FIELD: physics, computer engineering.
SUBSTANCE: invention relates to methods of emulating system function calls for evading emulation countermeasures. The result is achieved through a method of emulating system function calls to evade emulation countermeasures, the method comprising the following steps: obtaining an executable file at the input of an emulator; verifying conditions of system function call emulation requirements; if at least one of the above-mentioned conditions is satisfied, using system call emulation; emulating execution of the executable file according to successive execution of instructions; upon detecting a system function call, switching the emulation process to system call emulation; performing system function call emulation in form of a chain of low-level calls.
EFFECT: facilitating system function call emulation.
8 cl, 6 dwg, 1 tbl
| Title | Year | Author | Number |
|---|---|---|---|
| EMULATOR AND METHOD FOR EMULATION | 2020 |
|
RU2757409C1 |
| SYSTEM AND METHOD OF STORAGE OF EMULATOR STATE AND ITS FURTHER RECOVERY | 2013 |
|
RU2553056C2 |
| METHOD FOR ENHANCEMENT OF OPERATIONAL EFFICIENCY OF HARDWARE ACCELERATION OF APPLICATION EMULATION | 2012 |
|
RU2514142C1 |
| METHOD OF DETECTING MALICIOUS EXECUTABLES, CONTAINING INTERPRETER, BY COMBINING EMULATORS | 2015 |
|
RU2622627C2 |
| METHOD OF DETECTING UNKNOWN PROGRAMS BY LOAD PROCESS EMULATION | 2011 |
|
RU2472215C1 |
| METHOD OF CREATING ANTIVIRUS RECORD WHEN DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2592383C1 |
| SYSTEM AND METHOD OF DETECTING MALICIOUS CODE IN FILE | 2016 |
|
RU2637997C1 |
| METHOD OF DETECTING MALICIOUS CODE IN RANDOM-ACCESS MEMORY | 2015 |
|
RU2589862C1 |
| SYSTEM AND METHOD OF CREATING ANTIVIRUS RECORD | 2018 |
|
RU2697954C2 |
| METHOD OF INVOKING SYSTEM FUNCTIONS IN CONDITIONS OF USE OF AGENTS FOR PROTECTING OPERATING SYSTEM KERNEL | 2014 |
|
RU2585978C2 |
