| 程序自动脱壳数据采集技术研究 |
| |
| 引用本文: | 曾勇军,朱俊虎,奚琪. 程序自动脱壳数据采集技术研究[J]. 计算机应用, 2009, 29(3): 813-816 |
| |
| 作者姓名: | 曾勇军 朱俊虎 奚琪 |
| |
| 作者单位: | 信息工程大学,信息工程学院,郑州,450002;信息工程大学,信息工程学院,郑州,450002;信息工程大学,信息工程学院,郑州,450002 |
| |
| 摘 要: | 自动提取加壳程序隐藏的代码和数据是目前恶意代码检测技术面临的重要问题。分析了加壳程序运行的本质特征,给出了存储器监控算法和动态基本块标记算法,描述了基于QEMU仿真器的程序自动脱壳数据采集系统的设计思路。实验结果表明,该系统可以有效地提取被加壳程序的代码和数据,完整地记录程序脱壳的执行行为。
|
| 关 键 词: | 脱壳 QEMU仿真器 数据采集 基本块 |
| 收稿时间: | 2008-09-11 |
Research of data acquisition technology in program automatic unpacking |
| |
| ZENG Yong-jun,ZHU Jun-hu,XI Qi. Research of data acquisition technology in program automatic unpacking[J]. Journal of Computer Applications, 2009, 29(3): 813-816 |
| |
| Authors: | ZENG Yong-jun ZHU Jun-hu XI Qi |
| |
| Affiliation: | Institute of Information Engineering;Information Engineering University;Zhengzhou Henan 450002;China |
| |
| Abstract: | The hidden code and data extraction of packed program is an important issue of malware detection technology. The running characteristics of packed program were analyzed, the memory monitoring algorithm and dynamic identification algorithm of basic block were given, and the data acquisition system of program automatic unpacking based on QEMU emulator was described. Testing results show that the code and data of original program can be extracted, and executable behavior of program unpacking can be recorded. |
| |
| Keywords: | unpacking QEMU emulator data acquisition basic block |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
