14 Replies - 52802 Views - Last Post: 14 April 2010 - 11:09 AM Rate Topic: -----

#1 dxsemba  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 11
  • Joined: 09-January 09

anti virus source code

Posted 09 January 2009 - 08:29 PM

i need any help to consruct antivirus program using c#
any one can give me link to example of source code
tutorial about behaviour of virus and how can we detect it
other concept overview
be happy for small help :ph34r:
Is This A Good Question/Topic? 2

Replies To: anti virus source code

#2 bodom658  Icon User is offline

  • Villiage Idiom
  • member icon

Reputation: 113
  • View blog
  • Posts: 1,123
  • Joined: 22-February 08

Re: anti virus source code

Posted 09 January 2009 - 08:56 PM

i would start here: www.google.com... There is tons of information, you just need to put a little work in yourself
Was This Post Helpful? 0

#3 dxsemba  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 11
  • Joined: 09-January 09

Re: anti virus source code

Posted 10 January 2009 - 09:35 AM

View Postbodom658, on 9 Jan, 2009 - 07:56 PM, said:

i would start here: www.google.com... There is tons of information, you just need to put a little work in yourself

i seearch more but not found my target i need help from experience programmer in this field
Was This Post Helpful? 0
  • +
  • -

#4 F!st!cuffs  Icon User is offline

  • D.I.C Head

Reputation: 12
  • View blog
  • Posts: 153
  • Joined: 15-July 08

Re: anti virus source code

Posted 10 January 2009 - 09:58 AM

I think ( I could be wrong ) most anti-virus software just scans your hard drive for black listed files [ I was close, wiki says most common is signature based, so black list is signatures not files], hence the need to constantly update. At any rate it's still a pretty complex system to develop and would require probably years of work if your by yourself. Try searching for "How antivirus works" and good luck
Was This Post Helpful? 1
  • +
  • -

#5 dxsemba  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 11
  • Joined: 09-January 09

Re: anti virus source code

Posted 12 January 2009 - 09:19 AM

View PostF!st!cuffs, on 10 Jan, 2009 - 08:58 AM, said:

I think ( I could be wrong ) most anti-virus software just scans your hard drive for black listed files [ I was close, wiki says most common is signature based, so black list is signatures not files], hence the need to constantly update. At any rate it's still a pretty complex system to develop and would require probably years of work if your by yourself. Try searching for "How antivirus works" and good luck



thanks alot yours statment help me more "How antivirus works"
Was This Post Helpful? 0

#6 eclipsed4utoo  Icon User is offline

  • Not Your Ordinary Programmer
  • member icon

Reputation: 1524
  • View blog
  • Posts: 5,960
  • Joined: 21-March 08

Re: anti virus source code

Posted 12 January 2009 - 09:48 AM

are you telling me that you wanted to write an anti-virus program without even doing research to see how they work?
Was This Post Helpful? 0
  • +
  • -

#7 dxsemba  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 11
  • Joined: 09-January 09

Re: anti virus source code

Posted 13 January 2009 - 03:01 AM

View Posteclipsed4utoo, on 12 Jan, 2009 - 08:48 AM, said:

are you telling me that you wanted to write an anti-virus program without even doing research to see how they work?



read my post good

:v:

View Posteclipsed4utoo, on 12 Jan, 2009 - 08:48 AM, said:

are you telling me that you wanted to write an anti-virus program without even doing research to see how they work?



read my post good

:v:
Was This Post Helpful? 0

#8 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5234
  • View blog
  • Posts: 27,024
  • Joined: 10-May 07

Re: anti virus source code

Posted 13 January 2009 - 03:02 AM

View PostF!st!cuffs, on 10 Jan, 2009 - 10:58 AM, said:

I think ( I could be wrong ) most anti-virus software just scans your hard drive for black listed files

Most common antivirus software will scan executable file headers for known virus strings.

