METHOD AND DEVICE FOR PROTECTING VIRTUAL MACHINE KERNEL

METHOD AND DEVICE FOR PROTECTING VIRTUAL MACHINE KERNEL

Provided are a method and device for protecting a virtual machine kernel. The method comprises: intercepting a system call function initiated by an application (S301); and pointing, according to an offset value between a base address of an original kernel and a base address of a shadow kernel of a v...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: CHEN, Xingshu, WAN, Rongfei
Format: Patent
Sprache:chi ; eng ; fre
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC DIGITAL DATA PROCESSING
PHYSICS
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Provided are a method and device for protecting a virtual machine kernel. The method comprises: intercepting a system call function initiated by an application (S301); and pointing, according to an offset value between a base address of an original kernel and a base address of a shadow kernel of a virtual machine, the system call function to the shadow kernel, and determining, on the basis of a shadow SSDT in the shadow kernel, a corresponding entry address of the system call function in the shadow kernel (S302), wherein the shadow kernel is constructed in a nonpaged pool of the original kernel of the virtual machine, and the shadow kernel is executable kernel code constructed according to a mirror file of the original kernel of the virtual machine. The method realizes implementation of a system call path exclusively in pure code of the shadow kernel, thereby ensuring a complete system call path, and accordingly ensuring a complete operation of the entire kernel code. Moreover, the construction of the shadow