Browse > Article

A Study on Dynamic Code Analysis Method using 2nd Generation PT(Processor Trace)  

Kim, Hyuncheol (남서울대학교 컴퓨터소프트웨어학과)
Publication Information
Convergence Security Journal / v.19, no.1, 2019 , pp. 97-101 More about this Journal
Abstract
If the operating system's core file contains an Intel PT, the debugger can not only check the program state at the time of the crash, but can also reconfigure the control flow that caused the crash. We can also extend the execution trace scope to the entire system to debug kernel panics and other system hangs. The second-generation PT, the WinIPT library, includes an Intel PT driver with additional code to run process and core-specific traces through the IOCTL and registry mechanisms provided by Windows 10 (RS5). In other words, the PT trace information, which was limited access only by the first generation PT, can be executed by process and core by the IOCTL and registry mechanism provided by the operating system in the second generation PT. In this paper, we compare and describe methods for collecting, storing, decoding and detecting malicious codes of data packets in a window environment using 1/2 generation PT.
Keywords
Tracing; Processor Trace; Flow Reconstruction; Malicious Code Detection; Flow Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Napoleon C. Paxton, "Cloud Security: A Review of Current Issues and Proposed Solutions," International Conference on Collaboration and Internet Computing (CIC), pp. 452-455, 2016
2 Tahira Mahboob; Maryam Zahid; Gulnoor Ahmad, "Adopting information security techniques for cloud computing-A survey," International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), pp. 7-11, 2016
3 Jorg Thalheim; Pramod Bhatotia; Christof Fetzer, "INSPECTOR: Data Provenance Using Intel Processor Trace (PT)," International Conference on Distributed Computing Systems (ICDCS), pp. 25-34, 2016
4 Khalid El Makkaoui; Abdellah Ezzati; Abderrahim Beni-Hssane; Cina Motamed, "Cloud security and privacy model for providing secure cloud services," 2016 2nd International Conference on Cloud Computing Technologies and Applications (CloudTech), pp. 81-86, 2016
5 Bob Duncan; Alfred Bratterud; Andreas Happe, "Enhancing cloud security and privacy: Time for a new approach?," International Conference on Innovative Computing Technology (INTECH), pp. 110-115, 2016
6 Sin-Fu Lai; Hui-Kai Su; Wen-Hsu Hsiao; Kim-Joan Chen, "Design and implementation of cloud security defense system with software defined networking technologies," International Conference on Information and Communication Technology Convergence (ICTC), pp. 292-207, 2016
7 Andi Kleen, "Simple Intel CPU processor tracing on Linux," https://github.com/andikleen/simple-pt
8 Alex Ionescu, "The Windows Library for Intel Process Trace (WinIPT)", https://github.com/ionescu007/winipt