| With the rapid development of the Internet industry,the number of the virus infection showed a linear increase.It makes further efforts to bring up anti-virus software.In order to resist the anti-virus software,some virus researchers use hacker tools to transform the computer malicious code,so the anti-virus software can not identify the malicious software.This process is called anti-anti-virus.However,most of the current hacker tools are not integrated signature code search and modify functions.In a malicious program modification process,it is usually required to locate signature code at first.Then the technical researchers of malicious code make judgments based on different circumstances.The technical researcher will modify the malicious code by selecting some tools.And during the modification process,it usually requires more than one software to complete a scheme.It wasted a lot of time.So the platform is presented and realized for automation of anti-anti-virus.Not only is it able to provide a single scheme of automated modification,but also provide automatic function by integrating the location method of the signature codes in malicious code and ways of modification.On the other hand,it can contribute to the development of defense technology and the protection of national cyberspace security.In view of the problems faced in this article,this paper proposes solutions and implements them.1.In order to solve the problem of the signature location of the malicious code,the exposed location method are used in this paper.This program also implements the alignment of signature codes.The technology has not been documented.2.In order to solve the problem of the code section signature modification,inline hook method is used in this paper.The technology has not been documented.This program also implements the replacement method of equal machine code and adding junk code.3.In order to solve the problem of the import table signature modification,two schemes are used in the implementation.The first is to use the obfuscation algorithm to disrupt the order of the import table string.The second is to add a dynamic loading instruction to parse the function of the import table and load it.4.In order to realize the general plan to support this system,the addition function of the shell program is also used in this paper.Finally,the runtime environment configuration of the program at the time of testing and testing flow of each module is described in detail.And through an integrated test,the related functions are displayed.This paper finally realized a program of Window PE auto anti-anti-virus.It provides a more convenient solution.It provides some reverse ideas for the defense of the system.It contributes a lot to the technical research of Cyberspace Security in our country. |
PDF Full Text Request