| 摘要 |
PROBLEM TO BE SOLVED: To provide an original code extraction device, extraction method and extraction program capable of extracting the original code of even an execution file whose packing has been performed in multiple. SOLUTION: A memory access monitoring part 5 monitors a monitor target process 4, and when a memory place whose write-in access is generated is executed, the memory place is added to an original code candidate list as the candidate of the original code. A score calculation part 8 calculates scores representing original code likeness related with each candidate. An original code decision part 9 extracts the candidates whose scores exceed a preliminarily designated threshold, or the candidates whose scores become the maximum as original codes from the original code candidate list. COPYRIGHT: (C)2010,JPO&INPIT |
