Data collection method and device based on API calling and storage equipment

The embodiment of the invention provides a data collection method and device based on API calling and storage equipment, and aims to solve the problem that malicious code data acquired by analysts isinaccurate if malicious codes use an anti-virtual machine technology. The method comprises the following steps: establishing an api attention list in a user machine, and marking recorded information for each api in the api attention list; monitoring an api calling condition in a user machine, and if the api in the api attention list is called, recording the information of the api according to themark of the recorded information of the api; and arranging the recorded api information to generate an api data list, and uploading and storing the api data list. 本发明实施例提供了一种基于API调用的数据收集方法、装置及存储设备，用以解决如果恶意代码使用了反虚拟机技术，分析人员获取的恶意代码数据不准确的问题。该方法包括：在用户机中建立api关注列表，对所述api关注列表中每一api进行记录信息的标记；监控用户机中api调用情况，若所述api关注列表中的api被调用，则根据该api的记录信息的标记，记录该api的信息；将记录的api信息整理生成api数据列表，上传并存储。