关键词: 恶意脚本, 病毒, 注册表, API HOOK, 系统服务调度表

Abstract: Script virus is capable of self-replication, dissemination and destruction, which leads enormous harm and damage to the current computer network information environment. Detecting script virus through one of its major features - tampering with users' registry data, the authors proposed an API HOOK-based registry table monitoring approach. Monitoring from registry table and using API HOOK technology, this approach was competent to achieve the goal of detection and prevention of script virus by modifying the entries to system services in system service dispatch table. And the specific logic and characteristic determination it used were capable of monitoring and protecting the value of users' certain key in registry table.

Key words: scripy virus, virus, registration table, API HOOK, System Service Dispatch Table (SSDT)