| 基于特征码的PE文件自动免杀策略 |
| |
| 引用本文: | 吴伟民,范炜锋,王志月,李晓峰,黄健炜. 基于特征码的PE文件自动免杀策略[J]. 计算机工程, 2012, 38(12): 118-121 |
| |
| 作者姓名: | 吴伟民 范炜锋 王志月 李晓峰 黄健炜 |
| |
| 作者单位: | 广东工业大学计算机学院,广州,510006 |
| |
| 摘 要: | 设计一种以逐块恢复法替代传统逐块替换法的特征码定位算法,在此基础上提出一种针对不同区段进行自动免杀的策略。将该策略与改进的多重特征码定位算法相结合,在保持被免杀软件原有功能的前提下,使用等价代码替换技术、字符串与输入表函数名位移等方法自动进行特征码的去除和替换,由此避免被杀毒软件识别为恶意软件。实验结果验证了该策略的有效性。
|
| 关 键 词: | 特征码 定位 免杀 PE文件 等价代码替换 输入表 |
| 收稿时间: | 2011-08-01 |
PE File Auto Free-antivirus Strategy Based on Characteristic Code |
| |
| WU Wei-min , FAN Wei-feng , WANG Zhi-yue , LI Xiao-feng , HUANG Jian-wei. PE File Auto Free-antivirus Strategy Based on Characteristic Code[J]. Computer Engineering, 2012, 38(12): 118-121 |
| |
| Authors: | WU Wei-min FAN Wei-feng WANG Zhi-yue LI Xiao-feng HUANG Jian-wei |
| |
| Affiliation: | (Faculty of Computer,Guangdong University of Technology,Guangzhou 510006,China) |
| |
| Abstract: | This paper designs a characteristic code locating algorithm by using block-by-block recovery method instead of replacement method and proposes an auto free-antivirus strategy based on different PE sections.Under the premise of maintaining the original functionality of software after being modified to avoid killing,the combination of the strategy and the improved multi-characteristic code,it uses the equivalent code replacement,shifting methods of string and import table functions to automatically remove and replace the characteristic codes in tempt to avoid killing by anti-virus software.Experimental results verify the effectiveness of the strategy. |
| |
| Keywords: | characteristic code locating free-antivirus PE file equivalent code replacement import table |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
|
