[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3548606.3560649acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

HyperDbg: Reinventing Hardware-Assisted Debugging

Published: 07 November 2022 Publication History

Abstract

Software analysis, debugging, and reverse engineering have a crucial impact in today's software industry. Efficient and stealthy debuggers are especially relevant for malware analysis. However, existing debugging platforms fail to address a transparent, effective, and high-performance low-level debugger due to their detectable fingerprints, complexity, and implementation restrictions.
In this paper,\footnote[2]For the extended version of this paper which includes additional appendices, refer to: https://arxiv.org/abs/2207.05676 . we present a new hypervisor-assisted debugger for high-performance and stealthy debugging of user and kernel applications. To accomplish this, HyperDbg relies on state-of-the-art hardware features available in today's CPUs, such as VT-x and Extended Page Table (EPT). In contrast to other widely used existing debuggers, we design HyperDbg using a custom hypervisor, making it independent of OS functionality or API. We propose hardware-based instruction-level emulation and OS-level API hooking via extended page tables to increase the stealthiness. Our results of the dynamic analysis of 10,853 malware samples show that HyperDbg 's stealthiness allows debugging on average 22% and 26% more samples thanWinDbg andx64dbg, respectively. Moreover, in contrast to existing debuggers, HyperDbg is not detected by any of the 13 tested packers and protectors. We improve the performance over other debuggers by deploying a VMX-compatible script engine, eliminating unnecessary context switches. Our experiment on three concrete debugging scenarios shows that compared toWinDbg as the only kernel debugger, HyperDbg performs step-in, conditional breaks, and syscall recording, 2.98x, 1319x, and 2018x faster, respectively. We finally show real-world applications, such as a 0-day analysis, structure reconstruction for reverse engineering, software performance analysis, and code-coverage analysis.