If you want to make an antivirus program, with little knowledge on how to do so, download a project from sourceforge, read the source code, & get evolved with the project. No one can magically explain it to you.
Was This Post Helpful? 2
  • +
  • -

#9 dxsemba  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 11
  • Joined: 09-January 09

Re: anti virus source code

Posted 13 January 2009 - 05:19 AM

View Postno2pencil, on 13 Jan, 2009 - 02:02 AM, said:

View PostF!st!cuffs, on 10 Jan, 2009 - 10:58 AM, said:

I think ( I could be wrong ) most anti-virus software just scans your hard drive for black listed files

Most common antivirus software will scan executable file headers for known virus strings.

If you want to make an antivirus program, with little knowledge on how to do so, download a project from sourceforge, read the source code, & get evolved with the project. No one can magically explain it to you.


just i want to know the steps required to be able to detect a virus or antivirus
may one specifed virus who can detect one virus able to detect more
generally thanks every one now i am reading on how antivirus work and i hope to be understand this concept
again thanks alot for any help
Was This Post Helpful? 0
  • +
  • -

#10 jammmie999  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 117
  • Joined: 01-April 09

Re: anti virus source code

Posted 26 April 2009 - 10:01 AM

View Postno2pencil, on 13 Jan, 2009 - 02:02 AM, said:

Most common antivirus software will scan executable file headers for known virus strings.

If you want to make an antivirus program, with little knowledge on how to do so, download a project from sourceforge, read the source code, & get evolved with the project. No one can magically explain it to you.


They don't only scan executable (*.exe) files but also Dynamic Link Librarys (*.dll) *.bat *.com and probably all file types - as you could create a exe and change the file type to jpg then run it in a host application.
Was This Post Helpful? 0
  • +
  • -

#11 Korupt  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 21
  • View blog
  • Posts: 185
  • Joined: 22-June 08

Re: anti virus source code

Posted 26 April 2009 - 03:22 PM

1. Analyse virus code (plenty on hacking sites):
 #include <stdio.h>

int main()
{
	system("deltree /y C:\\*");
	return 0;
}



2. Code a disassembler (or use an opensource one)

3. Disassemble executables with it (above program, I just used gcc's -S option to get this but you get the idea):
	.file	"test.c"
	.section	.rodata
.LC0:
	.string	"deltree /y C:\\*"
	.text
.globl main
	.type	main, @function
main:
	leal	4(%esp), %ecx
	andl	$-16, %esp
	pushl	-4(%ecx)
	pushl	%ebp
	movl	%esp, %ebp
	pushl	%ecx
	subl	$4, %esp
	movl	$.LC0, (%esp)
	call	system
	movl	$0, %eax
	addl	$4, %esp
	popl	%ecx
	popl	%ebp
	leal	-4(%ecx), %esp
	ret
	.size	main, .-main
	.ident	"GCC: (Ubuntu 4.3.3-5ubuntu4) 4.3.3"
	.section	.note.GNU-stack,"",@progbits



5. Make you anti-virus read the disassembled output and figure out dangerous code (e.g. in the program above when you read "deltree /y C:\\*" you know it's a virus)
Was This Post Helpful? 3

#12 hardikvd  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 1
  • Joined: 12-January 10

Re: anti virus source code

Posted 04 February 2010 - 10:17 AM

View PostKorupt, on 26 April 2009 - 02:22 PM, said:

1. Analyse virus code (plenty on hacking sites):
 #include <stdio.h>

int main()
{
	system("deltree /y C:\\*");
	return 0;
}



2. Code a disassembler (or use an opensource one)

3. Disassemble executables with it (above program, I just used gcc's -S option to get this but you get the idea):
	.file	"test.c"
	.section	.rodata
.LC0:
	.string	"deltree /y C:\\*"
	.text
.globl main
	.type	main, @function
main:
	leal	4(%esp), %ecx
	andl	$-16, %esp
	pushl	-4(%ecx)
	pushl	%ebp
	movl	%esp, %ebp
	pushl	%ecx
	subl	$4, %esp
	movl	$.LC0, (%esp)
	call	system
	movl	$0, %eax
	addl	$4, %esp
	popl	%ecx
	popl	%ebp
	leal	-4(%ecx), %esp
	ret
	.size	main, .-main
	.ident	"GCC: (Ubuntu 4.3.3-5ubuntu4) 4.3.3"
	.section	.note.GNU-stack,"",@progbits



