摘要 |
Methods and apparatus for detecting computer viruses that attempt to gain access to restricted computer system resources are provided. The apparatus comprises an emulator component, a monitor component and a detector component. The emulator emulates computer executable code in a subject file. The monitor component monitors emulation of the computer executable code and monitoring a memory state of the computer system for modifications caused by the emulated instructions in the computer executable code. Based on information supplied by the monitor component regarding the emulated code and any modifications of the memory state, the detector component detects an attempt by the emulated code to access one or more of the restricted computer system resources.
|