CN101162491A - Virtual executive system and method based on code slice - Google Patents
Virtual executive system and method based on code slice Download PDFInfo
- Publication number
- CN101162491A CN101162491A CNA2007100497565A CN200710049756A CN101162491A CN 101162491 A CN101162491 A CN 101162491A CN A2007100497565 A CNA2007100497565 A CN A2007100497565A CN 200710049756 A CN200710049756 A CN 200710049756A CN 101162491 A CN101162491 A CN 101162491A
- Authority
- CN
- China
- Prior art keywords
- code
- fundamental block
- virtual execution
- instruction
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a dynamic virtual execution system and a method of computer binary system program instruction, wherein, the system consists of a dynamic monitoring part, a disassembling part and a code slicing virtual execution part; the method includes the following steps: a monitored program is started in a debug mode; the dynamic monitoring part is provided with a trigger point and a release point; the trigger point is activated and the demand for control is transferred to the code slicing virtual execution part by the dynamic monitoring part; after the code stream of an object program is obtained, the disassembling part analyzes instructions to create a basic block; the generated basic block is stored in a buffer and virtual execution of each instruction of the basic block is completed after preprocessing; when reaching the release point, the instruction returns to the dynamic monitoring part to restore the normal execution of a binary program. The invention which is suitable for instruction level fine grain analysis during running a binary program supports local area simulation of object code stream; moreover, the invention can realize effective processing of the self mutation/self-checking code under multithread environment as well as various obfuscation codes, thereby having high operating efficiency.
Description
Technical field
The present invention relates to binary program virtual execution system and method, particularly the instruction-level virtual execution environment.The present invention is used for the dynamic fine-grained automated analysis to unknown binary program.
Background technology
The performance analysis of fine granularity binary program is a challenging task, and it will provide the key message that the core texture that makes up unknown software, function blueprint are needed.Current research about unknown binary program analysis is broadly divided into static analysis and two kinds of methods of performance analysis.
Static method allows detailed fine granularity analysis, because they can not be subjected to the specific run environmental limit.This method can allow not move binary program and analyze its inner structure and function, can guarantee that the binary code of this program is performed never, the burden when having reduced operation.Static analysis also has some limitations except these powerful characteristics.A problem that will face when adopting static analysis is that analyzed binary code is not the code of actual motion, has a lot of differences between analyzing and carrying out.Particularly have from the functional programs that makes a variation, and dynamically under the situation of generating code program, this class problem is very common at some.In addition, owing to, adopt static analysis to determine that state is impossible as undecidability factors such as indirect branches.Further, there is bigger limitation in static code analysis in the analysis of relevant fascination code, and code obfuscation technique mainly is used for protecting they self program analyzed and detect by the software developer.
Dynamic analysing method by when operation code analysis overcome above part limitation, guaranteed the true code when analyzed code is exactly operation.Though the method that has part to analyze about dynamic coarseness binary code, the research of analyzing when relevant fine granularity is moved also seldom.The analysis of current dynamic fine-grained binary software can be finished by debugger.Use the basic skills of debugger exactly breakpoint to be set in identified areas, the mode of an instruction is followed the trail of the code flow that need check, collects further information.Yet these instruments all are to need artificial a large amount of participations, very low of automaticity.In addition, can use the fine granularity analysis tool framework of some robotizations to follow the trail of code flow automatically.But they often all are based on, and the simulation fully of instruction realizes, operational efficiency is very low.And, very limited to having from the code ability of variation/self checking.
Therefore, current a kind of new robotization and the binary program instruction-level virtual execution environment efficiently of pressing for.Simultaneously, support analysis, and support effective analysis, and virtual execution system also should have very high performance the distortion code that adopts obfuscation technique to the variation/self-checking code certainly of multi-thread environment.