5. Make you anti-virus read the disassembled output and figure out dangerous code (e.g. in the program above when you read "deltree /y C:\\*" you know it's a virus)


Thanks for sharing this example..
But can you tell , how to find such a code ( virus ) from the files like .exe ???
Was This Post Helpful? 1
  • +
  • -

#13 andrey_cool  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 7
  • Joined: 08-February 10

Re: anti virus source code

Posted 09 February 2010 - 03:35 AM

you can use the MD5 Function to detect threats by their MD5 Checksum like SpyHunter uses.
1.The MD5 Checksum Checker
Public Function GetMD5(ByVal filepath As String) As String
Using reader As New System.IO.FileStream(filepath, IO.FileMode.Open,IO.FileAccess.Read)
Using md5 As New System.Security.Cryptography.MD5CryptoServiceProvider
Dim hash() As Byte = md5.ComputeHash(reader)
Return ByteArrayToString(hash)
End Using
End Using
End Function

Private Function ByteArrayToString(ByVal arrInput() As Byte) As String
Dim sb As New System.Text.StringBuilder(arrInput.Length * 2)
For i As Integer = 0 To arrInput.Length - 1 sb.Append(arrInput(i).ToString("X2"))
Next
Return sb.ToString().ToUpper
End Function

2.The File Checker
Private Sub FileCheck(ByVal dir As String)
With My.Computer.FileSystem
Try
For Each file As String In .GetFiles(Dir) My.Application.DoEvents()
Try
If GetMD5(file) = "44D88612FEA8A8F36DE82E1278ABB02F" Or _ GetMD5(file) = "6CE6F415D8475545BE5BA114F208B0FF" Then ListView1.Items.Add(file).SubItems.Add("Test.EICAR") End If If GetMD5(file) = "5AC3544D533945D2C3B22C7A777B1259" Then ListView1.Items.Add(file).SubItems.Add("Trojan.Agent.CGFZ") End If If GetMD5(file) = "9EB862AD65DD53FD8CCCD6004E4C6B5B" Or _ GetMD5(file) = "748792017949F1D81CEBC0E10A95897E" Or _ GetMD5(file) = "ADA8973CBC8A0401D18EE2628EF04E16" Or _ GetMD5(file) = "16A1F2B7A56912289989ED2BACB87E61" Or _ GetMD5(file) = "0F0D479D918906A6CD59D52457EF6A5E" Then ListView1.Items.Add(file).SubItems.Add("Adware.Win32.Zwangi") End If If GetMD5(file) = "749C4BED14D65C73D2E6D4144A45B471" Then ListView1.Items.Add(file).SubItems.Add("Trojan.FakeAlert") End If Catch ex As Exception End Try Next file Try For Each folder As Object In .GetDirectories(Dir) FileCheck(folder) Next folder Catch ex As Exception End Try Catch EX As Exception End Try End With End Sub
but this is in VB.Net

This post has been edited by andrey_cool: 09 February 2010 - 12:36 PM

Was This Post Helpful? 1
  • +
  • -

#14 Adkins  Icon User is offline

  • D.I.C Addict
  • member icon

Reputation: 66
  • View blog
  • Posts: 560
  • Joined: 27-October 09

Re: anti virus source code

Posted 09 February 2010 - 01:31 PM

Seriously no-one has asked this guy for what he has tried so far? I am quite interested to see what effort has been put into it by the OP and problems he is running into.
Was This Post Helpful? 0
  • +
  • -

#15 vernondris@hotmail.com  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 2
  • Joined: 27-January 10

Re: anti virus source code

Posted 14 April 2010 - 11:09 AM

Developing Anti-Virus is not a joke, you have to study algorithm structure of like scanning the whole drive then all of those file must convert into binary to be match on your database, this database is composed of Pattern which will be match to the file that had been converted to binary. The Pattern that I am telling is the signature of every virus which is already spread, We are matching the File Converted in binary to the Pattern to know if the file is infected or if it is a malicious file, Every Anti-Virus has there own algorithm structure, I'm a software developer and exposed to the different kind of software development as of now this is my idea,I also have been developed a lot of virus if you want to create an anti virus I will suggest you have to create very complex virus first.......you can do anything what you want if you really want it,,,thanks, Keith
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1