The invention discloses a malicious code detecting
system and method based on
dynamic instrumentation. The method comprises the steps that a
software to be detected is uploaded on a
system simulator of a mobile terminal; a framework of the
software to be detected of the
system simulator is ordered again by an
instrumentation manger of a
server, an
instrumentation strategy file is implanted into the system simulator, and one or more probe functions monitor an API function of the framework according to the
instrumentation strategy file; a sound monitor of the
server communicates with the mobile terminal and receives the operation behaviors and content of the
software to be detected which are conducted to the API function and obtained by the probe functions; the detected content is compared with a malicious API
sequence feature library, if the detected content exists in the malicious API
sequence feature library, the software is marked to have malicious behavior operation, and if the detected extent does not exist in the malicious API
sequence feature library, the software is marked to be safe, so that the safety of the software to be detected is determined. By means of the system and method, it is achieved that the software to be detected is installed and operated in the system simulator of the mobile terminal, and malicious codes are detected through instrumentation, so that it is avoided that safety hazards or hidden dangers are caused to the mobile terminal.