The invention discloses a method for detecting illegal file injection. The method comprises the steps that a first message of dynamic link library files of a target application is obtained through a system application programming interface function, wherein the first message comprises the number and names of the dynamic link library files; the first message is reported to a server corresponding tothe target application; a dynamic link module is searched for through an enumeration system memory block; a second message of the dynamic link library files of the target application are obtained through the dynamic link module, wherein the second message comprises the number and names of the dynamic link library files; the second message is reported to the server corresponding to the target application; if the first message and/or the second message do/does not meet the requirement of the server, the server is forbidden to use the target application. The technical problems that in the priorart, the protection is not timely and the protection strength is not enough are solved, and the protection timeliness and the protection strength are improved.