Malicious code detection method and device of ELF (executable and linkable format) file

The invention discloses a malicious code detection method of an ELF (executable and linkable format) file. The method includes: acquiring functions in the ELF file as well as code instruction migration and code instruction length of the functions; acquiring corresponding instruction code segments according to the code instruction migration and the code instruction length of the functions; subjecting the instruction code segments to disassembling analysis and generating feature codes according to the instruction code segments subjected to the disassembling analysis; detecting whether the feature codes exist in a preset malicious code feature library or not; if the feature codes are detected to be in the preset malicious code feature library, judging that the ELF file has malicious codes. With the method, two limitations in 'start migration and continuous binary segments' in a mainstream detection means in the prior art are removed, the malicious codes of the ELF file can be more flexibly detected, and higher inspiring detection capability is achieved. The invention further discloses a malicious code detection device of the ELF file.