中文摘要：

如今杀毒软件利用虚拟机模拟执行程序，判断其行为是否会对系统安全造成影响，从而由用户决定是放行通过或是报警拦截。针对虚拟机查毒的特点，研究如何检测杀毒软件的虚拟机环境。根据虚拟机环境与真实用户环境的区别，以及特定杀毒软件虚拟机的特有属性，找到规避虚拟机模拟执行的方法，从而使程序不被杀毒软件虚拟执行，欺骗杀毒软件直接放行通过，用来满足某些特定程序的要求。

英文摘要：

Nowadays anti-viruses softwares use virtual machine to execute programme and determine whether it would do harm to the system, thus decides to let the program go or alarm. Aiming at virtual machine anti-viruses features, how to detect virtual environment of anti-viruses software is studied. According to the difference between virtual machine environment and actual user environment and virtual machine properties of specific anti-viruses software, how to circumvent virtual machine anti-virus is explored, thus to avoid the programme not being executed by virtual machine of anti-viruses software and meet the specific requirements.