Context agent injection using virtual machine introspection

摘要

A computer implemented method, apparatus, and computer usable program code for executing a process within a virtual machine. A module is injected into an operating system for the virtual machine to form an injected module. The injected module is executed to load an agent process within an application space within the virtual machine. Execution of the agent process is initiated by the injected module.

主权项

1. A method for adding a program module to a kernel of an operating system in a virtual machine to load and execute an agent program in the virtual machine, the method comprising the steps of:
a computer copying the program module into a non-swappable area of memory previously allocated to the virtual machine, the computer halting execution of the operating system, the computer loading the program module for execution as part of the kernel of the operating system, the computer restarting the operating system, and the computer initiating execution of the program module in the kernel of the operating system, the program module including program instructions to load the agent program into a swappable area of memory previously allocated to the virtual machine and initiate execution of the loaded agent program as an application program whose execution is controlled by the operating system, the agent program including program instructions to perform a task; responsive to the computer initiating execution of the program module, the computer executing the program instructions of the program module as part of the kernel of the operating system to load the agent program into the swappable area of memory and initiate execution of the loaded agent program as the application program whose execution is controlled by the operating system; the computer executing the program instructions of the loaded agent program to perform the task responsive to the computer initiating execution of the loaded agent program, wherein the computer is another virtual machine that is privileged, and wherein the program module copying, program module loading, and program module initiated execution steps are performed by a process executing in the privileged virtual machine; and responsive to a reboot of the operating system, the program module is not present in the kernel of the operating system prior to a subsequent loading of the program module for execution as part of the kernel, and the agent program is not present as the loaded agent program prior to a subsequent execution of the program instructions in the program module to load the agent program.