| Malware—a generic term that encompasses viruses, trojans, spy wares and so on—is widespread today. Malicious software have various behavior patterns, and can cause different forms of damage to computer. Similarly, the analysis of the behavior of malicious software is a multi-step process that includes study malware structure and functionality. This progress is an important method which facilitates the development of an antidote.More and more malwares have anti-debugging or anti-tracking capabilities. So, in order to address the problem of malware analysis, the thesis explored a high efficiency, stealth, safe malware analysis platform with various of new technologies. The platform offers a large number of application program interfaces for secondary development to create various of malicious software analysis tools.First of all, the thesis bring out a new stealth breakpoint technology based on page fault exception in order to anti-anti-debugging, anti-anti-tracking. To ensure high efficiency, the thesis implement a code control execute engine based on code slicing technology to reduce the massive system cost caused by system interruption. After that, a light-weight virtual machine Operation System Abstract Layer which is based on namespace virtualization technology is needed to protect the system and to achieve behavior monitoring. And also, a disassembly engine is provided for secondary development. From the test results, a conclusion can be made that the platform can achieve the desired goals. The platform will be a great help to malicious code analysis.In this project, the author involved in pre-research, theoretical research work and was responsible for the designs of system architecture and module interface, cooperated with team members to achieve the detailed design, and independently accomplished the design and implementation of three modules: payload module, disassembly engine and operation system abstract layer. |
PDF Full Text Request