首页>
外国专利>
SYSTEM AND METHOD FOR EVALUATING malicious code executed in the address space of a trusted process
SYSTEM AND METHOD FOR EVALUATING malicious code executed in the address space of a trusted process
展开▼
机译:评估在受信任进程的地址空间中执行的恶意代码的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
1. Evaluation System of malicious code executing in the address space of a trusted process which comprises: a) the process monitoring means for monitoring processes run on the basis of unreliable features untrusted process, stored in the sign data and unreliable transmission process identifiers pickup means critical functions; b) base data attributes for storing information about the symptoms of unreliable processes and the provision of these features means the Mon itoringa processes a) means for intercepting calls critical features designed to intercept calls critical functions performed on behalf of at least one untrusted process, based on information stored in a database of critical functions, and transmitting the call information critical function analyzing means d) a database of critical functions for storing information on critical functions and information transmission means of said call interception critical functions; d) analyzing means, rednaznachennoe for identification by analysis of the stack executable code calls invoking critical function, and evaluation of harmfulness of said code on the basis of criteria on which information is stored in the criteria data; e) the base of these criteria, for storing information on the criteria for severity of executable code and transmission said information means analiza.2. The system of claim 1, wherein the analyzing means evaluates the severity code copies the addresses return function calls which
展开▼