Method for detecting existence of virtual machine monitor (VMM) under Windows platform

Method for detecting existence of virtual machine monitor (VMM) under Windows platform

The invention discloses a method for detecting the existence of a virtual machine monitor (VMM) under a Windows platform, aiming at solving the problem that malicious codes use the VMM as a platform for hiding self behaviors and providing malicious services, and providing a method for detecting the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: PENG LEI, CHEN XIN, MA XIAOLONG, LIU BO, WANG TIANZUO, XIAO FENGTAO, NING JIAN, CHEN LIN, ZHANG JING
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The invention discloses a method for detecting the existence of a virtual machine monitor (VMM) under a Windows platform, aiming at solving the problem that malicious codes use the VMM as a platform for hiding self behaviors and providing malicious services, and providing a method for detecting the existence of the VMM through resource differences. In a technical scheme, the method comprises the steps of: firstly, allocating internal memory spaces for Allocated PTEs (Page Table Entries) and a Special PTE; writing an address A before mapping modification for the Allocated PTEs; writing an address B after mapping modification for the Special PTE; accessing the Allocated PTEs in sequence to ensure that all PTEs pointing to the address A are stored into a page table buffer register; sequentially modifying the pointer contents of the Allocated PTEs into the address B pointed by the Special PTE; executing a privileged instruction RDMSR (Read from Model Specific Register) in a Windows system; and setting a counter,