who knows it is passible made some check in memory? some viruses can inject in process in memory - it means CRC or MD5 or how it names of this process in memory will be change - it means i can catch this difference and made some alert for user.
and one more - this "CRC" in memory the same in XP and Vista and 7? or for each OS need each other this CRC?
i must use search on this forum, but i dont know how made this request rightly.
check file in memory after launch
Re: check file in memory after launch
The CRC checksum wont notice any injection but is the same on all OS...SeregaZ wrote:who knows it is passible made some check in memory? some viruses can inject in process in memory - it means CRC or MD5 or how it names of this process in memory will be change - it means i can catch this difference and made some alert for user.
and one more - this "CRC" in memory the same in XP and Vista and 7? or for each OS need each other this CRC?
i must use search on this forum, but i dont know how made this request rightly.
For detecting injections u could hook the apis mostly used to inject files...
infos can be found here:
http://dspace.lib.fcu.edu.tw/bitstream/ ... 000144.pdf
Re: check file in memory after launch
Just don't do it.
Unless your app is a virus scanner its not your apps job to check for viruses. Implementing such a check would do nothing else than cause problems. There are a ton of apps that inject DLLs into other processes and are no maleware at all.
By the way, a app needs admin privilegs to inject a DLL, so you shoudnt care about it.
Unless your app is a virus scanner its not your apps job to check for viruses. Implementing such a check would do nothing else than cause problems. There are a ton of apps that inject DLLs into other processes and are no maleware at all.
By the way, a app needs admin privilegs to inject a DLL, so you shoudnt care about it.