| 发明名称 |
Methods and apparatuses for monitoring activities of virtual machines |
| 摘要 |
Embodiments of a method and apparatus for monitoring activity on a virtual machine are generally described herein. The activity may be monitored by a first hypervisor and the virtual machine may be controlled by a second hypervisor. In some embodiments, the method includes setting a breakpoint in a kernel function of the virtual machine. The method may further include generating a page fault, responsive to the virtual machine halting execution at the breakpoint, to cause the second hypervisor to page in contents of a memory location accessed by the kernel function. The method may further include inspecting the contents of the memory location to detect activity in the virtual machine. |
| 申请公布号 |
US9311248(B2) |
申请公布日期 |
2016.04.12 |
| 申请号 |
US201313888849 |
申请日期 |
2013.05.07 |
| 申请人 |
Raytheon Cyber Products, LLC |
发明人 |
Wagner John R. |
| 分类号 |
G06F12/00;G06F12/10;G06F11/36;G06F9/455 |
主分类号 |
G06F12/00 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
setting, by a first hypervisor, a breakpoint in a kernel function of a virtual machine that is controlled by a second hypervisor; generating, by the first hypervisor, a page fault responsive to the virtual machine halting execution at the breakpoint to cause the second hypervisor to page in contents of a memory location accessed by the kernel function; and inspecting, by the first hypervisor, the contents of the memory location to detect activity in the virtual machine; wherein generating the page fault comprises:
retrieving, by the first hypervisor, a parameter of the kernel function indicating the memory location to be inspected; andproviding, by the first hypervisor, the parameter to the second hypervisor during generation of the page fault. |
| 地址 |
Herndon VA US |