Summary of the invention
In view of this, the purpose of this invention is to provide the system that in the general-purpose operating system, software is carried out dynamic fine-grained analysis.Target provides one efficient, light, easy-to-use construction system, and it supports the following multithreading of user or kernel mode, variation/self-checking code and fascination code certainly, allows the execution of selectivity isolation code simultaneously.This framework is ignored the high efficiency that technology guarantees execution environment by using exquisite technology as fundamental block combination and standard code.By a spot of dependence inspection, and the dis-assembling parts that use built-in function to need will guarantee to run on like a cork Windows and UNIX operating system.Make this framework to be transplanted to easily on other operating systems or the architecture platform like this.The API that it provides is very simple and powerful, makes this framework very easy-to-use.
In order to achieve the above object, the invention provides a kind of virtual execution system and method based on code slice, it is characterized in that: this engine has comprised following building block:
The dynamic monitoring parts: the structure of dynamic monitoring parts is formed and comprised: trigger point and point of release are provided with module, the page fault processing module.The dynamic monitoring parts of virtual execution system are accepted user's input, with this object code stream scope of virtual execution are set, by trigger point definition reference position, and point of release definition end position.After the trigger point was activated, the page fault processing module was obtained control, the information code virtual execution unit of cutting into slices, and the dynamic monitoring parts are transferred to virtual execution system with the execution control authority of this section binary code stream.After arriving the point of release position, virtual execution system returns to former binary program with control, continues operation by normal execution pattern.
The dis-assembling parts: virtual execution system obtains the code flow of target binary program, generates corresponding assembly code by the dis-assembling parts, analyzes the assembly instruction that obtains one by one.The virtual execution unit of code slice resolves into a plurality of instruction set with object code stream, carries out every instruction in the fundamental block in the normal mode of carrying out of simulation code stream, and this process realizes that local code carries out, and instruction set has then been formed the fundamental block of virtual execution.Each fundamental block is the instruction sequence that does not comprise branch statement, end code stream section when meeting the following conditions: unconditional control transfer instruction; Conditional control transfer instruction; The non-control transfer instruction of specified quantity.The dis-assembling parts are used for dynamic construction and the corresponding to virtual execution fundamental block of object code stream.
The virtual execution unit of code slice: the structure of the virtual execution unit of code slice is formed and is comprised: fundamental block generation module, fundamental block cache module, fundamental block pretreatment module and virtual execution module.The fundamental block generation module calls the dis-assembling parts, and the binary code stream that obtains is analyzed, and generates the fundamental block that does not comprise control transfer instruction.This just makes all execution of object code stream can both remain in the range of control of virtual execution system.Carry out pre-service accordingly for improving operational efficiency, the fundamental block of generation leaves in the fundamental block buffer memory after carrying out pre-service.The code command that only is present in the fundamental block buffer memory could be carried out, and original object code stream can not directly be carried out.The fundamental block pretreatment module has adopted fundamental block combination technology and standard code to ignore technology, the delay when reducing to move with this for the runnability of elevator system.
In order to achieve the above object, the present invention also provides a kind of virtual executing method based on code slice, it is characterized in that: this method has comprised following operation steps:
Step (1) starts binary program with debud mode;
Step (2), the dynamic monitoring parts are provided with virtual execution trigger point and point of release;
Step (3), the trigger point is activated, and control is transferred to the virtual execution unit of code slice by the dynamic monitoring parts;
Step (4) is obtained the code flow of target binary program, after dis-assembling parts analysis instruction, creates fundamental block;
Step (5) is put into the fundamental block buffer memory with the fundamental block that generates, and carries out the fundamental block pre-service;
Step (6), the instruction of virtual each fundamental block of execution;
Step (7) behind the arrival point of release, turns back to the dynamic monitoring parts, recovers the normal execution of binary program.
In a word, the advantage of System and method for of the present invention is summarized as follows: robotization and binary program instruction-level virtual execution environment efficiently.Support is to the variation/self-checking code certainly of multi-thread environment, and effective analysis of adopting the distortion code of obfuscation technique.This virtual execution system has very high performance, allows selectivity to isolate code and carries out.
Description of drawings
Fig. 1 is that the present invention is used for the process flow diagram based on the virtual executing method of code slice.
