| 摘要 |
A system and method for using asynchronous changes to memory to detect malware is disclosed. The technology initially receives a memory buffer location to be evaluated, the memory buffer location possibly having at least a portion of malware therein. The technology then performs a plurality of double fetches to the memory buffer location. The technology additionally compares a plurality of responses to the plurality of double fetches, wherein a plurality of similar responses to the plurality of double fetches indicates the portion of malware is not present and wherein at least two distinct responses to the plurality of double fetches indicates the portion of malware is present.
|
