发明名称 |
SYSTEM AND METHOD FOR THE PROGRAMMATIC RUNTIME DE-OBFUSCATION OF OBFUSCATED SOFTWARE UTILIZING VIRTUAL MACHINE INTROSPECTION AND MANIPULATION OF VIRTUAL MACHINE GUEST MEMORY PERMISSIONS |
摘要 |
A system and method operable to programmatically perform runtime de-obfuscation of obfuscated software via virtual machine introspection and manipulation of virtual machine guest memory permissions. |
申请公布号 |
US2014189882(A1) |
申请公布日期 |
2014.07.03 |
申请号 |
US201313892800 |
申请日期 |
2013.05.13 |
申请人 |
Jung Robert;Saba Antony |
发明人 |
Jung Robert;Saba Antony |
分类号 |
G06F21/14 |
主分类号 |
G06F21/14 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method to de-obfuscate obfuscated malicious software code in a virtual machine, the method comprising the steps of:
enumerating a first physical page associated with a virtual address space of a first piece of analyzed software code; setting the first physical page to non writable; and detecting a write to the first physical page. |
地址 |
Albuquerque NM US |