This paper designs a characteristic code locating algorithm by using block-by-block recovery method instead of replacement method and proposes an auto free-antivirus strategy based on different PE sections. Under the premise of maintaining the original functionality of software after being modified to avoid killing, the combination of the strategy and the unproved multi-characteristic code, it uses the equivalent code replacement, shifting methods of string and import table functions to automatically remove and replace the characteristic codes in tempt to avoid killing by anti-virus software. Experimental results verify the effectiveness of the strategy.%设计一种以逐块恢复法替代传统逐块替换法的特征码定位算法,在此基础上提出一种针对不同区段进行自动免杀的策略.将该策略与改进的多重特征码定位算法相结合,在保持被免杀软件原有功能的前提下,使用等价代码替换技术、字符串与输入表函数名位移等方法自动进行特征码的去除和替换,由此避免被杀毒软件识别为恶意软件.实验结果验证了该策略的有效性.
展开▼
