摘要 |
PURPOSE: A device and a method for providing malicious code dynamic analysis information are provided to find the operation of a malicious code through system monitoring, check a code at the point when the operation was generated, and then implement debugging at the point of the operation generation. CONSTITUTION: A monitoring part monitors the operation of a malicious code or network by the unit of thread, and a call location detection part (104) detects a specific application programming interface (API) of the monitoring part or a call location of an event handler. A control part (106) displays the result of a malicious code dynamic analysis in accordance with the call location. The monitoring part includes a system monitoring part (100), monitoring an API used by the malicious code, and a network monitoring part (102) monitoring network-related input/output (I/O) generated by the malicious code. [Reference numerals] (100) System monitoring part; (102) Network monitoring part; (104) Call location detection part; (106) Control part; (108) Storage part; (110) Display part |