Fig. 2 is that the present invention is used for the general structure block diagram based on the virtual execution system of code slice.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Referring to Fig. 1, the initialization virtual execution system, this comprises installation and configuration to the virtual execution unit of code slice, dis-assembling parts and dynamic monitoring parts.Be monitored program with the debud mode startup, this binary program may include user mode codes, and the kernel state code.Accept user's input by the dynamic monitoring parts, comprise the position, trigger point, the point of release position, the restriction of fundamental block instruction number, fundamental block is in conjunction with requiring etc.The memory pages attribute of trigger point and point of release address correspondence is set to not exist.
When binary program had access to the trigger point, mistake took place unusually, obtained control by the page fault processing module of dynamic monitoring parts.Then, the dynamic monitoring parts are transferred to the virtual execution unit of code slice with control.The virtual execution unit of code slice is analyzed binary code by the dis-assembling parts and is obtained every corresponding instruction after obtaining program codes stream, creates fundamental block according to the length principle that fundamental block generates.All fundamental block inside does not all include branch statement, guarantees that the control transfer does not take place the instruction code of each fundamental block.
The virtual execution unit of code slice is put into the fundamental block buffer memory with the fundamental block that generates, and carries out the fundamental block pre-service.The pre-service of fundamental block comprises that mainly fundamental block is in conjunction with ignoring two parts with standard code, every instruction in the virtual then execution fundamental block.After executing each instruction of fundamental block, control turns back to the virtual execution unit of code slice, regenerates new fundamental block.
After object code stream arrived point of release, control turned back to the dynamic monitoring parts, finally recovers the normal execution of binary program.
Fig. 2 is the general structure block diagram based on the virtual execution system of code slice.Below in conjunction with accompanying drawing 2, specifically introduce each building block of system of the present invention:
The dis-assembling parts
Dis-assembling parts analyzing virtual executive system is obtained the code flow of target binary program, generates each corresponding bar assembly instruction, analyzes the assembly instruction that obtains one by one.When running into control transfer instruction, or the accumulative total number of instructions of fundamental block is set to the end of this fundamental block when exceeding user-defined scope.The dis-assembling parts are used for dynamic construction and the corresponding to virtual execution fundamental block of object code stream.
The virtual execution unit of code slice resolves into a plurality of instruction set with object code stream, carries out instruction in the fundamental block in the normal mode of carrying out of simulation code stream.This process is referred to as local the execution, and instruction set is called as fundamental block.A fundamental block is the instruction sequence that does not comprise branch, end code stream section when meeting the following conditions generation:
(1) unconditional control transfer instruction;
(2) conditional control transfer instruction;
(3) the non-control transfer instruction of specified quantity.
The fundamental block generation module
The virtual execution unit of code slice adopts the dis-assembling parts of special system on object code stream, analyze an instruction at every turn, and creates corresponding fundamental block.
Each fundamental block is assembled bundle with the special instruction of system's appointment, is called the fundamental block end mark, by it control is transferred to the virtual execution unit of code slice then.The fundamental block end mark guarantees that analyzed object code stream is under the control of virtual execution system all the time.When fundamental block was carried out, the end mark by fundamental block obtained control when it executes, and the target internal memory start address of new fundamental block is created in decision, and one of dynamic creation is new fundamental block accordingly, and re-executes newly-built fundamental block.Under the control that does not have virtual execution system, the execution of object code stream will be according to its original normal executive mode operation.
The fundamental block generation module instructs at the control stream translation and has taked special processing, to support from variation/self-checking code and other any type of fascination code.It needn't recompile the object code instruction stream and just can well work, and is supported in the multithreading monitoring under user and the kernel mode fully, allows to regulate as required fine granularity and analyzes rank.
The fundamental block end mark is the special code structure that virtual execution system stops each fundamental block, and it can be abstracted into the function that a parameter is only arranged.This parameter is to point to the index of fundamental block end mark, and information when its allows operation that virtual execution system obtains monitor code stream comprises the target code addresses of creating new piece needs.A fundamental block end mark is replaced the non-condition conversion instruction of conditioned disjunction that stops fundamental block control stream.In some cases, owing to reach predetermined non-control stream translation instruction number, stop creating fundamental block.
