| 摘要 |
Particular embodiments described herein provide for an electronic device that can be configured to monitor a process, determine if the process is parsing to look for one or more system functions, and flag the process if the process is parsing to look for one or more system system functions. In an example, the process can be determined to be parsing to look for one or more system functions if the process parses portable executable headers to find and interpret dynamic link library tables. In another example, the process can be determined to be parsing to look for one or more system functions if the process calls GetProcAddress. |