References

[1]
Amir Afianian, Salman Niksefat, Babak Sadeghiyan, and David Baptiste. 2019. Malware Dynamic Analysis Evasion Techniques: A Survey. ACM Computing Surveys (CSUR), Vol. 52, 6 (2019), 1--28.
[2]
Sanjeev Kumar Aggarwal and M Sarath Kumar. 2002. Debuggers for Programming Languages.
[3]
Ortega Alberto. 2022a. pafish. https://github.com/a0rtega/pafish. Accessed: 2022-02--15.
[4]
Ortega Alberto. 2022b. Windows SDK. https://developer.microsoft.com/en-us/windows/downloads/windows-sdk. Accessed: 2022-08--11.
[5]
Theodoros Apostolopoulos, Vasilios Katos, Kim-Kwang Raymond Choo, and Constantinos Patsakis. 2021. Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks. Future Generation Computer Systems, Vol. 116 (2021), 393--405.
[6]
Shushan Arakelyan, Sima Arasteh, Christophe Hauser, Erik Kline, and Aram Galstyan. 2021. Bin2vec: learning representations of binary executable programs for security tasks. Cybersecurity, Vol. 4, 1 (2021), 1--14.
[7]
Reza Azimi, Michael Stumm, and Robert W Wisniewski. 2005. Online performance analysis by statistical sampling of microprocessor performance counters. In Proceedings of the 19th annual international conference on Supercomputing. 101--110.
[8]
Julian Bangert, Sergey Bratus, Rebecca Shapiro, and Sean W Smith. 2013. The $$Page-Fault$$ Weird Machine: Lessons in Instruction-less Computation. In 7th USENIX Workshop on Offensive Technologies (WOOT 13).
[9]
Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. Black Hat, Vol. 1 (2012), 1--27.
[10]
Doug Brubacher. 1999. Detours: Binary interception of Win32 functions. In Windows NT 3rd Symposium (Windows NT 3rd Symposium).
[11]
Ping Chen, Christophe Huygens, Lieven Desmet, and Wouter Joosen. 2016. Advanced or not? A comparative study of the use of anti-debugging and anti-VM techniques in generic and targeted malware. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 323--336.
[12]
Xu Chen, Jon Andersen, Z Morley Mao, Michael Bailey, and Jose Nazario. 2008. Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In 2008 IEEE international conference on dependable systems and networks with FTCS and DCC (DSN). IEEE, 177--186.
[13]
Tzi-cker Chiueh. 2008. Fast bounds checking using debug register. In International Conference on High-Performance Embedded Architectures and Compilers. Springer, 99--113.
[14]
Citeseer. 2019. PITOU : Kernel Payload and DGA. (2019).
[15]
IBM Co. 2019. Hypervisors. https://www.ibm.com/cloud/learn/hypervisors. Accessed: 2022-02--15.
[16]
IBM Co. 2021. Asynchronous Procedure Calls. https://docs.microsoft.com/en-us/windows/win32/sync/asynchronous-procedure-calls . Accessed: 2022-08-06.
[17]
Mitre Co. 2022a. Access Token Manipulation. https://attack.mitre.org/techniques/T1134. Accessed: 2022-02--15.
[18]
Microsoft Co. 2022b. What is IRQL and why is it important? https://techcommunity.microsoft.com/t5/ask-the-performance-team/what-is-irql-and-why-is-it-important/ba-p/372666. Accessed: 2022-02--15.
[19]
Microsoft Co. 2022c. Windows Debugger (WinDbg). https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/debugger-download-tools. Accessed: 2022-02--15.
[20]
NuMega Co. 2022. SoftIce. https://www.angelfire.com/bug/ass_1/Readme.htm. Accessed: 2022-02--15.
[21]
VMWare Co. 2022. What is a hypervisor? https://www.vmware.com/topics/glossary/content/hypervisor. Accessed: 2022-02--15.
[22]
GNU Community. 2022. GDB. https://www.gnu.org/software/gdb/. Accessed: 2022-02--15.
[23]
Intel Corporporation. 2018. Intel 64 and ia-32 architectures software developer manuals.
[24]
Cyberbit. 2022. Anti-VM and Anti-Sandbox Explained. https://www.cyberbit.com/blog/endpoint-security/anti-vm-and-anti-sandbox-explained/.
[25]
Zhui Deng, Xiangyu Zhang, and Dongyan Xu. 2013. Spider: Stealthy binary program instrumentation and debugging via hardware virtualization. In Proceedings of the 29th Annual Computer Security Applications Conference. 289--298.
[26]
Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee. 2008. Ether: malware analysis via hardware virtualization extensions. In Proceedings of the 15th ACM conference on Computer and communications security. 51--62.
[27]
Yunlan Du, Zhenyu Ning, Jun Xu, Zhilong Wang, Yueh-Hsun Lin, Fengwei Zhang, Xinyu Xing, and Bing Mao. 2020. Hart: Hardware-assisted kernel module tracing on arm. In European Symposium on Research in Computer Security. Springer, 316--337.
[28]
Daniele Cono D'Elia, Emilio Coppa, Federico Palmaro, and Lorenzo Cavallaro. 2020. On the dissection of evasive malware. IEEE Transactions on Information Forensics and Security, Vol. 15 (2020), 2750--2765.
[29]
Mark Ermolov and Maxim Goryachy. 2019. Intel VISA: Through the Rabbit Hole. Black Hat Asia (2019).
[30]
Aristide Fattori, Roberto Paleari, Lorenzo Martignoni, and Mattia Monga. 2010. Dynamic and transparent analysis of commodity production systems. In Proceedings of the IEEE/ACM international conference on Automated software engineering. 417--426.
[31]
Manuela K Ferreira, Henrique C Freitas, and Philippe OA Navaux. 2008. From Intel VT-x to MIPS: An ArchC-based Model to Understanding the Hardware Virtualization Support. In Workshop on Computer Education Architecture, Beijing, China. 9--15.
[32]
Cuckoo Foundation. 2022. Cuckoosandbox. https://cuckoosandbox.org/. Accessed: 2022-02--15.
[33]
Nicola Galloro, Mario Polino, Michele Carminati, Andrea Continella, and Stefano Zanero. 2022. A Systematical and longitudinal study of evasive behaviors in windows malware. Computers & Security, Vol. 113 (2022), 102550.
