关键词: 逆向技术, 启动函数, 参数传递, 数据结构, 控制语句, Windows API

Abstract: Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. The focus of this paper was to show the general patterns ascertained using reverse analysis applied to the aspects of start function, parameter transfer of function, data structure, control statement and Windows API. A case study of malware, used to obtain account information, login names, and passwords for the popular Chinese social networking program "QQ", was presented to illustrate how the reverse analysis quickly and accurately locates key information used to determine general patterns.

Key words: reverse technology, start function, parameter transfer, data structure, control statement, Windows API