The present invention relates to a poly molpik shell code detection methods. The present invention detects the decryption routine of the poly molpik shell code from the incoming data. The invention keeps track of whether the decryption routine is stored on the stack, the current execution address code in order to access the address of the encrypted code using the process and the actual memory operations to move the value in the register table. The invention finally perform the emulation and improve the detection accuracy. Accordingly, the present invention reduces the overhead and time required for poly molpik shell code detection and increase the detection accuracy. ; Molpik polyester shell code, stack, registers,
展开▼
