Jump to content

How can made safer application that is not detect by antivirus

DCCD

By DCCD,
in AutoIt General Help and Support

 Share

Recommended Posts

DCCD Universalist

DCCD

Posted
Posted

How can made safer application that is not detect by antivirus, This does not mean AutoIt Specifically, but all languages C++ VB ..etc.

[setWindowsHookEx] Function

i'd like to use this func It's probably a bad idea, but Does AV software detect this func as a threat?.

Any comments are welcome.

.

[u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group

Link to comment
Share on other sites
Manko Prodigy

Manko

Posted
Posted

Hi!

Some antivirus will detect such behavior. But since alot of software do hook functions that way, it is largely allowed...

The big problem though with hooking this way is that in worst case you will be taking away your/someoneelses virus selfprotection.

That is one of the reasons we are often adviced not to run multiple similar protection systems, with the missguided idea that protection will double/trippel or quadrouple... :)

What specifically do you want to hook and what end are you trying to achieve?

There are many other ways to achieve any one goal.

/Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites
Manko Prodigy

Manko

Posted
Posted (edited)

Hi!

Some antivirus will detect such behavior. But since alot of software do hook functions that way, it is largely allowed...

The big problem though with hooking this way is that in worst case you will be taking away your/someoneelses virus selfprotection.

That is one of the reasons we are often adviced not to run multiple similar protection systems, with the missguided idea that protection will double/trippel or quadrouple... :)

What specifically do you want to hook and what end are you trying to achieve?

There are many other ways to achieve any one goal.

/Manko

Oooops! Sorry! These are windows-messages-hooks... so long since i worked these things, so I confused things...

I REALLY don't think antivirus will be complaining much about these... Well, there's that infamous technique that injects a dll into most gui-apps... Might be stopped by some... Again, though... What do you wanna do? It can probably be done in many other ways...

Well... Sorry about the mixup...

Also, unlike the thing I was thinking of, this is safe to do.

/Manko

Edited by Manko
Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites
DCCD Universalist

DCCD

Posted
  • Author
Posted

thank you for your reply, I ask this question because If you use the FileInstall function! A lot of antivirus software will detect this func as a warm.

It does not matter if "false positive", For me, if my best friend gave me a file and my antivirus detect it as a warm i'll ask myself "why my best friend gave me a virus", about me I know it's a false positive, but what about someone that don't know much about "false positive" he'll say IT'S A VIRUS. :)

that's why i'm here i need any information about "SetWindowsHookEx" func

NB:even i don't use UPX, that's all, Thanks Again.

.

[u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group

Link to comment
Share on other sites
Manko Prodigy

Manko

Posted
Posted

that's why i'm here i need any information about "SetWindowsHookEx" func

Depends if you do malicious-like stuff...

WH_KEYBOARD_LL might be stopped by some and flagged by some... (Spyware/keylogger)

...and if you push .dll into other apps, heuristics will get known bad .dlls...

I'm NO expert on what VIRUS-proggys do or dont do though...

(Am still qurious what you're trying to do...)

/Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...