The Design And Implementation Of Anti-WIN32 PE Virus Based On WINDOWS IFS

During the long-term fight between virus and anti-virus in computer, the tricks of virus refurbish constantly,programming ways are getting more and more advanced.Virus makers began to change the old written way.they study the various network platform systems and network application process even killing and defensive techniques of antivirus software, in order to looking for all kinds of vulnerabilities.In addition to the increasingly clever programming ways, the virus pay more attention to the attack "strategy", dissemination and the invasion process, evade the killing of antivirus software and safety protection through various means.WIN32 PE file virus,which spreads widely.has large damages,and uses multi-state deformation technology,makes the traditional static scanning technology based on the signaturen invalid lost effectiveness.Therefore, in this thesis, a systematic study on the file structure of the Win32 PE files and the important data structure of PE files, is given a detailed analysis on the technology and methods of the Win32 PE file virus' transmission and infection is share,is proposed according to the characteristics of the virus,this paper raised defense framework of Win32 PE file virus. The core of the framework is that the virus will be shut outside the system during the spread of the virus infection stage,It makes the virus lost their survival space, effectively kills the anti-virus WIN32 PE virus, and improves the system's security and stability .After study of the various Windows technologies needed to use this framework,Win32 PE documents virus defense system with the use of these technologies is designed.The purpose of killing virus is the protection of information security. In this thesis, the Feasibility and the prospects for the protection of information security are discussed with hiding information technology combined with the anti-virus framework of Win32 PEThe innovation of this paper is the adoption of the initiative defense framework of the Win32 PE. The user need not to wait until the virus infects documents and data of a system and then kill them, but, the virus will be shut outside the system during the spread of the virus infection stage. It makes great guiding significance and reference value in the improvement of computer virus initiative defense technology.