FIELD: information technology.
SUBSTANCE: method for detecting a harmful image of machine code, where harmful code is considered to be an image of machine code which execution logic of the machine code differs from the execution logic of the CIL code of the parent assembly, contains the steps: a) obtain the image of the machine code; B) define the parent assembly, where the parent assembly is the assembly on the basis of which the resulting image was created; C) establish a discrepancy between the execution logic of the machine code of the obtained image of the machine code and the execution logic of the CIL code of the specific parent assembly; D) recognize the image of the machine code as harmful on the basis of the established discrepancy between the execution logic of the machine code of the obtained image of the machine code and the execution logic of the CIL code of the specific parent assembly.
EFFECT: increase the security of the device by detecting a harmful image of a machine code.
6 cl, 9 dwg
Title | Year | Author | Number |
---|---|---|---|
METHOD OF CATEGORIZING ASSEMBLIES AND DEPENDENT IMAGES | 2015 |
|
RU2635271C2 |
MACHINE CODE ACCESS LIMITATION METHOD TO THE OPERATING SYSTEM RESOURCES | 2016 |
|
RU2625052C1 |
METHOD FOR ANTI-VIRUS SCANNING OF COMPUTER SYSTEM | 2015 |
|
RU2617925C2 |
SYSTEM AND METHOD FOR CATEGORIZATION OF .NET APPLICATIONS | 2018 |
|
RU2756186C2 |
SYSTEM AND METHOD OF DETECTING THE HARMFUL CIL-FILE | 2017 |
|
RU2660643C1 |
CACHING RUNTIME GENERATED CODE | 2009 |
|
RU2520344C2 |
METHOD AND SYSTEM FOR INTERCEPTING .NET CALLS BY MEANS OF PATCHES IN INTERMEDIATE LANGUAGE | 2022 |
|
RU2815242C1 |
SYSTEM AND METHOD FOR DETERMINING THE FILE TRUST LEVEL | 2019 |
|
RU2750628C2 |
SYSTEM AND METHOD FOR DETECTING MALICIOUS CODE IN THE EXECUTED FILE | 2020 |
|
RU2757807C1 |
SYSTEM AND METHOD OF CREATING RULES FOR FILTERING INSIGNIFICANT EVENTS FOR EVENT LOG ANALYSIS | 2012 |
|
RU2514139C1 |
Authors
Dates
2017-08-22—Published
2015-03-31—Filed