| 摘要 |
<p>The present invention discloses a method, a system, and an apparatus for detecting malicious code to solve the problem that detection efficiency is low and that more resources are occupied in the prior art. The method includes: monitoring execution of an instruction in a virtual machine supervisor of a host computer, where the instruction is generated in escape mode when a read-write request generated during execution of program code in a virtual machine of the host computer is delivered to the virtual machine supervisor; obtaining execution characteristics of the program code according to execution of the instruction; and comparing the obtained execution characteristics with pre-stored execution characteristics of known malicious code, and determining that the program code is malicious code when the obtained execution characteristics and the pre-stored execution characteristics are the same. This improves the detection efficiency, and saves the storage resources in the host computer that are occupied by installing antivirus software in each virtual machine repeatedly, and the processing resources in the host computer that are occupied by running the antivirus software in each virtual machine.</p> |
