1、 I 摘 要 在计算机病毒技术与反病毒技术激烈斗争的今天,病毒技术的复杂多变,发 展迅速给计算机用户同时也给反病毒技术带了巨大的挑战。 本文详细剖析了时下 较流行的 Windows 32 位操作系统平台下最为常见的 PE 病毒机制,配合以代码实 现的方式,从一个病毒编写者的角度展示病毒基本原理,并以此为契机从而做到 更好的防范病毒。第一部分分别介绍了 Windows 病毒的基本原理、分类,并着重 介绍 PE 病毒基本原理,基本机制;第二部分则根据 PE 病毒原理用编写实际代码 的方式实现一个感染正常 EXE 文件(如 WinRAR.exe)、关机并通过 U 盘传播等功 能的病毒程序;第三部分则
2、通过功能测试(白盒测试)、杀毒软件测试,总结并展 望病毒技术;最后通过此次课题的研究成果,结合当今主流反病毒技术,总结 Windows PE 病毒防范技术。 关键字:Windows 病毒;PE 病毒;反病毒技术;PE 文件格式;PE 病毒 II ABSTRACT Nowadays, computer virus technology is growing rapidly as fast as development speed of anti-virus technology.Computer virus technology is becoming complex and changing
3、rapidly. It brings enormous challenges to anti-virus technology. This paper analyzes the most common PE virus mechanism base on Win32 platform that is explained by the way of code realization. The article also demonstrates the basic mechanism of virus from the perspective of the virus creator and gi
4、ves the suggestion to achieve a better anti-virus result. At the beginning, the article introduces the basic knowledge of Windows virus and classification. This part highlights the basic tenets of PE virus and basic mechanism. The second part compiles the code realization according to the principles. It can infect an EXE program (e.g. WinRAR.exe) and spread by u disk. The third part shows the result of passing the test (white box testing) and makes the summary and forecast. The last part summar