[34]
Shang Gao and Qian Lin. 2012. Debugging classification and anti-debugging strategies. In Fourth International Conference on Machine Vision (ICMV 2011): Computer Vision and Image Analysis; Pattern Recognition and Basic Technologies, Vol. 8350. International Society for Optics and Photonics, 83503C.
[35]
Tal Garfinkel, Keith Adams, Andrew Warfield, and Jason Franklin. 2007. Compatibility Is Not Transparency: VMM Detection Myths and Realities. In HotOS.
[36]
Xinyang Ge, Ben Niu, and Weidong Cui. 2020. Reverse debugging of kernel failures in deployed systems. In 2020 USENIX Annual Technical Conference (USENIX ATC 20). 281--292.
[37]
Steven M Hand. 1999. Self-paging in the Nemesis operating system. In OSDI, Vol. 99. 73--86.
[38]
Michael R Hines, Umesh Deshpande, and Kartik Gopalan. 2009. Post-copy live migration of virtual machines. ACM SIGOPS operating systems review, Vol. 43, 3 (2009), 14--26.
[39]
Shun-Wen Hsiao, Yeali S. Sun, and Meng Chang Chen. 2020. Hardware-Assisted MMU Redirection for In-Guest Monitoring and API Profiling. IEEE Transactions on Information Forensics and Security, Vol. 15 (2020), 2402--2416. https://doi.org/10.1109/TIFS.2020.2969514
[40]
Immunity Inc. 2022. immunitydbg. https://www.immunityinc.com/products/debugger/index.html . Accessed: 2022-02--15.
[41]
Md Shohidul Islam, Khaled N Khasawneh, Nael Abu-Ghazaleh, Dmitry Ponomarev, and Lei Yu. 2021. Efficient hardware malware detectors that are resilient to adversarial evasion. IEEE Trans. Comput. (2021).
[42]
Mohammad Sina Karvandi, Saleh Khalaj Monfared, Mohammad Sina Kiarostami, Dara Rahmati, and Saeid Gorgin. 2022. A TSX-Based KASLR Break: Bypassing UMIP and Descriptor-Table Exiting. In International Conference on Risks and Security of Internet and Systems. Springer, 38--54.
[43]
Sina Karvandi. 2019. Hypervisor From Scratch -- Part 7: Using EPT & Page-Level Monitoring Features. (2019). https://rayanfam.com/topics/hypervisor-from-scratch-part-7/
[44]
Jong-Wouk Kim, Jiwon Bang, and Mi-Jung Choi. 2020. Defeating Anti-Debugging Techniques for Malware Analysis Using a Debugger.
[45]
Jong-Wouk Kim, Jiwon Bang, Yang-Sae Moon, and Mi-Jung Choi. 2019. Disabling anti-debugging techniques for unpacking system in user-level debugger. In 2019 International Conference on Information and Communication Technology Convergence (ICTC). IEEE, 954--959.
[46]
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2011. BareBox: efficient malware analysis on bare-metal. In Proceedings of the 27th Annual Computer Security Applications Conference. 403--412.
[47]
Dhilung Kirat, Giovanni Vigna, and Christopher Kruegel. 2014. Barecloud: bare-metal analysis-based evasive malware detection. In 23rd $$USENIX$$ Security Symposium ($$USENIX$$ Security 14). 287--301.
[48]
Andrew Ko and Brad Myers. 2008. Debugging reinvented. In 2008 ACM/IEEE 30th International Conference on Software Engineering. IEEE, 301--310.
[49]
Tamas K Lengyel, Steve Maresca, Bryan D Payne, George D Webster, Sebastian Vogl, and Aggelos Kiayias. 2014. Scalability, fidelity and stealth in the drakvuf dynamic malware analysis system. In Proceedings of the 30th Annual Computer Security Applications Conference. 386--395.
[50]
Roee S Leon, Michael Kiperberg, Anat Anatey Leon Zabag, and Nezer Jacob Zaidenberg. 2021. Hypervisor-assisted dynamic malware analysis. Cybersecurity, Vol. 4, 1 (2021), 1--14.
[51]
Cua tua lin Valeriu Lict ua, Doina Cosovan, and Dragocs Gavriluct. 2018. Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in UPA packers. Journal of Computer Virology and Hacking Techniques, Vol. 14, 2 (2018), 107--126.
[52]
Check Point Software Technologies LTD. 2022a. Anti-Debug: Assembly instructions. https://anti-debug.checkpoint.com/techniques/assembly.html.
[53]
Check Point Software Technologies LTD. 2022b. Anti-Debug: Debug Flags. https://anti-debug.checkpoint.com/techniques/debug-flags.html.
[54]
Check Point Software Technologies LTD. 2022c. Anti-Debug: Direct debugger interaction. https://anti-debug.checkpoint.com/techniques/interactive.html.
[55]
Check Point Software Technologies LTD. 2022d. Anti-Debug: Exceptions. https://anti-debug.checkpoint.com/techniques/exceptions.html.
[56]
Check Point Software Technologies LTD. 2022 e. Anti-Debug: Misc. https://anti-debug.checkpoint.com/techniques/misc.html.
[57]
Check Point Software Technologies LTD. 2022 f. Anti-Debug: Process Memory. https://anti-debug.checkpoint.com/techniques/process-memory.html#software-breakpoints.
[58]
Check Point Software Technologies LTD. 2022 g. Anti-Debug: Timing. https://anti-debug.checkpoint.com/techniques/timing.html.
[59]
Yehonatan Lusky and Avi Mendelson. 2021. Sandbox Detection Using Hardware Side Channels. In 2021 22nd International Symposium on Quality Electronic Design (ISQED). IEEE, 192--197.
[60]
Gary McGraw and Greg Morrisett. 2000. Attacking malicious code: A report to the infosec research council. IEEE software, Vol. 17, 5 (2000), 33--41.
[61]
Christian Rossow Michael Brengel, Michael Backes. 2010. Detecting Hardware -Assisted Virtualization. (2010).
[62]
Microsoft. 2022a. GetExitCodeProcess function. https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getexitcodeprocess. Accessed: 2022-02--15.
[63]
Microsoft. 2022b. KDNet. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/setting-up-a-network-debugging-connection-automatically. Accessed: 2022-02--15.
[64]
