| 摘要 |
A method is disclosed for protecting executable computer programs against infection by a computer virus program. The invented method prevents writing operations that attempt to modify portions of the program, such as the program's entry point or first instructions. A writing operation that attempts to write data to the program is intercepted and analyzed before the operation is allowed to be processed. The method selects significant data and stores the data, in order to retain information indicative of the program prior to any modification thereof. The invented method then determines if the writing operation is attempting to modify the significant data, and if it is determined that the writing operation is attempting to modify the data, an alarm is generated and operation is denied. If it is determined that the writing operation is not attempting to modify the data, the writing operation as allowed to continue. Additionally, the program can be restored to its initial state using the stored information and data. The method of the present invention uses the stored data indicative of the significant data of the program to restore the program to its initial state and undo all the modifications that the virus may have made to the program. |