From variation/self-checking code and fascination code
The code slice virtual execution system is at the non-conditional control transfer instruction of each conditioned disjunction, adopt fundamental block end mark model to make this system can support any type of fascination code, because the non-conditional branching of conditioned disjunction that the fascination code relies between instruction is finished their function.Each is all stopped at a definite control transfer instruction place by the fundamental block that the code slice virtual execution system produces, and the code slice virtual execution system can be handled direct and indirect control and shift, and this has just guaranteed that the target memory address of creating next fundamental block has pointed to the effective address of utilizing the dis-assembling parts to obtain the fundamental block establishment.
The code slice virtual execution system is handled the control transfer instruction that adopts hidden stack by particular form.For example, on IA-32 and compatible processor thereof, a subroutine is unconditionally handed to control in the CALL instruction.This instructs the return address pop down, the execution when recovering to call by a corresponding RET instruction ejection then.This characteristic is adopted from variation/self-checking code by the overwhelming majority, and they do not use the RET instruction, directly are ejected in the register but will be worth, and visit the code of oneself by it.The code slice virtual execution system guarantees that the programmable counter of object code stream obtains reflection all the time in the fundamental block end mark of correspondence instruction, support from variation/self-checking code with this.
The fundamental block pretreatment module
May comprise an instruction in the fundamental block, it transfers control to the code flow that a standard is carried out semantic place, as system call, standard library function.Local this class standard code flow of carrying out will cause more operation to postpone, and operational efficiency is unallowed under most environment.
The code slice virtual execution system can this class standard code flow of Dynamic Recognition, and they are excluded from code slice is handled, and therefore will remove from because of carrying out the delay that an operating system is called or the canonical function code brings.This technology is referred to as standard code and ignores.Standard code is ignored technology and can be used for equally getting rid of those in the code slice process, and the code flow part of analyzed mistake improves operational efficiency with this.
The execution of code slice virtual execution system fundamental block relates to the control that enters/leave virtual execution system and shifts.These transfers will cause the delay that the preservation and the recovery of processor buffer status brought because of system.This situation is obvious especially in code flow circulation implementation, the virtual execution unit because each circulation is all cut into slices invoke code.System's fundamental block combination technique can reduce the delay that causes because of code slice.This technology is combined into a fundamental block with one group of fundamental block, avoids the repeatedly control of the virtual execution unit of code slice is shifted.
The fundamental block combination technique is a powerful treatment mechanism, and it is similar to the fundamental block that source code is flowed with generation, can guarantee the fully control of code slice virtual execution system to run time version stream simultaneously, and reaches minimum operation delay.Realize the fundamental block combination technique by user-defined call back function, the fundamental block that this function need to be selected carries out the fundamental block combination.
Virtual execution module
The local execution starts from a user-defined object code stream starting point, referred to herein as the trigger point.The trigger point is that needs carry out the memory address that fine granularity is analyzed, and is generally that operating system is called or the built-in function address.Trigger point in the code slice virtual execution system defines by the dynamic monitoring parts.As long as carry out a trigger point, the virtual execution unit of just invoke code being cut into slices carries out the fine granularity analysis, up to running into a point of release.Point of release is in object code stream, and the virtual execution unit of code slice is abandoned monitoring and allowed its code flow turn back to the memory address of normal execution.Trigger point and corresponding point of release have been determined the scope under the code slice virtual execution system object code stream fine granularity analyzed also to allow other code flow normally carry out simultaneously, are referred to as the selectivity isolated execution.Under the code slice virtual execution system, can specify a plurality of overlapping or non-overlapped trigger points and point of release to object code stream.Construction system is supported the nested of trigger point and point of release, and the permission point of release is a unlimited amount.In this case, the whole thread that comprises object code stream all moves under the monitoring of code slice virtual execution system, stops local the execution up to thread termination or supervisory system.
