SYSTEM AND METHOD FOR EVALUATING malicious code executed in the address space of a trusted process

摘要

1. Evaluation System of malicious code executing in the address space of a trusted process which comprises: a) the process monitoring means for monitoring processes run on the basis of unreliable features untrusted process, stored in the sign data and unreliable transmission process identifiers pickup means critical functions; b) base data attributes for storing information about the symptoms of unreliable processes and the provision of these features means the Mon itoringa processes a) means for intercepting calls critical features designed to intercept calls critical functions performed on behalf of at least one untrusted process, based on information stored in a database of critical functions, and transmitting the call information critical function analyzing means d) a database of critical functions for storing information on critical functions and information transmission means of said call interception critical functions; d) analyzing means, rednaznachennoe for identification by analysis of the stack executable code calls invoking critical function, and evaluation of harmfulness of said code on the basis of criteria on which information is stored in the criteria data; e) the base of these criteria, for storing information on the criteria for severity of executable code and transmission said information means analiza.2. The system of claim 1, wherein the analyzing means evaluates the severity code copies the addresses return function calls which