Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Apparatus and method for exuviations of file

A file and shell type technology, applied in computer security devices, instruments, electronic digital data processing, etc., can solve problems such as spending a lot of time decompressing or decrypting data, increasing the difficulty of virtual machines, and affecting the virus checking process, etc.

Active Publication Date: 2012-07-18
BEIJING RISING NETWORK SECURITY TECH CO LTD
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] First, some virus files are usually packed by complex and time-consuming compression algorithms or encryption algorithms, so when a conventional virtual machine unpacks such packed virus files, it takes a lot of time to unpack them. Compress or decrypt data, resulting in a long execution time for unpacking, which affects the entire virus checking process
Taking the LZPack shell as an example, because it uses the LZMA algorithm with a relatively large compression rate to compress files when packing, when the virtual machine unpacks the file with the LZPack shell, it decompresses 300K data (after decompression, it is about 1MB or so) takes about 12-15 seconds, which will greatly affect the entire virus screening process
[0009] Second, some more complex shells often insert some codes for detecting debuggers such as API breakpoint detection, debugger detection and single-step exception detection in their shelling programs
Since the virtual machine is essentially a debugger, and the process of unpacking the packed file by the virtual machine is essentially a debugging process, so when the unpacking program detects that it is unpacking in the virtual machine during execution, its It will exit the unpacking process, which increases the difficulty of unpacking the virtual machine

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apparatus and method for exuviations of file
  • Apparatus and method for exuviations of file
  • Apparatus and method for exuviations of file

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0026] The core idea of ​​the present invention is: at first detect the shell type of the file that has been packed, then according to the detected shell type, determine the code ( For example, code that uses time-consuming compression or encryption algorithms to decompress or decrypt data), and code that requires the virtual machine to skip execution or that the virtual machine executes but modifies the execution result to represent that the unpacker executes on a real computer Specific codes (for example, features and functions that are not supported by the code of the debugger, etc.), finally, execute the determined code that needs to be executed in the real computer in the real computer and execute the unpacking program on the virtual computer except for the The rest of the code that is determined to be executed in the real computer, and, in the virtual machine, skip the specific code in the sheller that requires the virtual machine to skip or execute the specific code in t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a device and a method used for exuviating a file. The device comprises a virtual machine used for simulating a real computer; a controller used for detecting the shell type of the file; and an exuviating module used for confirming a code needed to be executed in the real computer in the exuviating process of the file based on the type of the detected shell; wherein, the virtual machine executes the rest codes except the confirmed code in the exuviating procedure of the file; the exuviating module executes the confirmed code in the real computer. The device and the method can be used to fast exuviate the file.

Description

technical field [0001] The invention relates to computer virus antivirus, in particular to a device and method for unpacking files. Background technique [0002] The rapid development of computer and network technology has greatly promoted information exchange. At the same time, computer viruses are constantly evolving and updating along with the development of technology. From the early prank games to today, computer viruses have seriously threatened people's normal use of computers. Thus, how to prevent virus attack has become a focus of attention. [0003] An important step to prevent virus attack is to identify the files with virus before the virus runs, that is, to check the virus, so as to take corresponding measures to contain it from invading the computer system. The current anti-virus software generally uses a virus checking method to match a signature string method. That is to say, use the feature string (one or more specific binary code streams) extracted from ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/00G06F21/50
Inventor 白子潘
Owner BEIJING RISING NETWORK SECURITY TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com