Microsoft. 2022c. Volume Shadow Copy Service. https://docs.microsoft.com/en-us/windows-server/storage/file-server/volume-shadow-copy-service. Accessed: 2022-02--15.
[65]
mrexodia. 2022. al-khaser. https://github.com/LordNoteworthy/al-khaser. Accessed: 2022-02--15.
[66]
Gil Neiger, Amy Santoni, Felix Leung, Dion Rodgers, and Rich Uhlig. 2006. Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization. Intel Technology Journal, Vol. 10, 3 (2006).
[67]
Zhenyu Ning, Chenxu Wang, Yinhua Chen, Fengwei Zhang, and Jiannong Cao. 2021. Revisiting ARM Debugging Features: Nailgun and Its Defense. IEEE Transactions on Dependable and Secure Computing 01 (2021), 1--1.
[68]
Zhenyu Ning and Fengwei Zhang. 2017. Ninja: Towards Transparent Tracing and Debugging on $$ARM$$. In 26th $$USENIX$$ Security Symposium ($$USENIX$$ Security 17). 33--49.
[69]
Zhenyu Ning and Fengwei Zhang. 2018. Hardware-assisted transparent tracing and debugging on ARM. IEEE Transactions on Information Forensics and Security, Vol. 14, 6 (2018), 1595--1609.
[70]
Zhenyu Ning and Fengwei Zhang. 2019. Understanding the security of arm debugging features. In 2019 IEEE Symposium on Security and Privacy (SP). IEEE, 602--619.
[71]
Yuschuk Oleh. 2022. OllyDbg. https://www.ollydbg.de/. Accessed: 2022-02--15.
[72]
Yoshihiro Oyama. 2019. How does malware use RDTSC? A study on operations executed by malware with CPU cycle measurement. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 197--218.
[73]
phoenixNAP. 2022. What is a Hypervisor? Types of Hypervisors 1 & 2. https://phoenixnap.com/kb/what-is-hypervisor-type-1--2. Accessed: 2022-02--15.
[74]
Francc ois Plumerault and Baptiste David. 2021. DBI, debuggers, VM: gotta catch them all. Journal of Computer Virology and Hacking Techniques, Vol. 17, 2 (2021), 105--117.
[75]
Nguyen Anh Quynh and Kuniyasu Suzaki. 2010. Virt-ICE: Next-generation debugger for malware analysis. Black Hat USA (2010).
[76]
Rayanfam.Com. 2021. Hypervisor From Scratch -- Part 8: How To Do Magic With Hypervisor! https://rayanfam.com/topics/hypervisor-from-scratch-part-8/. Accessed: 2022-02--15.
[77]
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz. 2020. HYPER-CUBE: High-Dimensional Hypervisor Fuzzing. In NDSS.
[78]
Sergej Schumilo, Cornelius Aschermann, Ali Abbasi, Simon Wörner, and Thorsten Holz. 2021. Nyx: Greybox hypervisor fuzzing using fast snapshots and affine types. In 30th USENIX Security Symposium (USENIX Security 21). 2597--2614.
[79]
Michael Schwarz, Samuel Weiser, and Daniel Gruss. 2019. Practical enclave malware with Intel SGX. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, 177--196.
[80]
Hao Shi and Jelena Mirkovic. 2017. Hiding debuggers from malware with apate. In Proceedings of the Symposium on Applied Computing. 1703--1710.
[81]
Julian Stecklina and Thomas Prescher. 2018. Lazyfp: Leaking fpu register state using microarchitectural side-channels. arXiv preprint arXiv:1806.07480 (2018).
[82]
LLDB Team. 2022. LLDB. https://lldb.llvm.org/. Accessed: 2022-02--15.
[83]
Donghai Tian, Qianjin Ying, Xiaoqi Jia, Rui Ma, Changzhen Hu, and Wenmao Liu. 2021. MDCHD: A novel malware detection method in cloud using hardware trace and deep learning. Computer Networks, Vol. 198 (2021), 108394.
[84]
VMware Inc. 2019. Performance Evaluation of Intel EPT Hardware Assist. https://www.vmware.com/pdf/Perf_ESX_Intel-EPT-eval.pdf. Accessed: 2022-02--15.
[85]
vx underground. 2021. vx-underground malware collection. https://www.vx-underground.org/, Vol. 1 (2021).
[86]
Gary Wang, Zachary J. Estrada, Cuong Pham, Zbigniew Kalbarczyk, and Ravishankar K. Iyer. 2015. Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring. In 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association.
[87]
Carsten Willems, Thorsten Holz, and Felix Freiling. 2007. Toward automated dynamic malware analysis using cwsandbox. IEEE Security & Privacy, Vol. 5, 2 (2007), 32--39.
[88]
Carsten Willems, Ralf Hund, Andreas Fobian, Dennis Felsch, Thorsten Holz, and Amit Vasudevan. 2012. Down to the bare metal: Using processor features for binary analysis. In Proceedings of the 28th Annual Computer Security Applications Conference. 189--198.
[89]
Carsten Willems, Ralf Hund, and Thorsten Holz. 2013. Hypervisor-based, hardware-assisted system monitoring. In Virus Bulletin Conference.
[90]
x64 Debugger. 2022. X64. https://x64dbg.com/
[91]
Lei Xue, Hao Zhou, Xiapu Luo, Yajin Zhou, Yang Shi, Guofei Gu, Fengwei Zhang, and Man Ho Au. 2021. Happer: Unpacking Android apps via a hardware-assisted approach. In 2021 IEEE Symposium on Security and Privacy (SP). IEEE, 1641--1658.
[92]
Lok-Kwong Yan, Manjukumar Jayachandra, Mu Zhang, and Heng Yin. 2012. V2e: combining hardware virtualization and softwareemulation for transparent and extensible malware analysis. In Proceedings of the 8th ACM SIGPLAN/SIGOPS conference on Virtual Execution Environments. 227--238.
[93]
Ilsun You and Kangbin Yim. 2010. Malware obfuscation techniques: A brief survey. In 2010 International conference on broadband, wireless computing, communication and applications. IEEE, 297--300.
[94]
Fengwei Zhang, Kevin Leach, Angelos Stavrou, and Haining Wang. 2016. Towards transparent debugging. IEEE Transactions on Dependable and Secure Computing, Vol. 15, 2 (2016), 321--335.
[95]
Fengwei Zhang, Kevin Leach, Angelos Stavrou, Haining Wang, and Kun Sun. 2015. Using hardware features for increased debugging transparency. In 2015 IEEE Symposium on Security and Privacy. IEEE, 55--69. io

