GianAutoitprogrammer Posted April 16, 2011 Share Posted April 16, 2011 Hellow How to create a MD5 Virus Scanner in autoit that uses MD5 Hash Codes using the MD5.dll or Advapi32.dll I need codes... Tnx in advance... Link to comment Share on other sites More sharing options...
JScript Posted April 16, 2011 Share Posted April 16, 2011 HellowHow to create a MD5 Virus Scanner in autoit that uses MD5 Hash Codesusing the MD5.dll or Advapi32.dllI need codes...Tnx in advance... You even tried writing something?You asked the right question, but expect for someone will write a code for you...Try writing something and post here, so we can help you! http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!) Somewhere Out ThereJames Ingram Download Dropbox - Simplify your life!Your virtual HD wherever you go, anywhere! Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 16, 2011 Author Share Posted April 16, 2011 ok Link to comment Share on other sites More sharing options...
AdmiralAlkex Posted April 16, 2011 Share Posted April 16, 2011 Helpfile > Encryption Management .Some of my scripts: ShiftER, Codec-Control, Resolution switcher for HTC ShiftSome of my UDFs: SDL UDF, SetDefaultDllDirectories, Converting GDI+ Bitmap/Image to SDL Surface Link to comment Share on other sites More sharing options...
Skitty Posted April 16, 2011 Share Posted April 16, 2011 (edited) Hellow How to create a MD5 Virus Scanner in autoit that uses MD5 Hash Codes using the MD5.dll or Advapi32.dll I need codes... Tnx in advance... I was playing around with that idea a few days ago, this should give you a good start. expandcollapse popup#include<Crypt.au3> Global $Exclusions = "Svchost.exe,explorer.exe"; Exclude file names Global $ExclusionsByExt = "ini" ; Exclude file extensions _Crypt_Startup() If not FileExists(@DesktopDir & "\Hash.ini") Then _ScanNetwork() Else _ScanNetwork(True) EndIf _Crypt_Shutdown() Func _ScanNetwork($State = False) If $State = False Then _Scan(@HomeDrive) ElseIf $State = True Then _Anulyze(IniReadSection(@DesktopDir & "\Hash.ini", "EXE Values")) _Anulyze(IniReadSection(@DesktopDir & "\Hash.ini", "DLL Values")) _Anulyze(IniReadSection(@DesktopDir & "\Hash.ini", "BAT Values")) _Anulyze(IniReadSection(@DesktopDir & "\Hash.ini", "SCR Values")) _Anulyze(IniReadSection(@DesktopDir & "\Hash.ini", "MSI Values")) Else MsgBox(16,"","Error") EndIf EndFunc Func _Scan($SourceFolder) Local $File Local $Search $Search = FileFindFirstFile($SourceFolder & "\*.*") If $Search = -1 Then Return While 1 $File = FileFindNextFile($Search) If @error = 1 Then ExitLoop If @extended = 1 Then _Scan($SourceFolder & "\" & $File) Else _Xzamin($SourceFolder & "\" & $File) EndIf WEnd FileClose($Search) EndFunc ;==>_SCANSYSTEM Func _Xzamin($File) Local $S=StringSplit($File,"\",2) Local $i=UBound($S) - 1 Local $S2=StringSplit($S[$i],".",2) Local $I2=UBound($S2) - 1 If StringInStr($Exclusions,$S[$i]) Then Return 1; exclusions ~ If Not StringInStr($ExclusionsByExt,$S2[$I2]) Then Return 1; exclusions ~ If Round(FileGetSize($File)/1048576,2) > 2 Then Return 1;exclude files bigger than 2mb... Local $FO=FileOpen($File) If @error Then Return @error Local $FR=FileRead($FO) IniWrite(@DesktopDir & "\Hash.ini",$S2[$I2]&" Values",$File,_Crypt_HashData($FR,$CALG_MD5)&"*"&FileGetTime($File,0,1)) FileClose($FO) Return 1 EndFunc Func _Anulyze($Var) If not IsArray($Var) Then Return $i = 0 Do $i += 1 ToolTip("PROCESSING: "&$var[$i][0]) Local $FZ=FileGetTime($var[$i][0],0,1) Local $S1=StringSplit($var[$i][1],"*",2) Local $I1=UBound($S1) - 1 Local $IH=StringSplit($var[$i][1],"*",2) Local $FH=UBound($S1) - 2 If $FZ <> $S1[$I1] Then If Not $FZ = 0 Then MsgBox(0,$var[$i][0],"Before:"&$S1[$I1]&@CRLF&"AFTER:"&FileGetTime($var[$i][0],0,1)) EndIf EndIf Local $FO=FileOpen($var[$i][0]) Local $FR=FileRead($FO) If _Crypt_HashData($FR,$CALG_MD5) <> $IH[$FH] Then MsgBox(0,_Crypt_HashData($FR,$CALG_MD5),$IH[$FH]) EndIf FileClose($FO) Until $i = $var[0][0] MsgBox(0,"","exiting") EndFunc Edit: What this does is create an ini file on first run, the second time you run it, it checks if the scanned files hash has changed. I just found out about SQLite support in Autoit, I'll make another version later that stores all data in a database file, Why?, cause ini files only return 250kb (or something like that) in data and the hash scanning script will not rescan all files that were hash'd. Edited April 17, 2011 by System238 Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 16, 2011 Author Share Posted April 16, 2011 @System238 Thanks Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 16, 2011 Author Share Posted April 16, 2011 @Jscript Here is my code, this code will search for the files I mean scan the files for virus infections: $search = FileFindFirstFile(@Systemdir & "\*.*") ; Check if the search was successful If $search = -1 Then MsgBox(0, "Error", "No files/directories matched the search pattern") Exit EndIf While 1 $file = FileFindNextFile($search) If @error Then ExitLoop ToolTip($file,0,0,"Scanning...",1) WEnd ; Close the search handle FileClose($search) I dont know how to hash the file(s) and save it and then notify the files if their hash changed... and even scan for the virus hash code Hash Code MD5: EICAR TEst Code: MD5 Code: E7E5FA40569514EC442BBDF755D89C2F ... Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 16, 2011 Author Share Posted April 16, 2011 @AdmiralAlkex I dont know how to use the Encryption Management or the _Crypt_HashFile & _Crypt_HashData to create the MD5 Virus Scanner thats why I need help right Link to comment Share on other sites More sharing options...
ChrisL Posted April 16, 2011 Share Posted April 16, 2011 (edited) This will get you the hashes but it will not be very fast. Also you need to think about what you are comparing the hashes against. expandcollapse popup#include <Crypt.au3> #include <Array.au3> ;Just used for _ArrrayDisplay _Crypt_Startup() Local $aSystemDirHash[1][2] _FileSearch_GenerateMD5Hash(@systemDir, $aSystemDirHash, 0) _ArrayDisplay($aSystemDirHash,"SystemDir Hashes") _Crypt_Shutdown() Func _FileSearch_GenerateMD5Hash($sourceDirectory, Byref $aArray, $recursive = 1) If NOT IsArray($aArray) then Dim $aArray[1][2] = [[0,""]] Local $search = FileFindFirstFile($sourceDirectory & "\*") Local $file, $ubound, $timer While 1 $file = FileFindNextFile($search) If @error then ExitLoop If StringInStr(FileGetAttrib($sourceDirectory & "\" & $file),"D") then If $recursive = 1 then _FileSearch_GenerateMD5Hash($sourceDirectory & "\" & $file, $aArray, $recursive) Else $ubound = UBound($aArray) $aArray[0][0] = $ubound ReDim $aArray[$ubound +1][2] $aArray[$ubound][0] = $sourceDirectory & "\" & $file $timer = TimerInit() $aArray[$ubound][1] = _Crypt_HashFile($sourceDirectory & "\" & $file,$CALG_MD5) ConsoleWrite("Time: " & Round(TimerDiff($timer),2) & "ms " & $aArray[$ubound][0] & " - " & $aArray[$ubound][1] & @crlf) EndIf WEnd FileClose($search) EndFunc Edited April 16, 2011 by ChrisL [u]Scripts[/u]Minimize gui to systray _ Fail safe source recoveryMsgbox UDF _ _procwatch() Stop your app from being closedLicensed/Trial software system _ Buffering Hotkeys_SQL.au3 ADODB.Connection _ Search 2d Arrays_SplashTextWithGraphicOn() _ Adjust Screen GammaTransparent Controls _ Eventlogs without the crap_GuiCtrlCreateFlash() _ Simple Interscript communication[u]Websites[/u]Curious Campers VW Hightops Lambert Plant Hire Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 16, 2011 Author Share Posted April 16, 2011 @ChrisL Thanks for your help Link to comment Share on other sites More sharing options...
