| 摘要 |
PROBLEM TO BE SOLVED: To enable detection of a malware process, in particular, detection of an injection-type Trojan Horse.SOLUTION: A method includes: monitoring a launch of a process 202; in response to a completion of the launch of the process, determining a base address associated with the process 204; determining a permission of a memory block associated with the base address 206; and determining whether the process is potentially associated with a malware process on the basis at least partly of the determined permission 208.SELECTED DRAWING: Figure 2 |
