Virtual machine kernel protection method and device

Virtual machine kernel protection method and device

The embodiment of the invention provides a virtual machine kernel protection method and device. The method comprises the steps of intercepting a system calling function initiated by an application program; according to a virtual machine original kernel base address and a deviant of a shadow kernel b...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CHEN XINGSHU, WAN RONGFEI
Format: Patent
Sprache:chi ; eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The embodiment of the invention provides a virtual machine kernel protection method and device. The method comprises the steps of intercepting a system calling function initiated by an application program; according to a virtual machine original kernel base address and a deviant of a shadow kernel base address, pointing the system calling function at a shadow kernel, and according to a shadow SSDT in the shadow kernel, determining an entry address corresponding to the system calling function in the shadow kernel, wherein the shadow kernel is constructed in a nonpaged pool of the virtual machine original kernel and is an executable kernel code constructed according to an image file of the virtual machine original kernel. The purpose is achieved that a system calling path is executed in a pure code of the shadow kernel, the completeness of the system calling path is ensured, and therefore the completeness of the whole kernel code operation is also ensured. Besides, the shadow kernel is established in the nonpag