Emulator updating system and method
Abstract
One embodiment includes a method and computer program product for distributing and/or receiving a first emulator extension with respect to an emulator capable of performing an emulation using emulation code. The first emulator extension includes program instructions that aid in the process of emulating in order to detect potentially unwanted computer software. Such program instructions of the first emulator extension are additional beyond that associated with the emulator code, for assisting the emulator code in the emulation by patching the additional program instructions into the emulator in order to aid in detecting the potentially unwanted computer software within the suspect code. In use, an emulation is performed using the first emulator extension and the suspect code. The emulation is performed within an insulated environment in a computer system so that the computer system is insulated from potentially unwanted actions of the suspect code.
Claims
exact text as granted — not AI-modified1 . A method to be performed in conjunction with a processor and a memory, the method comprising:
receiving a first emulator extension from among a plurality of different emulator extensions at an emulator for performing an emulation using emulation code, each of the plurality of different emulator extensions including program instructions that read suspect code of a computer system during the process of emulating in order to detect that the suspect code includes potentially unwanted computer software; performing a first emulation using the first emulator extension and the suspect code to detect whether the suspect code contains potentially unwanted computer software, the first emulation being performed within an insulated environment in the computer system, wherein each of the plurality of different emulator extensions is configured for loading, from a database containing the plurality of different emulator extensions, into an emulator buffer as a patch to the suspect code such that at least some of the suspect code is overwritten, and wherein a location within the suspect code where the patching occurs is defined in the database; and if the first emulation does not detect that the suspect contains potentially unwanted computer software:
receiving a second emulator extension from among the plurality of different emulator extensions; and
performing a second emulation using the second emulator extension and the suspect code to detect whether the suspect code contains potentially unwanted computer software; and
reporting the suspect code, if a computer virus or other unwanted software is detected within the suspect code.
2 . (canceled)
3 . (canceled)
4 . (canceled)
5 . The method of claim 1 , further comprising emulating the suspect code prior to loading the first emulator extension into the emulator buffer.
6 . (canceled)
7 . The method of claim 1 , wherein the first emulator extension and the second emulator extension provide support for conflicting emulator environments.
8 . (canceled)
9 . (canceled)
10 . (canceled)
11 . The method of claim 1 , wherein the first emulator extension facilitates emulating a non-standard computer instruction opcode.
12 . The method of claim 1 , wherein the first emulator extension facilitates emulating an uncommonly used operating system call.
13 . A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
receiving a first emulator extension from among a plurality of different emulator extensions at an emulator for performing an emulation using emulation code, each of the plurality of different the first emulator extensions including program instructions that read suspect code of a computer system during the process of emulating in order to detect that the suspect code includes potentially unwanted computer software; performing a first emulation using the first emulator extension and the suspect code to detect whether the suspect code contains potentially unwanted computer software, the first emulation being performed within an insulated environment in the computer system, wherein each of the plurality of different emulator extensions is configured for loading, from a database containing the plurality of different emulator extensions, into an emulator buffer as a patch to the suspect code such that at least some of the suspect code is overwritten, and wherein a location within the suspect code where the patching occurs is defined in the database; and if the first emulation does not detect that the suspect contains potentially unwanted computer software:
receiving a second emulator extension from among the plurality of emulator extensions; and
performing a second emulation using the second emulator extension and the suspect code; and
reporting the suspect code, if a computer virus or other unwanted software is detected within the suspect code.
14 . (canceled)
15 . (canceled)
16 . (canceled)
17 . The non-transitory computer-readable storage medium of claim 13 , wherein the method further comprises emulating the suspect code prior to loading the first emulator extension into the emulator buffer.
18 . (canceled)
19 . (canceled)
20 . (canceled)
21 . The method of claim 1 , wherein the first emulator extension is executed for setting up an environment used for emulating the suspect code.
22 . The method of claim 1 , wherein each of the plurality of different emulator extensions further includes program instructions that when emulated by the emulator identify patterns within the suspect code indicating that the suspect code contains potentially unwanted computer software.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.