US 12,169,555 B2
Program code execution behavior monitoring method and computer device
Jinfeng Yuan, Shenzhen (CN); and Jia Chen, Beijing (CN)
Assigned to Huawei Technologies Co., Ltd., Shenzhen (CN)
Filed by Huawei Technologies Co., Ltd., Shenzhen (CN)
Filed on Aug. 16, 2022, as Appl. No. 17/889,153.
Application 17/889,153 is a continuation of application No. PCT/CN2020/119508, filed on Sep. 30, 2020.
Claims priority of application No. 202010097557.7 (CN), filed on Feb. 17, 2020.
Prior Publication US 2022/0391493 A1, Dec. 8, 2022
Int. Cl. G06F 21/00 (2013.01); G06F 21/53 (2013.01)
CPC G06F 21/53 (2013.01) [G06F 2221/034 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A program code execution behavior monitoring method, comprising:
executing, by a computer device in a virtual execution environment, first code corresponding to first program code, the virtual execution environment is a running environment provided based on a virtualization technology, the first code is an external code, other than internal code, invoked in the first program code, the external code comprises system code provided by an operating system of the computer device, and the internal code is code of a process generated by the first program code;
in a process in which the computer device executes the first code, determining if second code belongs to the internal code;
when the second code belongs to the internal code, before execution of the second code is completed, switching, by the computer device, an execution environment of the first program code to a simulated execution environment, wherein the simulated execution environment is a running environment provided based on a simulator;
executing, by the computer device, the second code m the simulated execution environment; and
determining, by the computer device based on a page exception and a nested page table, that the second code belongs to the internal code, wherein the nested page table records access permissions corresponding to a first memory space, the second code is stored in the first memory space, and the page exception indicates conflict information between an access request for the first memory space and the access permissions corresponding to the first memory space.