The paper presents a code-injection attack automatic analyses and response system. By means of analyzing abnormal scene and syntax of data payload, it generates vulnerability-oriented signatures which are used to filter off variant form of code injection attack based on same attack scheme of same vulnerability. By combining with protocol state and process state during signatures generating and attack responding process, very low false positive rate and lagging without elevating false negative rate can be gained. Some technical details of the protocol type system on Linux and Windows 2000 and experimental results are also presented.