Please use this identifier to cite or link to this item:
Type: Artigo
Title: Leveraging branch traces to understand kernel internals from within
Author: Botacin, Marcus
de Geus, Paulo Licio
Gregio, Andre
Abstract: Kernel monitoring is often a hard task, requiring external debuggers and/or modules to be successfully performed. These requirements make analysis procedures more complicated because multiple machines, although virtualized ones, are required. This requirements also make analysis procedures more expensive. In this paper, we present the Lightweight Kernel Tracer (LKT), an alternative solution for tracing kernel from within by leveraging branch monitors for data collection and an address-based introspection procedure for context reconstruction. We evaluated LKT by tracing distinct machines powered by x64 Windows kernels and show that LKT may be used for understanding kernel's internals (e.g., graphics and USB subsystems) and for system profiling. We also show how to use LKT to trace other tracing and monitoring mechanisms running in kernel, such as Antiviruses and Sandboxes
Subject: Mapeamento de Kernel
Country: França
Editor: Springer
Rights: Fechado
Identifier DOI: 10.1007/s11416-019-00343-w
Date Issue: 2020
Appears in Collections:IC - Artigos e Outros Documentos

Files in This Item:
File Description SizeFormat 
000505359900001.pdf695.91 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.