PureBasic Forums - English

Has anyone ever think about building an antivirus in purebasic? Would it be possible? The engine could be very simple (recursive search , load file to memory, comparememory with a database, and so on..) What do you think?

Inf0Byt3 wrote:Would it be possible?

You're not ready just yet.

I know, but i've studied how modern scanning engine works, and it shouldn't be so hard, but it takes too much time building those procedures (Filetype recognition, unpacking, etc). I was just curious

I did a crash course in Virus development using ASM... Just so I know how they work. It's all very clever, you just create a stub at the beginning of the file which redirects to a deposit at the end of the file (the virus), then execute the original exe stub which continues the program running.

You could check for such a modification with PB, seeing as PB supports ASM compilation.

Good luck to you, though

Thank you for the info (and for wishing me luck)... I hope I can build it

Inf0Byt3 wrote:I know, but i've studied how modern scanning engine works, and it shouldn't be so hard, but it takes too much time building those procedures (Filetype recognition, unpacking, etc). I was just curious

No, it's all made up out of small pieces that aren't really so difficult, but it will take very long time if you're not skilled. On the other hand, if you never attempt anything, you'll never become skilled.

Yes, you're right... I've noticed that best things are made accidentally. That's how i started thinking about this... Refering to skills, the GREAT and ALLMIGHTY PB HELPFILE will give me a hand . By the way, how am i going to get the newly-appeared viruses so I can make virus-definitions? I'm starting to believe that this is an impossible task. But i'll try to complete it anyway .

Inf0Byt3 wrote: By the way, how am i going to get the newly-appeared viruses so I can make virus-definitions?

You need to have the viruses so you can check them

however, a thing you _could_ do: Monitor exe files on the computer. Simply first time run will scan for exe files, then store their sizes in a database.

When the user runs an exe file, you check the size. If the size is changed, you give a warning before you run the file!

This will not stop worms and other app's living in its own exe file, however it will stop vira from attaching itself to your exe.!

Great idea!!! This could be implemented as a resident "scan". By the way, i did a quicksearch on the forum and i've seen an example (something about file notification on modification or on copy...). This could extend its capabilities... Or making a driver in assembler (on acess scanning), but this is way too hard. We CAN stop this disease

Inf0Byt3 wrote:Great idea!!! This could be implemented as a resident "scan". By the way, i did a quicksearch on the forum and i've seen an example (something about file notification on modification or on copy...). This could extend its capabilities... Or making a driver in assembler (on acess scanning), but this is way too hard. We CAN stop this disease

yeah its not _that_hard.