Virtual Breakpoints for x86/64
نویسنده
چکیده
Efficient, reliable trapping of execution in a program at the desired location is a hot area of research for security professionals. The progression of debuggers and malware is akin to a game of cat and mouse each are constantly in a state of trying to thwart one another. At the core of most efficient debuggers today is a combination of virtual machines and traditional binary modification breakpoints (int3). In this paper, we present a design for Virtual Breakpoints, a modification to the x86 MMU which brings breakpoint management into hardware alongside page tables. We demonstrate the fundamental abstraction failures of current trapping methods, and rebuild the mechanism from the ground up. Our design delivers fast, reliable trapping without the pitfalls of binary modification
منابع مشابه
Just-In-Time compilation of OCaml byte-code
This paper presents various improvements that were applied to OCamlJit2, a Just-In-Time compiler for the OCaml byte-code virtual machine. OCamlJit2 currently runs on various Unix-like systems with x86 or x86-64 processors. The improvements, including the new x86 port, are described in detail, and performance measures are given, including a direct comparison of OCamlJit2 to OCamlJit.
متن کاملOCamlJIT 2.0 - Faster Objective Caml
This paper presents the current state of an ongoing research project to improve the performance of theOCaml byte-code interpreter using Just-In-Time native code generation. Our JIT engine OCamlJit2 currently runs on x86-64 processors, mimicing precisely the behavior of the OCaml virtual machine. Its design and implementation is described, and performance measures are given.
متن کاملPerformance Characterization of the 64-bit x86 Architecture from Compiler Optimizations' Perspective
Intel Extended Memory 64 Technology (EM64T) and AMD 64-bit architecture (AMD64) are emerging 64-bit x86 architectures that are fully x86 compatible. Compared with the 32-bit x86 architecture, the 64-bit x86 architectures cater some new features to applications. For instance, applications can address 64 bits of virtual memory space, perform operations on 64-bit-wide operands, get access to 16 ge...
متن کاملMIvmm: A micro VMM for development of a trusted code base
In this paper, we describe the implementation of a hardware assisted virtual machine monitor (VMM) for building security applications MIvmm for the Intel x86 64 platform. MIvmm was conceptualized and implemented without the use or inspection of any existing virtualization software. The minimal code base of MIvmm allows it to be trustworthy. MIvmm is launched after the OS has booted as a device ...
متن کاملOpal: A Single Address Space System for 64-Bit Architectures (Abstract)
The recent appearance of architectures with at 64-bit virtual addressing opens an opportunity to reconsider the way our operating systems use virtual address spaces. We are building an operating system called Opal for these wide-address architectures. The key feature of Opal is a single global virtual address space that extends to data on long-term storage and across the network. In this paper ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1801.09250 شماره
صفحات -
تاریخ انتشار 2018