摘要
在计算机病毒和反病毒激烈博弈的今天,病毒技术复杂高深,而且发展迅猛,给反病毒技术带来巨大挑战,同时也威胁到了计算机用户的信息安全。本文详细剖析了在Windows操作系统上较为常见的文件型病毒,使用MASM汇编,开发了可以重定位并具有感染能力的传播模块,攻击模块对MBR进行剖析,实现对MBR的修改和加密;同时也对此类文件型病毒的启动和传播进行研究,发现此类病毒总会修改原程序的入口点,结合对文件和进程的监控,实现了检测防护程序。从测试结果看来,防护程序能有效检测出此类文件型病毒。
关键词:文件型病毒;PE病毒;MBR修改;病毒防护;
Today, computer virus technology and computer anti-virus technology fight each other. Computer virus technology is complex and profound, as well as develops rapidly. It is not only a huge challenge to anti-virus technology, but also a thread to the computer user’s information security. This paper analyses the common file virus in the Windows operating system, using the MASM assembly to develop infected module which can relocation and infect other normal portable executable files