计算机工程2011,Vol.37Issue(18):139-141,144,4.
基于DynamoRIO的恶意代码行为分析
Malicious Code Behavior Analysis Based on DynamoRIO
王乾 1舒辉 1李洋 1黄荷洁1
作者信息
- 1. 解放军信息工程大学信息工程学院,郑州450002
- 折叠
摘要
Abstract
This paper proposes a method based on dynamic binary analysis to analyze malicious code behavior and designs and implements a prototype malicious behavior analysis system based on DynamoRIO. Exf 'rimental results show that the system can capture Application Programming Interface(API) functions calling sequence and transfer parameter information completely. Based on correlative analysis of the calling sequence and the parameter information, malicious behaviors which cover files, the registry, services, processes, threads and so on are identified.关键词
恶意代码/DynamoRIO平台/插桩/动态二进制分析/API调用序列/关联分析Key words
1 malicious code/ DynamoRIO platform/ instrumentation/ dynamic binary analysis/ API calling sequence/ correlative analysis分类
信息技术与安全科学引用本文复制引用
王乾,舒辉,李洋,黄荷洁..基于DynamoRIO的恶意代码行为分析[J].计算机工程,2011,37(18):139-141,144,4.
