PURPOSE: An automatic malicious code analysis method using a kernel callback mechanism is provided to automatically analyze a malicious code by using a kernel callback mechanism and to monitor malicious code at a kernel level.;CONSTITUTION: A process monitor driver(110) registers a function of a kernel drive to a callback function. A registry monitor driver(120) registers a function in a registry monitor driver as the callback function. A file monitor driver(130) registers the kernel drive as a mini filter driver in a windows system.;COPYRIGHT KIPO 2012
展开▼