FIELD: information technology.
SUBSTANCE: first and second exclusion instructions are inserted into an address from user address space. The return address of the called subprogram is stored. The given return address is replaced with the second exclusion instruction address. Control is transferred to the kernel from the first exclusion instruction. Control is transferred to the first exclusion instruction and control is transferred to the kernel from the second exclusion instruction when returning from the given subprogram. A storage for user-supplied subprogram data which must be instrumented is added to the operating system kernel. The following is used for instrumentation: a do-page-fault hander for monitoring return from it, a do-exit handler for monitoring its call, a send-signal handler for monitoring its call.
EFFECT: increased monitoring accuracy with small extra load on the processor and low memory requirements.
4 dwg
| Title | Year | Author | Number |
|---|---|---|---|
| DYNAMIC INSTRUMENTATION TECHNIQUE | 2008 |
|
RU2390821C1 |
| SYSTEM AND METHOD FOR AUTOMATIC PROCESSING OF SOFTWARE SYSTEM ERRORS | 2012 |
|
RU2521265C2 |
| METHOD OF DETECTING MALWARE IN OPERATING SYSTEM KERNEL | 2012 |
|
RU2510075C2 |
| DETECTION AND MITIGATION OF HARM FROM THE MALICIOUS CALL OF SENSITIVE CODE | 2015 |
|
RU2665897C2 |
| METHOD OF CREATING A SYSTEM CALL HANDLER | 2014 |
|
RU2596577C2 |
| SYSTEM AND METHODS FOR AUDITING A VIRTUAL MACHINE | 2017 |
|
RU2691187C1 |
| SYSTEM AND METHOD FOR TRANSPARENT ROUTING AND PROFILING OF VIRTUALISED INBUILT COMPUTER SYSTEMS | 2008 |
|
RU2411571C2 |
| SYSTEM AND METHOD FOR PROTECTION FROM NON-TRUSTED SYSTEM CONTROL MODE CODE BY MEANS OF REDIRECTION OF SYSTEM MANAGEMENT MODE INTERRUPT AND CREATION OF VIRTUAL MACHINE CONTAINER | 2003 |
|
RU2313126C2 |
| METHOD FOR CODE PERFORMANCE IN HYPERVISOR MODE | 2015 |
|
RU2609761C1 |
| METHODS AND DEVICES OF ANTICIPATORY MEMORY CONTROL | 2003 |
|
RU2348067C2 |
