Analytical virtual machine
First Claim
Patent Images
1. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor comprising:
- a behavior record storing behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a sequencer that stores a sequence in which behavior flags are set in the behavior record during virtual execution of the computer code under analysis; and
simulated memory and a simulated operating system representative of a host real computer system, the computer code under analysis interacting with the simulated memory and the simulated operating system to generate the behavior flags;
wherein the virtual machine passes data representative of the behavior record to the host real computer system prior to termination of the virtual machine.
4 Assignments
0 Petitions
Accused Products
Abstract
An analytical virtual machine (AVM) analyzes computer code using a software processor including a register that stores behavior flags indicative of behaviors identified by virtually executing the code within the virtual machine. The AVM includes a sequencer that stores the sequence in which behavior flags are set in the behavior flags register. The AVM analyzes machine performance by emulating execution of the code being analyzed on a fully virtual machine and records the observed behavior. When emulation and analysis are complete, the AVM returns the behavior flags register and sequencer to the real machine and terminates.
207 Citations
10 Claims
-
1. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor comprising:
-
a behavior record storing behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a sequencer that stores a sequence in which behavior flags are set in the behavior record during virtual execution of the computer code under analysis; and
simulated memory and a simulated operating system representative of a host real computer system, the computer code under analysis interacting with the simulated memory and the simulated operating system to generate the behavior flags;
wherein the virtual machine passes data representative of the behavior record to the host real computer system prior to termination of the virtual machine.
-
-
2. A virtual machine system for computer code behavior analysis, the virtual machine system having a software processor, comprising:
-
a register or structure that stores behavior flags representative of computer code behavior observed by virtually executing the computer code under analysis within the virtual machine;
a register or structure that stores a sequence in which behavior flags are set in the behavior flags register or structure;
an entry point table that stores all entry points to the computer code under analysis within the virtual machine;
a structure that stores interrupt vector addresses, pointing at interrupt service routines loaded into memory reserved by the virtual machine when the virtual machine is initialized;
a memory structure simulating input and output ports;
a memory structure simulating processor memory;
one or more operating system simulation shells that simulate values returned by a real operating system under which the computer code under analysis is intended to operate. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKyndryl Incorporated
-
Original AssigneeVCIS Incorporated
-
InventorsMade, Peter A.J. van der
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current717/129
-
CPC Class CodesG06F 21/563 by source code analysisG06F 21/566 Dynamic detection, i.e. det...
