Self-modifying code detection method and device based on binary translation

A code detection and self-modification technology, applied in the computer field, can solve the problem of low performance of self-modification code detection and achieve the effect of improving efficiency

Active Publication Date: 2022-02-08
康烁
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The main purpose of the present invention is to provide a self-modifying code detection method and device based on binary translation to solve the problem of low performance of self-modifying code detection performed by target processors in the prior art

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Self-modifying code detection method and device based on binary translation
  • Self-modifying code detection method and device based on binary translation
  • Self-modifying code detection method and device based on binary translation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments. It should be pointed out that, in the case of no conflict, the embodiments in the present application and the features in the embodiments can be combined with each other.

[0022] TLB: Translation lookaside buffer, that is, bypass translation buffer, or page table cache; it stores some page table files (virtual address to physical address conversion table). The TLB is a small, virtually addressed cache in which each line holds a block consisting of a single PTE (Page Table Entry). If there is no TLB, each data fetch requires two accesses to the memory, that is, look up the page table to obtain the physical address and fetch the data.

[0023] figure 1 is a flowchart of a binary translation self-modifying code detection method according to an optional embodiment of the present invention, such as figure 1 As shown, the method includes the follow...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a self-modifying code detection method and device based on binary translation. The method includes detecting whether the operation indicated by the code to be executed is a write operation during the execution of the local code, wherein the local code includes a code obtained by performing a translation operation on the received instruction; if the code to be executed The operation instructed to be performed is the above-mentioned write operation, then query whether there is a virtual address mapping of the above-mentioned write operation in the instruction page table cache, wherein the above-mentioned virtual address mapping is used to record the page number of the virtual address and the physical address of the above-mentioned received instruction The above-mentioned virtual address mapping obtained in the process of executing the above-mentioned translation operation is stored in the above-mentioned instruction page table cache; if the virtual address mapping of the write operation is found in the instruction page table cache, it is determined that the above-mentioned write operation is a self-translation Modify the code operation. Through the present invention, the efficiency of detection and re-translation of self-modifying codes can be improved.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a binary translation-based self-modifying code detection method and device. Background technique [0002] Self-teaching code detection is a difficult point in binary translation research, which causes potential problems when binary translation is adopted, because the code actually executed is the translated code rather than the original source code. If the original source code had writes to itself, the translated version must produce exactly the same result. Runtime software must correctly emulate such instances of self-modifying code. [0003] The existing approach is to write-protect the original source code area by runtime software. Page-level write access is turned off for all pages containing translated source code. This can be done through system calls generated by the runtime software. Therefore, any attempt to write to a page containing translated code results in a ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F8/52G06F12/1027
Inventor 康烁
Owner 康烁
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap