Abstract: Based on the proofs of concept for vulnerability exploitation attack, we can find the characteristic of the attack through reverse engineering using WinDbg and write test code according to the characteristic. We then encapsulate the test code into a DLL and inject the DLL into Web browser through remote thread. The injected DLL will hook browser's API by means of code overriding, so that the browser will jump to the test code. I3y visiting a website and acknowledging the return value of the injected code to judge whether the webpage contains trojan horse using the vulnerability. I3y deploying this technology into numerous virtual machines, we can analyze webpages in bulk, and then provide high-quality webpages blacklist to antivirus software companies and search engines.

Key words: Vulnerability exploitation attack, Proof of concept, Code overriding, Webpage trojan horse, Reverse engineering,APIhooking,DLL injection