The virtual execution unit of code slice is under the situation of ignoring the object code stream execution priority, with the independent fundamental block of nonpreemption mode operation.This will guarantee that the code slice virtual execution system has control completely to the instruction of carrying out.Virtual execution system can monitor any visit to the specified memory zone: operating system nucleus, resource and dynamic link library etc.The code slice virtual execution system adopts virtual memory mechanism, and monitors internal storage access in conjunction with page attribute treatment technology.
In the virtual execution unit of code slice, do not use any specific operating system function.The dis-assembling parts that virtual execution system uses are reused fully.Construction system has been kept a parameter information piece at the fundamental block end mark for each thread, and it can not destroy execution stack, and these characteristics make virtual execution system support multi-thread environment.No matter whether the fundamental block end mark exists, and the register of execution thread seems all not have difference.The fundamental block end mark supports the automatic thread of process or operating system nucleus to monitor, this is a characteristic of automatically code flow in the target process being cut into slices.Therefore, by specifying process creation API as the initial trigger point, allow new thread or the new process place of virtual execution system under each parent process, insert the trigger point automatically, whole process context can both be moved under the control of fundamental block end mark.
Claims (5)
1. based on the virtual execution system of code slice, it is characterized in that comprising following building block:
The dynamic monitoring parts: the dynamic monitoring parts of virtual execution system are accepted user's input, with this object code stream scope of virtual execution are set, by trigger point definition reference position, and point of release definition end position.After the trigger point was activated, the dynamic monitoring parts were transferred to virtual execution system with the execution control authority of this section binary code stream.After arriving the point of release position, virtual execution system returns to former binary program with control, continues operation by normal execution pattern.
The dis-assembling parts: virtual execution system obtains the code flow of target binary program, generates corresponding assembly code by the dis-assembling parts, analyzes the assembly instruction that obtains one by one.When running into control transfer instruction, or the accumulative total number of instructions of fundamental block is set to the end of this fundamental block when exceeding user-defined scope.The dis-assembling parts are used for dynamic construction and the corresponding to virtual execution fundamental block of object code stream.
The virtual execution unit of code slice: the fundamental block that does not comprise control transfer instruction that virtual execution system generates at the dis-assembling parts, fundamental block is deposited in the inner execution buffer memory, carry out pre-service accordingly, every instruction in the final virtual execution fundamental block for improving operational efficiency.
2. the virtual execution system based on code slice according to claim 1 is characterized in that: the structure of dynamic monitoring parts is formed and comprised: trigger point, point of release are provided with module, the page fault processing module.After the trigger point was activated, the page fault processing module was obtained control, the information code virtual execution unit of cutting into slices, and the position, trigger point of object code stream sent to the virtual execution unit of code slice.Arrive the point of release position, the dynamic monitoring parts return to the original binary program with control, continue to press normal mode and carry out.
3. the virtual execution system based on code slice according to claim 1 is characterized in that: the structure of the virtual execution unit of code slice is formed and is comprised: fundamental block generation module, fundamental block cache module, fundamental block pretreatment module and virtual execution module.The fundamental block generation module calls the dis-assembling parts, and the binary code stream that obtains is analyzed, and generates the fundamental block that does not comprise control transfer instruction.This just makes all execution of object code stream can both remain in the range of control of virtual execution system.After the fundamental block that generates leaves in the fundamental block buffer memory, improve operational efficiency through carrying out pre-service.The code command that only is present in the fundamental block buffer memory could be carried out, and original object code stream can not directly be carried out.The fundamental block pretreatment module has adopted fundamental block combination technology and standard code to ignore technology, the delay when reducing to move with this for the runnability of elevator system.
