Dynamic detection method of Shellcode

Disclosed is a dynamic detection method of a Shellcode. The method comprises the steps that network data flow is firstly grabbed and divided, and a plurality of execution links are obtained; then an operating system breakpoint is triggered to be abnormal, and the register value and internal storage content in the abnormality triggering process are used as an initial register value and internal storage content to be stored; finally, the execution links are executed in sequence, meanwhile, whether an endless loop or operating system abnormality occurs or not is detected in the execution process of each execution link, the current execution link has no Shellcode if the endless loop or operating system abnormality occurs, and otherwise whether the current execution link has the Shellcode or not is detected in a starting method, and detection is completed. According to the method, the Shellcode with the code obfuscation technology can be detected, the virtualization technology is not adopted, deployment is easy, the Shellcode capable of finding virtualization environment can be detected effectively, and the probability of Shellcode detection exposure is greatly reduced.