METHOD FOR ANALYZING SPYWARE AND COMPUTER SYSTEM

摘要

A method for analyzing spyware and a computer system that relates to communication technology are provided. A trace of an executed spyware process is captured by the computer system. The spyware process includes a data packet returning operation that transmits a data packet to a control host as a result of executing the spyware process. The data packet returning operation has a subprogram which is extracted from the execution trace. The subprogram includes at least one call interface. Semantic information from each component of information of the at least one call interface is analyzed and output. In this manner a specific format of a data packet returned to the control host is determined, a communication protocol of the spyware is obtained, and a user may rewrite control commands of the spyware according to the obtained communication protocol, to control execution of the spyware.