Skip to main content
SpringerLink
Log in

OS-Agnostic Identification of Processes and Threads in the Full System Emulation for Selective Instrumentation

  • Published:
Programming and Computer Software Aims and scope Submit manuscript

Abstract

Dynamic binary analysis is one of the most promising and key techniques in the analysis of programs and systems. It is usually based on the technique of dynamic binary instrumentation. The most useful instrumentation technique is whole-system instrumentation because it allows one to analyze operations that occur at the kernel level and monitor interactions between different processes. The whole-system instrumentation makes it possible to perform a wide range of analysis tasks; however, it has certain drawbacks—instrumentation of the whole system causes huge overheads both in terms of the speed of operation of the system under study and in terms of the amount of redundant data obtained for analysis, which significantly complicates the work of the analyst. A way to solve this problem is to use selective instrumentation in which the object of instrumentation is an individual process or thread in the analyzed system. The analyst can specify the information he is interested in while retaining the potentials of the whole-system analysis. To implement selective instrumentation, one needs to identify the current processes, threads, or higher level abstractions to determine the scope of instrumentation. In this paper, a number of available instrumentation systems and techniques used by them to get information of interest are discussed, problems and shortcomings of these systems are identified, an implementation of selective instrumentations for individual processes on ARM and x86 processors is described, and a version of selective instrumentation for threads is proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig.1.

Similar content being viewed by others

REFERENCES

  1. Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., and Hazelwood, K., Pin: Building customized program analysis tools with dynamic instrumentation, Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2005.

  2. Nethercote, N. and Seward, J., Valgrind: A framework for heavyweight dynamic binary instrumentation. Proc. of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007, pp. 89–100.

  3. Bruening, D., Duesterwald, E., and Amarasinghe, S., Design and implementation of a dynamic optimization framework for windows, 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4), 2001.

  4. Henderson, A., Prakash, A., Kwong Yan, L., Xunchao Hu, Xujiewen Wang, Rundong Zhou, and Heng Yin, Make it work, make it right, make it fast: Building a platform-neutral whole-system dynamic binary analysis platform, Int. Symposium on Software Testing and Analysis (ISSTA’14), San Jose, Calif., 2014.

  5. Henderson, A., Kwong Yan, L., Xunchao Hu, Prakash, A., Heng Yin, and McCamant, S., DECAF: A platform-neutral whole-system dynamic binary analysis platform, IEEE Trans. Software Eng., vol. 43, no. 2.

  6. Zeng, J., Fu, Y., and Lin, Z., Pemu: A pin highly compatible out-of-VM dynamic binary instrumentation framework, Proc. of the 11th ACM SIGPLAN/SIGOPS Int. Conference on Virtual Execution Environments, 2015, pp. 147–160.

  7. Dolan-Gavitt, B., Leek, T., Hodosh, J., and Lee, W. Tappan zee (north) bridge: Mining memory accesses for introspection, CCS’13, 2013.

  8. Dolan-Gavitt, B., Leek, T., Zhivich, M., Giffin, J., and Lee, W., Virtuoso: Narrowing the Semantic Gap in Virtual Machine Introspection, Proc. of the 2011 IEEE Symposium on Security and Privacy (SP'11), 2011, pp. 297–312.

  9. Bellard, F., Qemu, a fast and portable dynamic translator, Proc. of the Annual Conference on USENIX, Berkeley, Calif., 2005.

  10. Fu, Y. and Lin, Z., Exterior: Using a dual-VMbased external shell for guest-OS introspection, configuration, and recovery, Proc. of the Ninth Annual International Conference on Virtual Execution Environments, Houston, TX, 2013.

Download references

Author information

Authors and Affiliations

  1. Novgorod State University, 173003, Velikii Novgorod, Russia

    I. A. Vasil’ev, P. V. Dovgalyuk & M. A. Klimushenkova

Authors
  1. I. A. Vasil’ev
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. P. V. Dovgalyuk
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. A. Klimushenkova
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to I. A. Vasil’ev, P. V. Dovgalyuk or M. A. Klimushenkova.

Additional information

Translated by A. Klimontovich

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Vasil’ev, I.A., Dovgalyuk, P.V. & Klimushenkova, M.A. OS-Agnostic Identification of Processes and Threads in the Full System Emulation for Selective Instrumentation. Program Comput Soft 44, 453–458 (2018). https://doi.org/10.1134/S0361768818060178

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1134/S0361768818060178

Search

Navigation