Comparing with normal code, there are many different behaviors when malicious code is implanted into memory, that can be shown on the related API function called. In view of this, according to APIHOOK technology , this paper design and de?velop a software-code behavior diagnostic system, which can determine the“good and evil”level of code according to API func?tion called by the code during the period of implantation,at the same time, display the detailed behavior of the code, providing useful information for identifying the code further.%因为恶意代码在植入时的行为与正常代码有很大的不同,而这些行为就表现在所调用的相关API函数上,鉴于此,该文采用APIHOOK技术,设计了代码行为诊断系统,该系统根据代码在植入时调用的API函数来判断代码的“善恶”,并给出了详细的代码行为,从而为进一步判断代码是否是恶意的提供了依据.
展开▼