Cited By

View all
  • (2024)What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developmentsProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678892(77-96)Online publication date: 30-Sep-2024
  • (2024)On the Performance of Malware Detection Classifiers Using Hardware Performance Counters2024 International Conference on Smart Applications, Communications and Networking (SmartNets)10.1109/SmartNets61466.2024.10577644(1-6)Online publication date: 28-May-2024
  • (2023)Network Fuzzing: State of the art2023 24th International Conference on Control Systems and Computer Science (CSCS)10.1109/CSCS59211.2023.00030(136-143)Online publication date: May-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 November 2022

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. debugging
  2. fuzzing
  3. hypervisor
  4. kernel-debugger
  5. malware-analysis

Qualifiers

  • Research-article

Conference

CCS '22
Sponsor:

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)141
  • Downloads (Last 6 weeks)18
Reflects downloads up to 13 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2024)What do malware analysts want from academia? A survey on the state-of-the-practice to guide research developmentsProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678892(77-96)Online publication date: 30-Sep-2024
  • (2024)On the Performance of Malware Detection Classifiers Using Hardware Performance Counters2024 International Conference on Smart Applications, Communications and Networking (SmartNets)10.1109/SmartNets61466.2024.10577644(1-6)Online publication date: 28-May-2024
  • (2023)Network Fuzzing: State of the art2023 24th International Conference on Control Systems and Computer Science (CSCS)10.1109/CSCS59211.2023.00030(136-143)Online publication date: May-2023
  • (2023)Supporting Multiple OS Types on Estimation of System Call Hook Point by Virtual Machine Monitor2023 Eleventh International Symposium on Computing and Networking Workshops (CANDARW)10.1109/CANDARW60564.2023.00051(267-273)Online publication date: 27-Nov-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media