您正在查看 "调试技术" 分类下的文章
2009-07-01 16:03
这些天注意到blackhat 2009一个关于虚拟机agent端注入在Guest OS里面执行代码的议题,演讲者是
symantec的 matt conover,大体思想是讲从host os注入到代码到VM的agent里面,然后在guest os里面执行
代码的这么一个过程,现在我也不知道他是怎么实现的,但是我把我自已的猜想和大家分享一下,看看
是否行得通,去年在安全软件峰会上听过孙冰讲的虚拟机技术,他算得上 |
2007-12-16 23:46
To better understand how this could work, consider a scenario where an
application contains a mov [eax], 0x1 instruction. For the purposes of this
example, assume that the eax register contains an address that is within the
original mapping as described above. When this instruction executes, it will
lead to an access violation exception being generated as a result of the PTE
modifications that were made to the original mapping. When the exception
handler inspects thi |
2007-12-16 23:45
Memalyze: Dynamic Analysis of Memory Access Behavior in Software
skape
mmiller@hick.org
4/2007
Abstract
This paper describes strategies for dynamically analyzing an application's
memory access behavior. These strategies make it possible to detect when a
read or write is about to occur at a given location in memory while an
application is executing. An application's memory access behavior can provide
additional insight into its behavior. For example, it may be able to provide
a |
2007-12-16 23:36
debugging startup code of services and com servers
|
|
| 