JScript Posted April 16, 2011 Share Posted April 16, 2011 @Jscript(...)I dont know how to hash the file(s) and save it and then notify the files if their hash changed... and even scan for the virus hash codeHash Code MD5:EICAR TEst Code: MD5 Code: E7E5FA40569514EC442BBDF755D89C2F... Well, I'll be honest: today there are several companies who are waging a real battle digital.With programs getting better and faster but still new virus is born every minute and I guarantee you that if it were so simple, does not have to worry about viruses and other digital pests.There was a time when I had your same thought: to make an antivirus, but it was a waste of time! Time when I could have done better things...The road is long, if you really want to pursue, I suggest you study hard about it before going wasting your time.Good luck!!! http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!) Somewhere Out ThereJames Ingram Download Dropbox - Simplify your life!Your virtual HD wherever you go, anywhere! Link to comment Share on other sites More sharing options...
Skitty Posted April 17, 2011 Share Posted April 17, 2011 Here's a better version. This one uses SQlite to store all its data. On first run, it'll generate a database. on second run, it checks to see if a file has changed. You can use this to make sure system files aren't changed. expandcollapse popup#include<Crypt.au3> #include<SQLite.au3> #include<SQLite.dll.au3> ;Global $Exclusions = "Svchost.exe,explorer.exe" ; Exclude files by name... ;Global $ExclusionsByExt = "ini,exe,scr,bat,msi,dll" ; Only scan by these file extensions... Global $DB, $Size = 20 ; file larger than 20mb are not scanned... _Crypt_Startup() _SQLite_Startup() If Not FileExists(@ScriptDir&"\DataBase.db") Then $DB=_SQLite_Open(@ScriptDir&"\DataBase.db") _SQLite_Exec($DB,"CREATE TABLE DataBase (Adress,Val1,Val2,Val3,Val4,Val5);") _Process() Else $DB=_SQLite_Open(@ScriptDir&"\DataBase.db") _Process(True) EndIf _SQLite_Shutdown() _Crypt_Shutdown() Func _Process($State = False) If $State = False Then _Scan(@HomeDrive) ElseIf $State = True Then _Anulyze() Else MsgBox(16,"","Error") EndIf EndFunc Func _Scan($SourceFolder) Local $File Local $Search $Search = FileFindFirstFile($SourceFolder & "\*.*") If $Search = -1 Then Return While 1 $File = FileFindNextFile($Search) If @error = 1 Then ExitLoop If @extended = 1 Then _Scan($SourceFolder & "\" & $File) Else ;ToolTip("PROCESSING: "&$SourceFolder & "\" & $File) _Xzamin($SourceFolder & "\" & $File) EndIf WEnd FileClose($Search) EndFunc ;==>_SCANSYSTEM Func _Xzamin($File) Local $S=StringSplit($File,"\",2) Local $i=UBound($S) - 1 Local $S2=StringSplit($S[$i],".",2) Local $I2=UBound($S2) - 1 ;If StringInStr($Exclusions,$S[$i]) Then Return 1; exclusions ~ ;If Not StringInStr($ExclusionsByExt,$S2[$I2]) Then Return 1; exclusions ~ If Round(FileGetSize($File)/1048576,2) > $Size Then Return 1 Local $FO=FileOpen($File) If @error Then _DataAddEx("DataBase",FileGetShortName($File),"Error opening file") Return 1 EndIf Local $FR=FileRead($FO) _DataAddEx("DataBase", _ FileGetShortName($File), _ _Crypt_HashData($FR,$CALG_MD5), _ FileGetTime($File,0,1), _ FileGetSize($File), _ FileGetAttrib($File), _ @YEAR&"/"&@Mon&"/"&@MDAY) FileClose($FO) Return 1 EndFunc Func _Anulyze() Local $hQuery, $aRow, $sMsg _SQlite_Query (-1, "SELECT * FROM DataBase;", $hQuery) ; the query While _SQLite_FetchData ($hQuery, $aRow) = $SQLITE_OK ToolTip("PROCESSING: "&$aRow[0]) $Ar=_DataQueryEx("DataBase",$aRow[0],True) If IsArray($Ar) Then Local $FO=FileOpen($Ar[0]) Local $FR=FileRead($FO) If _Crypt_HashData($FR,$CALG_MD5) <> $Ar[1] Then MsgBox(0,"Statistics","===File Change Information==="& @CRLF & _ "File.......................... "& FileGetLongName($Ar[0]) & @CRLF & _ "Previouse Hash................ "& _Crypt_HashData($FR,$CALG_MD5) & @CRLF & _ "Current Hash.................. "& $Ar[1] & @CRLF & _ "Previouse Time................ "& $Ar[2] & @CRLF & _ "Current Time.................. "& FileGetTime($ar[0],0,1) & @CRLF & _ "Previouse File size........... "& $Ar[3]& "Kb" & @CRLF & _ "Current File size............. "& FileGetSize($Ar[0]) & "Kb" & @CRLF & _ "Current File size............. "& Round(FileGetSize($Ar[0])/1048576,2)& "Mb" & @CRLF & _ "Previouse file Attrib......... "& $Ar[4] & @CRLF & _ "Current File Attrib........... "& FileGetAttrib($Ar[0]) & @CRLF & _ "Scane generated on date....... "& $Ar[5]) EndIf FileClose($FO) EndIf WEnd Return 1 EndFunc Func _DataAddEx($Table,$Adress,$Val1,$Val2 = "",$Val3 = "", $Val4 = "",$Val5 = "") Local $Data _SQLite_QuerySingleRow($DB,"SELECT Adress FROM "&$Table&" WHERE Adress='"&$Adress&"'",$Data) If $Data[0] <> "" Then _SQLite_Exec($DB,"UPDATE "&$Table&" SET Val1='"&$Val1&"', Val2='"&$Val2&"', Val3='"&$Val3&"', Val4='"&$Val4&"', Val5='"&$Val5&"' WHERE Adress='"&$Adress&"'") Else _SQLite_Exec($DB,"INSERT INTO "&$Table&" (Adress,Val1,Val2,Val3,Val4,Val5) VALUES ('"&$Adress&"','"&$Val1&"','"&$Val2&"','"&$Val3&"','"&$Val4&"','"&$Val5&"');") EndIf EndFunc Func _DataQueryEx($Table,$Adress,$Ar = False) Local $Ret If _SQLite_QuerySingleRow($DB,"SELECT * FROM "&$Table&" WHERE Adress='"&$Adress&"'",$Ret) == $SQLITE_OK Then ; =>"*"<= means all... If $Ret[0] == "" Then Return @error Else If $Ar Then Return $Ret Return $Ret[1] EndIf EndIf EndFunc Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 18, 2011 Author Share Posted April 18, 2011 thanks system 238 :) Link to comment Share on other sites More sharing options...
GianAutoitprogrammer Posted April 19, 2011 Author Share Posted April 19, 2011 Hellow I have this code but I dont know how to erad all the virus database, I can only read one virus database Here is the code: expandcollapse popup$MD5 = FileRead(@Scriptdir & "\VirusDatabase.txt");one virus database only $FileCount = 0 $var = DriveGetDrive("all") if $MD5 <> "" Then For $i = 1 to $var[0] If DriveStatus($var[$i]) <> "NOTREADY" Then ScanFolder($var[$i]) Next MsgBox(0,"Done","Folder Scan Complete. Scanned " & $FileCount & " Files") EndIf Func ScanFolder($SourceFolder) Local $Search Local $File Local $FileAttributes Local $FullFilePath $Search = FileFindFirstFile($SourceFolder & "\*.*") While 1 If $Search = -1 Then ExitLoop EndIf $File = FileFindNextFile($Search) If @error Then ExitLoop $FullFilePath = $SourceFolder & "\" & $File $FileAttributes = FileGetAttrib($FullFilePath) If StringInStr($FileAttributes,"D") Then ScanFolder($FullFilePath) Else if FileGetSize($FullFilePath) < 3000000 Then ToolTip($FullFilePath,200,300,"Scanning...",2) if md51($FullFilePath) = $MD5 then if md51($FullFilePath) <> "0" Then LogFile($FullFilePath) FileSetAttrib($FullFilePath,"-rsh") FileDelete($FullFilePath) EndIf EndIf EndIf EndIf WEnd FileClose($Search) EndFunc Func LogFile($FileName) FileWriteLine(@ScriptDir & "\Virus Deleted.txt",$FileName) $FileCount += 1 ToolTip($FileName,0,0) EndFunc Func MD51($N) Dim $MD5Plugin Dim $FileMD5 $MD5Plugin = PluginOpen(@ScriptDir & "\MD5Hash.dll") ;Load the MD5 Hash.dll Plugin $FileMD5 = MD5Hash($N,1,True) Return $FileMD5 EndFunc Here is the virusdatbase.txt code E7E5FA40569514EC442BBDF755D89C2F ;line number 2 cannot be read ;line 3 and so on... Thats only my problem... Please download the attachment file the complete package of this code is there... If someone can correct this code my problem will be fixed...SCANNER.zip Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now