Building an antivirus in PB?
Building an antivirus in PB?
Has anyone ever think about building an antivirus in purebasic? Would it be possible? The engine could be very simple (recursive search , load file to memory, comparememory with a database, and so on..) What do you think?
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)
Re: Building an antivirus in PB?
You're not ready just yet.Inf0Byt3 wrote:Would it be possible?
-
Lazarus404
- User
- Posts: 74
- Joined: Fri Dec 02, 2005 3:11 pm
- Location: England
- Contact:
I did a crash course in Virus development using ASM... Just so I know how they work. It's all very clever, you just create a stub at the beginning of the file which redirects to a deposit at the end of the file (the virus), then execute the original exe stub which continues the program running.
You could check for such a modification with PB, seeing as PB supports ASM compilation.
Good luck to you, though
You could check for such a modification with PB, seeing as PB supports ASM compilation.
Good luck to you, though
Laz
Registered PureBasic user since Nov 2005
Check out FlashML at www.designrealm.co.uk... The ultimate Flash Component
Registered PureBasic user since Nov 2005
Check out FlashML at www.designrealm.co.uk... The ultimate Flash Component
No, it's all made up out of small pieces that aren't really so difficult, but it will take very long time if you're not skilled. On the other hand, if you never attempt anything, you'll never become skilled.Inf0Byt3 wrote:I know, but i've studied how modern scanning engine works, and it shouldn't be so hard, but it takes too much time building those procedures (Filetype recognition, unpacking, etc). I was just curious
Yes, you're right... I've noticed that best things are made accidentally. That's how i started thinking about this... Refering to skills, the GREAT and ALLMIGHTY PB HELPFILE will give me a hand 
. By the way, how am i going to get the newly-appeared viruses so I can make virus-definitions? I'm starting to believe that this is an impossible task. But i'll try to complete it anyway .
. By the way, how am i going to get the newly-appeared viruses so I can make virus-definitions? I'm starting to believe that this is an impossible task. But i'll try to complete it anyway .None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)
You need to have the viruses so you can check themInf0Byt3 wrote: By the way, how am i going to get the newly-appeared viruses so I can make virus-definitions?
however, a thing you _could_ do: Monitor exe files on the computer. Simply first time run will scan for exe files, then store their sizes in a database.
When the user runs an exe file, you check the size. If the size is changed, you give a warning before you run the file!
This will not stop worms and other app's living in its own exe file, however it will stop vira from attaching itself to your exe.!
Great idea!!! This could be implemented as a resident "scan". By the way, i did a quicksearch on the forum and i've seen an example (something about file notification on modification or on copy...). This could extend its capabilities... Or making a driver in assembler (on acess scanning), but this is way too hard. We CAN stop this disease
None are more hopelessly enslaved than those who falsely believe they are free. (Goethe)
Inf0Byt3 wrote:Great idea!!! This could be implemented as a resident "scan". By the way, i did a quicksearch on the forum and i've seen an example (something about file notification on modification or on copy...). This could extend its capabilities... Or making a driver in assembler (on acess scanning), but this is way too hard. We CAN stop this disease
yeah its not _that_hard.