公开(公告)号：US20230236868A1

公开(公告)日：2023-07-27

申请号：US18157379

申请日：2023-01-20

Applicant: Google LLC

Inventor： Hao Zhou ,  Mahesh Pisal ,  Kenneth L. Hofsass ,  Timothy Dylan Peacock

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F2009/45583 ,  G06F2009/4557 ,  G06F2009/45587

Abstract: A virtual machine malware detection service caches contents that correspond to operating system registries. By caching the content of important registers, the malware detector is able to efficiently traverse virtual machine memory contents to identify important operating system properties. Examples of such operating system properties include a list of running processes. The malware detector replaces agent-based threat detection for compute endpoints. The malware detector detects cryptocurrency miners and malware by scanning guest virtual machine (VM) memories. The guest VM memory may be scanned according to the guest physical address. According to some examples, the memories of guest user processes may be scanned one by one, using the page table address for each guest process to efficiently locate its memory.