To　provide　runtime　monitoring　for　executing　programs　at　system　level,　a　dynamic　monitoring　framework　based　on　virtual　machine　was　designed　and　implemented.　By　utilizing　an　event-driven　mechanism　based　on　the　theory　of　a　translation　program　for　virtual　machines,　this　study　selected　a　specific　event　as　the　target　for　registration,　and　the　CPU　state　was　obtained　for　analysis　to　obtain　dynamic　running　information　on　the　tested　program.　This　paper　describes　the　structure　of　the　dynamic　monitoring　framework,　analyzes　the　working　principle,　and　introduces　the　process　of　acquiring　monitoring　information.　The　analysis　of　suspicious　programs　based　on　control　flow　technique　was　used　as　an　example　to　describe　the　entire　process.　The　test　results　show　that　this　method　is　effective　in　conducting　comprehensive　monitoring.　Furthermore,　this　method　facilitates　obtaining　the　kernel　status　of　the　operating　system　and　process　information　to　support　the　analysis　of　the　dynamic　behavior　of　the　executing　program.　©　2017,　Editorial　Department　of　Journal　of　HEU.　All　right　reserved.