公开(公告)号：US06907396B1

公开(公告)日：2005-06-14

申请号：US09586671

申请日：2000-06-01

申请人： Igor Muttik ,  Duncan V. Long

发明人： Igor Muttik ,  Duncan V. Long

IPC分类号： G06F9/44 ,  G06F9/455 ,  G06F21/00

CPC分类号： G06F21/56 ,  G06F21/566

摘要： One embodiment of the present invention provides a system for emulating computer viruses and/or malicious software that operates by patching additional program instructions into an emulator in order to aid in detecting a computer virus and/or malicious software within suspect code. During operation, the system loads a first emulator extension into the emulator. This first emulator extension includes program instructions that aid in the process of emulating the suspect code in order to detect a computer virus and/or malicious software. The system also loads the suspect code into an emulator buffer. Next, the system performs an emulation using the first emulator extension and the suspect code. This emulation is performed within an insulated environment in a computer system so that the computer system is insulated from malicious actions of the suspect code. During this emulation, the system determines whether the suspect code is likely to exhibit malicious behavior. In one embodiment of the present invention, loading the first emulator extension into the emulator involves loading the first emulator extension into the emulator buffer within the emulator. In this embodiment, performing the emulation involves emulating the program instructions that comprise the first emulator extension.

摘要翻译： 本发明的一个实施例提供了一种用于模拟计算机病毒和/或恶意软件的系统，其通过将附加程序指令修补到仿真器中来操作，以便有助于在可疑代码内检测计算机病毒和/或恶意软件。 在操作期间，系统将第一个仿真器扩展加载到仿真器中。 该第一个仿真器扩展包括程序指令，有助于仿真可疑代码的过程，以便检测计算机病毒和/或恶意软件。 系统还将可疑代码加载到仿真器缓冲区中。 接下来，系统使用第一个仿真器扩展和可疑代码执行仿真。 这种仿真在计算机系统的绝缘环境中执行，使得计算机系统与可疑代码的恶意动作隔离。 在此仿真期间，系统确定可疑代码是否可能表现出恶意行为。 在本发明的一个实施例中，将第一仿真器扩展加载到仿真器中涉及将第一仿真器扩展加载到仿真器内的仿真器缓冲器中。 在该实施例中，执行仿真涉及模拟包括第一仿真器扩展的程序指令。

公开(公告)号：US20130246038A1

公开(公告)日：2013-09-19

申请号：US11855960

申请日：2007-09-14

申请人： Igor Muttik ,  Duncan V. Long

发明人： Igor Muttik ,  Duncan V. Long

IPC分类号： G06F9/44

CPC分类号： G06F21/56 ,  G06F21/566

摘要： One embodiment includes a method and computer program product for distributing and/or receiving a first emulator extension with respect to an emulator capable of performing an emulation using emulation code. The first emulator extension includes program instructions that aid in the process of emulating in order to detect potentially unwanted computer software. Such program instructions of the first emulator extension are additional beyond that associated with the emulator code, for assisting the emulator code in the emulation by patching the additional program instructions into the emulator in order to aid in detecting the potentially unwanted computer software within the suspect code. In use, an emulation is performed using the first emulator extension and the suspect code. The emulation is performed within an insulated environment in a computer system so that the computer system is insulated from potentially unwanted actions of the suspect code.

摘要翻译： 一个实施例包括用于相对于能够使用仿真代码执行仿真的仿真器分发和/或接收第一仿真器扩展的方法和计算机程序产品。 第一个仿真器扩展包括程序指令，有助于仿真过程，以便检测潜在的不需要的计算机软件。 第一仿真器扩展的这样的程序指令除了与仿真器代码相关联的附加功能之外是额外的，用于通过将附加程序指令修补到仿真器来辅助模拟器中的仿真器代码，以帮助检测可疑代码中的潜在的不需要的计算机软件 。 在使用中，使用第一个仿真器扩展和可疑代码执行仿真。 仿真在计算机系统中的绝缘环境中执行，使得计算机系统与可疑代码的潜在有害动作绝缘。

公开(公告)号：US20130247198A1

公开(公告)日：2013-09-19

申请号：US11062185

申请日：2005-02-18

申请人： Igor Muttik ,  Duncan V. Long

发明人： Igor Muttik ,  Duncan V. Long

IPC分类号： G06F21/56

CPC分类号： G06F21/56 ,  G06F21/566

摘要： One embodiment includes a method and computer program product for distributing and/or receiving a first emulator extension with respect to an emulator capable of performing an emulation using emulation code. The first emulator extension includes program instructions that aid in the process of emulating in order to detect potentially unwanted computer software. Such program instructions of the first emulator extension are additional beyond that associated with the emulator code, for assisting the emulator code in the emulation by patching the additional program instructions into the emulator in order to aid in detecting the potentially unwanted computer software within the suspect code. In use, an emulation is performed using the first emulator extension and the suspect code. The emulation is performed within an insulated environment in a computer system so that the computer system is insulated from potentially unwanted actions of the suspect code.

摘要翻译： 一个实施例包括用于相对于能够使用仿真代码执行仿真的仿真器分发和/或接收第一仿真器扩展的方法和计算机程序产品。 第一个仿真器扩展包括程序指令，有助于仿真过程，以便检测潜在的不需要的计算机软件。 第一仿真器扩展的这样的程序指令除了与仿真器代码相关联的附加功能之外是附加的，用于通过将附加程序指令修补到仿真器来辅助模拟器中的仿真器代码，以帮助检测可疑代码中的潜在的不需要的计算机软件 。 在使用中，使用第一个仿真器扩展和可疑代码执行仿真。 仿真在计算机系统中的绝缘环境中执行，使得计算机系统与可疑代码的潜在有害动作绝缘。