摘要： 提出一种基于动态二进制分析的恶意代码行为分析方法，以动态二进制分析平台DynamoRIO为基础设计实现恶意代码行为分析的原型系统。实验结果证明，该系统能够全面地获取恶意代码的API调用序列和参数信息，通过对API调用的关联性进行分析，准确得到恶意代码在文件、注册表、服务及进程线程操作等方面的行为特征。

关键词: 恶意代码, DynamoRIO平台, 插桩, 动态二进制分析, API调用序列, 关联分析

Abstract: This paper proposes a method based on dynamic binary analysis to analyze malicious code behavior and designs and implements a prototype malicious behavior analysis system based on DynamoRIO. Experimental results show that the system can capture Application Programming Interface(API) functions calling sequence and transfer parameter information completely. Based on correlative analysis of the calling sequence and the parameter information, malicious behaviors which cover files, the registry, services, processes, threads and so on are identified.

Key words: malicious code, DynamoRIO platform, instrumentation, dynamic binary analysis, API calling sequence, correlative analysis

中图分类号: 

• TP309