configured to cause a processor to:
-
redirect a reference from a first address to a second address, wherein the reference initially refers to the first address, the first address is an address of a function to be executed by a virtual machine, and the second address is an address of a second memory location in a memory page within the virtual machine; install an execution event at the second memory location; trigger an execution event, in response to a request to load a software module in the virtual machine, wherein the execution event, when triggered, is configured to cause an indication to be sent to a hypervisor; send the indication to the hypervisor that the software module is loaded in the virtual machine, in response to the triggering of the execution event; access a first memory location in the virtual machine, in response to the sending wherein the accessing is performed using the hypervisor, a value is stored in the first memory location, and the value identifies the software module; and return the value to the hypervisor. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification