| 基于内存监控的动态脱壳系统 |
| |
| 引用本文: | 梁光辉,庞建民,戴超.基于内存监控的动态脱壳系统[J].信息工程大学学报,2015,16(6). |
| |
| 作者姓名: | 梁光辉 庞建民 戴超 |
| |
| 作者单位: | 信息工程大学, 河南 郑州 |
| |
| 摘 要: | 恶意代码所采用的各式各样的“壳”给安全分析带来了很多困难,加壳代码的自动脱壳技术对提高安全分析工作的效率有很大作用。根据加壳程序在运行过程中的特点,设计并实现了基于内存监控的恶意代码动态自动脱壳系统。该系统动态的记录并分析加壳程序在运行过程中内存操作,并根据脱壳特点确定原程序的真正执行位置,完整的记录加壳程序脱壳过程。实验表明,该动态脱壳技术可以有效实现对恶意代码的自动脱壳。
|
| 关 键 词: | 加壳 恶意代码 TEMU 动态分析 |
Dynamic Unpacking System Based on Memory Monitoring |
| |
| LIANG Guanghui,PANG Jianmin,DAI Chao.Dynamic Unpacking System Based on Memory Monitoring[J].Journal of Information Engineering University,2015,16(6). |
| |
| Authors: | LIANG Guanghui PANG Jianmin DAI Chao |
| |
| Affiliation: | Information Engineering University, Zhengzhou 450001 |
| |
| Abstract: | Various packed malware have brought many difficulties in analyzing malware behavior. It is significant to realize automatic dynamic unpacking. This paper designs and realizes a automatic dynamic unpacking system based on Temu according to the property of unpacked malware. We record and analyze memory operation during the running of packed malware, then locate the real entry point of original program. The experiment shows that our technique could unpack the packed malware correctly. |
| |
| Keywords: | packed code malware TEMU dynamic analysis |
|
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
