A binary translation-based self-modification code detection method and device

A code detection and self-modification technology, applied in the computer field, can solve the problem of low performance of self-modification code detection, and achieve the effect of improving the efficiency of detection and re-translation

Active Publication Date: 2019-05-03
康烁
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a self-modifying code detection method and device based on binary translation to solve the problem of low performance of self-modifying code detection performed by target processors in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A binary translation-based self-modification code detection method and device
  • A binary translation-based self-modification code detection method and device
  • A binary translation-based self-modification code detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be pointed out that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

[0022] TLB: Translation lookaside buffer, that is, bypass translation buffer, or page table cache; it stores some page table files (virtual address to physical address conversion table). The TLB is a small, virtually addressed cache in which each line holds a block consisting of a single PTE (Page Table Entry). If there is no TLB, each data fetch requires two accesses to the memory, that is, look up the page table to obtain the physical address and fetch the data.

[0023] figure 1 is a flowchart of a binary translation self-modifying code detection method according to an optional embodiment of the present invention, such as figure 1 As shown, the method includes the follow...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a binary translation-based self-modification code detection method and device. The method comprises the steps that in the process of executing a local code, whether an operation indicated to be executed by a to-be-executed code is a write operation or not is detected, and the local code comprises a code obtained by executing a translation operation on a received instruction; if the operation indicated to be executed by the to-be-executed code is the write operation, inquiring whether virtual address mapping of the write operation exists in an instruction page table cache or not is inquired, wherein the virtual address mapping is used for recording the corresponding relation between the virtual address of the received instruction and the page number of the physical address, and the virtual address mapping obtained in the process of executing the translation operation is stored in the instruction page table cache; and if it is queried that the virtual address mapping of the write operation exists in the instruction page table cache, determining the write operation as a self-modification code operation. Through the method and the device, the detection and re-translation efficiency of the self-modified code can be improved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a binary translation-based self-modifying code detection method and device. Background technique [0002] Self-teaching code detection is a difficult point in binary translation research, which causes potential problems when binary translation is adopted, because the code actually executed is the translated code rather than the original source code. If the original source code had writes to itself, the translated version must produce exactly the same result. Runtime software must correctly emulate such instances of self-modifying code. [0003] The existing approach is to write-protect the original source code area by runtime software. Page-level write access is turned off for all pages containing translated source code. This can be done through system calls generated by the runtime software. Therefore, any attempt to write to a page containing translated code results in a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F8/52G06F12/1027
Inventor 康烁
Owner 康烁
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap