| The economic loss which the malicious code creates holds the maximum proportion in the security incident. At present, the detection technology of malicious code could not meet the expectations of network security for a great diversity of malicious code. It is very difficult to distinguish the normal code and the malicious code, and many information systems lack the essential protective measures. Analyzing of the malicious code in detail is meaningful in resisting the attack of malicious code and also a hot research spot.The malicious code has the inner self protection function to prevent to be analyzed. Most debuggers are very difficult to analyze the malicious code. Software protection technique now receives broad attention from all fields both at home and abroad, and there are a lot of Anti debug softwares witch are used for an application code protection from reverse engineering. Packers are created to protect an executable from analysis. They are used legitimately by commercial applications to prevent information disclosure, tampering and piracy. Unfortunately, malcodes also use packers for the same reasons but for a malicious purpose.Due to a large number of packed malcode, researchers and malcode analysts started to develop the skills to unpack samples for analysis. There are many anti-debug techniques, for example, software breakpoint detection, code checksum calculation and encryption and compression. The debugger is designed and completed witch uses the windows paging management mechanism to debug malcodes. The debugger doesn't register the debugger in the windows system, and Controls the behavior of the object process by the shellcode. The debugger communicates with the user by adding some new system calls. The debugger is different from the other debuggers.The results of experiment showed that the method offered here is a supplement for traditional debugging techniques. |
PDF Full Text Request