计算机应用 ›› 2011, Vol. 31 ›› Issue (11): 2975-2978.DOI: 10.3724/SP.J.1087.2011.02975

• 信息安全 • 上一篇    下一篇

基于逆向技术的恶意程序分析方法

罗文华   

  1. 中国刑事警察学院 计算机犯罪侦查系,沈阳 110854
  • 收稿日期:2011-05-23 修回日期:2011-06-27 发布日期:2011-11-16 出版日期:2011-11-01
  • 通讯作者: 罗文华
  • 作者简介:罗文华(1977-),男,辽宁沈阳人,副教授,主要研究方向:计算机犯罪侦查、电子数据取证。
  • 基金资助:
    公安部应用创新计划项目

Malware analysis method based on reverse technology

LUO Wen-hua   

  1. Department of Computer Crime Investigation, China Criminal Police University, Liaoning Shenyang, 110854
  • Received:2011-05-23 Revised:2011-06-27 Online:2011-11-16 Published:2011-11-01
  • Contact: LUO Wen-hua

摘要: 逆向分析是恶意程序分析的常用方法之一,在揭示恶意程序意图及行为方面发挥着其他方法无法比拟的作用。着重从启动函数、函数参数传递、数据结构、控制语句、Windows API等方面归纳总结恶意程序反汇编代码一般规律,并结合一起利用恶意程序窃取QQ账号与密码的真实案例说明快速准确定位关键信息的具体方法。

关键词: 逆向技术, 启动函数, 参数传递, 数据结构, 控制语句, Windows API

Abstract: Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. The focus of this paper was to show the general patterns ascertained using reverse analysis applied to the aspects of start function, parameter transfer of function, data structure, control statement and Windows API. A case study of malware, used to obtain account information, login names, and passwords for the popular Chinese social networking program "QQ", was presented to illustrate how the reverse analysis quickly and accurately locates key information used to determine general patterns.

Key words: reverse technology, start function, parameter transfer, data structure, control statement, Windows API