4. the virtual executing method based on code slice according to claim 1 is characterized in that:
Step (1) starts binary program with debud mode;
Step (2), the dynamic monitoring parts are provided with virtual execution trigger point and point of release;
Step (3), the trigger point is activated, and control is transferred to the virtual execution unit of code slice by the dynamic monitoring parts;
Step (4) is obtained the code flow of target binary program, after dis-assembling parts analysis instruction, creates fundamental block;
Step (5) is put into the fundamental block buffer memory with the fundamental block that generates, and carries out the fundamental block pre-service;
Step (6), every instruction in the virtual execution fundamental block;
Step (7) behind the arrival point of release, turns back to the dynamic monitoring parts, recovers the normal execution of binary program.
5. the virtual executing method based on code slice according to claim 4, it is characterized in that: the virtual execution unit of code slice resolves into a plurality of instruction set with object code stream, carry out every instruction in the fundamental block in the normal mode of carrying out of simulation code stream, carry out the part of this process code, and instruction set has then been formed the fundamental block of virtual execution.Each fundamental block is the instruction sequence that does not comprise branch statement, end code stream section when meeting the following conditions generation: unconditional control transfer instruction; Conditional control transfer instruction; The non-control transfer instruction collection of specified quantity.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100497565A CN100501757C (en) | 2007-08-14 | 2007-08-14 | Virtual executive system and method based on code slice |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2007100497565A CN100501757C (en) | 2007-08-14 | 2007-08-14 | Virtual executive system and method based on code slice |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101162491A true CN101162491A (en) | 2008-04-16 |
| CN100501757C CN100501757C (en) | 2009-06-17 |
Family
ID=39297413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2007100497565A Expired - Fee Related CN100501757C (en) | 2007-08-14 | 2007-08-14 | Virtual executive system and method based on code slice |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100501757C (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102023842A (en) * | 2010-12-16 | 2011-04-20 | 北京安天电子设备有限公司 | Method and device for removing junk codes |
| CN102193556A (en) * | 2011-04-18 | 2011-09-21 | 华东师范大学 | System and method for detecting potential interruption safety hazard of automobile electron device |
| CN102047261B (en) * | 2008-05-30 | 2014-01-29 | Nxp股份有限公司 | A method for adapting and executing a computer program and computer architecture therefore |
| CN101923482B (en) * | 2009-06-17 | 2014-07-09 | 北京瑞星信息技术有限公司 | Method and device for realizing virtual execution of user mode codes |
| CN105787305A (en) * | 2016-02-26 | 2016-07-20 | 西北大学 | Software protection method capable of resisting symbolic execution and taint analysis |
| CN105843667A (en) * | 2016-03-02 | 2016-08-10 | 南京大学 | Dynamic and non-intrusive application process function calling monitoring method in virtual machine manager |
| CN109344612A (en) * | 2018-09-25 | 2019-02-15 | 郑州昂视信息科技有限公司 | The active defense method and system inversely attacked for program code static analysis |
| CN109634852A (en) * | 2018-11-30 | 2019-04-16 | 北京小米移动软件有限公司 | Program debugging method and device |
| CN112541188A (en) * | 2019-09-20 | 2021-03-23 | 武汉斗鱼网络科技有限公司 | Method and device for preventing application program code from being statically analyzed |
-
2007
- 2007-08-14 CN CNB2007100497565A patent/CN100501757C/en not_active Expired - Fee Related
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102047261B (en) * | 2008-05-30 | 2014-01-29 | Nxp股份有限公司 | A method for adapting and executing a computer program and computer architecture therefore |
| US9117070B2 (en) | 2008-05-30 | 2015-08-25 | Nxp, B.V. | Method for adapting and executing a computer program and computer architecture therefore |
| CN101923482B (en) * | 2009-06-17 | 2014-07-09 | 北京瑞星信息技术有限公司 | Method and device for realizing virtual execution of user mode codes |
| CN102023842B (en) * | 2010-12-16 | 2013-09-11 | 北京安天电子设备有限公司 | Method and device for removing junk codes |
| CN102023842A (en) * | 2010-12-16 | 2011-04-20 | 北京安天电子设备有限公司 | Method and device for removing junk codes |
| CN102193556A (en) * | 2011-04-18 | 2011-09-21 | 华东师范大学 | System and method for detecting potential interruption safety hazard of automobile electron device |
| CN102193556B (en) * | 2011-04-18 | 2012-10-31 | 华东师范大学 | System and method for detecting potential interruption safety hazard of automobile electron device |
| CN105787305B (en) * | 2016-02-26 | 2018-08-10 | 西北大学 | A kind of method for protecting software for resisting semiology analysis and stain analysis |
| CN105787305A (en) * | 2016-02-26 | 2016-07-20 | 西北大学 | Software protection method capable of resisting symbolic execution and taint analysis |
| CN105843667A (en) * | 2016-03-02 | 2016-08-10 | 南京大学 | Dynamic and non-intrusive application process function calling monitoring method in virtual machine manager |
| CN105843667B (en) * | 2016-03-02 | 2019-01-15 | 南京大学 | Dynamic is without the application process function call monitoring method invaded in virtual machine manager |
| CN109344612A (en) * | 2018-09-25 | 2019-02-15 | 郑州昂视信息科技有限公司 | The active defense method and system inversely attacked for program code static analysis |
| CN109634852A (en) * | 2018-11-30 | 2019-04-16 | 北京小米移动软件有限公司 | Program debugging method and device |
| CN109634852B (en) * | 2018-11-30 | 2022-03-18 | 北京小米移动软件有限公司 | Program debugging method and device |
| CN112541188A (en) * | 2019-09-20 | 2021-03-23 | 武汉斗鱼网络科技有限公司 | Method and device for preventing application program code from being statically analyzed |
| CN112541188B (en) * | 2019-09-20 | 2022-05-13 | 武汉斗鱼网络科技有限公司 | Method and device for preventing application program code from being statically analyzed |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100501757C (en) | 2009-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100501757C (en) | Virtual executive system and method based on code slice | |
| CN103399812B (en) | Based on disk file operation supervise and control system and the method for supervising of Xen hardware virtualization | |
| US8726255B2 (en) | Recompiling with generic to specific replacement | |
| US9417935B2 (en) | Many-core process scheduling to maximize cache usage | |
| CN101154259A (en) | General automated shelling engine and method | |
| US20120222043A1 (en) | Process Scheduling Using Scheduling Graph to Minimize Managed Elements | |
| CN104008329B (en) | Software privacy leak behavior detection method and system based on virtualization technology | |
| CN102609296A (en) | Virtual machine branching and parallel execution | |
| CN102063328B (en) | System for detecting interrupt-driven type program data competition | |
| CN105184166A (en) | Kernel-based Android application real-time behavior analysis method and system | |
| EP3161641B1 (en) | Methods and apparatuses for automated testing of streaming applications using mapreduce-like middleware | |
| US20100088546A1 (en) | Statistical debugging using paths and adaptive profiling | |
| CN104077220A (en) | Method and device for debugging microprocessor without interlocked piped stages (MIPS) framework operating system kernel | |
| Pérez‐Díaz et al. | Wirebrush4SPAM: a novel framework for improving efficiency on spam filtering services | |
| KR20150130298A (en) | Operating system support for contracts | |
| WO2005008414A2 (en) | Method and apparatus for parallel action processing | |
| Li et al. | Reprolite: A lightweight tool to quickly reproduce hard system bugs | |
| Cortellessa et al. | Enabling Performance Antipatterns to arise from an ADL-based Software Architecture | |
| CN113778616A (en) | Electric power Internet of things terminal virtualization analog simulation platform and simulation method | |
| US11030075B2 (en) | Efficient register breakpoints | |
| Tsoumakos et al. | The case for multi-engine data analytics | |
| US7827543B1 (en) | Method and apparatus for profiling data addresses | |
| Ro et al. | SPEAR: A hybrid model for speculative pre-execution | |
| CN102360306A (en) | Method for extracting and optimizing information of cyclic data flow charts in high-level language codes | |
| Chen et al. | Learning-oriented property decomposition for automated generation of directed tests |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090617 Termination date: 20090914 |