Brother Wang, the shelling of 360 antivirus software is similar to the virtual machine shelling technology at API level. KV, the strongest antivirus software in China, can only shell two kinds, UPX and ASPack；; The API shell of 360 can basically be regarded as none. For example, the control terminal of Grey Pigeon is upx shell, and 360 can recognize it, but it can't shell, so it can only change the virus's own code to run the program and place the virus isolation area, which means that a virus that could have been killed by them can't be detected by adding an unpopular shell casually. If you add instructions by disassembly or add an unpopular shell near the virus signature, 360 will not be found basically, so the technology of detecting 360 shell needs to be improved, let alone with shell.