期刊名称:Lecture Notes in Engineering and Computer Science
印刷版ISSN:2078-0958
电子版ISSN:2078-0966
出版年度:2019
卷号:2239
页码:100-105
出版社:Newswood and International Association of Engineers
摘要:Along with the advent of 64-bit malware, an
analysis of such malware is now required. We are developing
Alkanet 10, which is a system call tracer using virtualization
technology for 64-bit malware analysis on Windows 10 x64.
At present, we are attempting to implement a stack trace on
Alkanet 10 in order to trace the code injection behaviors of the
malware. H owever, realizing the stack trace is not easy because
unlike x86, the calling convention on x64 does not use a frame
pointer. We propose implementing the stack trace by using a
VAD tree and .pdata section in a PE file.
