Virtual machine simulation method and device, storage medium and computer equipment

Abstract

The invention discloses a virtual machine simulation method and device, a storage medium and computer equipment. The method comprises the steps of obtaining an executable file header corresponding toan executable file in a real system; exporting a function corresponding to the executable file according to the executable file header; and establishing a virtual executable file in the virtual machine by utilizing a function corresponding to the executable file and the executable file header, the virtual executable file comprising a pile function ID corresponding to the function, a pile functioncall interruption and a pile function call return value. According to the virtual machine established by the embodiment of the invention, when the target program is executed, the parameters in the real calling function of the function in the system cannot be really called to realize the calling purpose when the target program is executed in the real system. The disk occupation space of the virtualmachine can be greatly reduced, the execution speed can be increased, pile function execution behaviors can be controlled in a fine-grained mode, and a technical guarantee is provided for heuristic virus detection based on dynamic behaviors.

Description

technical field [0001] The present application relates to the technical field of computer security, in particular to a virtual machine simulation method and device, a storage medium, and computer equipment. Background technique [0002] With the continuous development of computer technology, now, whether in daily life or work, computers have become an indispensable partner for people, bringing a lot of convenience to people's work and life, but among them There is a discordant factor, and that is the computer virus. [0003] In view of computer security problems caused by computer viruses, almost any enterprise or individual will use anti-virus software now, but most of the current anti-virus software is based on the virus characteristics included in the virus database. If a program hits the virus signature in the virus database, it is determined that the program is a virus program. Obviously, if a new type of virus or a variant virus appears, it will be difficult to use th...

AI Technical Summary

Problems solved by technology

[0003] In view of computer security problems caused by computer viruses, almost any enterprise or individual will use anti-virus software now, but most of the current anti-virus software is based on the virus characteristics included in the virus database. If a program hits the virus signature in the virus database, it is determined that the program is a virus program. Obviously, if a new type of virus or a variant virus appears, it will be difficult to use the virus database to deal with it.

[0004] Therefore, this application proposes a heuristic virus detection method using a virtual machine engine. However, in the process of developing the virtual machine engine, it is found that after the virtual machine architecture is built, if the virtual machine is completely simulated according to the real system, let the virtual machine load Executable files of the real system will cause the virtual machine to be very bloated, with poor execution efficiency, and cannot well control the execution behavior of the API, failing to achieve the purpose of virus dynamic behavior analysis

Images