Detection method and virtual machine for controllable execution of files

A detection method and virtual machine technology, applied in software simulation/interpretation/simulation, program control devices, platform integrity maintenance, etc., can solve problems such as damage and easy detection of HOOK, and achieve high execution efficiency, safe and reliable operation The effect of control and less resources

Active Publication Date: 2016-04-13
TENCENT CLOUD COMPUTING BEIJING CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But HOOK is easy to be detected and destroyed

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and virtual machine for controllable execution of files
  • Detection method and virtual machine for controllable execution of files
  • Detection method and virtual machine for controllable execution of files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0044] refer to figure 1 , an embodiment of a detection method for controllable execution of files is proposed in the present invention. The method can include:

[0045] Step S11, establishing a virtual operating system environment;

[0046] Step S12, after initialization, switch the execution of the sample file to the established virtual operating system environment;

[0047] Step S13, calling the processor to execute the instructions of the sample file within a set range, and recording the behavior of the sample file.

[0048] In view of the controllable execution of existing technical documents: a complete operating system needs to be installed to consume large resources; or, the creation of a software and hardware simulation environment causes all instructions to be based on simulation, resulting in low executi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a detection method for controllable execution of a file and a virtual machine. The detection method can comprise the following steps: building a virtual operation system environment; switching the execution of a sample file to the built virtual operation system environment after initialization; calling a processor to execute an instruction of the sample file within a set range, and recording the behavior of the sample file. According to the invention, the virtual operation system environment is built for the sample file to operate, the physical processor is used to execute the instruction of the sample file, and an instruction execution range of a hardware device is preset, so that the operation of the sample file is safe and controllable; simultaneously, less resources are consumed, and high execution efficiency is achieved.

Description

technical field [0001] The invention relates to a detection technology for controllable execution of files, in particular to a detection method for controllable execution of files and a virtual machine. Background technique [0002] For the controllable execution of files (such as malicious files such as viruses), the following methods are mainly used in the prior art: virtual machine mode, sandbox mode, emulator mode, and HOOK (programming interface API call technology) mode, etc. [0003] The above-mentioned virtual machine method is to put the executable file into the virtual machine for execution, and monitor the execution behavior of the file through a monitoring tool or a debugger. The biggest problem is that the virtual machine has more requirements on the external software and hardware environment. For example, a general PC can only run one Vmware (virtual machine software) instance, and VMware consumes a lot of memory and hard disk when running; a complete operatin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F9/455
Inventor 谢飞高小明曹亮
Owner TENCENT CLOUD COMPUTING BEIJING CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap