SoyArcano

make an anti-virus

4 posts in this topic

#1 ·  Posted

i want to make a antivirus in autoit with follow features.

1, process monitoring

2. behavior blocker.

3. use NtCreateProcess/Ex from kernel-mode to monitor process execution.

IAT hooking. Look into hooking:

- NtCreateThreadEx - hook this to block injection but you need to check parameters in the callback function to filter real injection attacks in case the program is just creating a new thread within its process

- NtAllocateVirtualMemory/NtWriteVirtualMemory - if these two functions are used on a specific process (get PID of process being targeted) and then it calls NtCreateThreadEx on that same process = injection attack

- NtGetContextThread/NtSetContextThread - look out for usage of these after process execution has been performed via NtCreateUserProcess and that same process has been suspended (main thread -> NtSuspendThread) = indicator of dynamic forking - NtWriteFile - hook and filter for hosts file, browser config files, etc. Alternatively use a file system mini-filter which is more efficient and secure

- NtSetValueKey - hook this and other registry functions and filter for UAC/SmartScreen/Windows Firewall/Windows Defender settings and also Run/RunOnce locations, you can check other areas too. Alternatively use a kernel-mode callback which is more secure and efficient

... ETC ... 

it's possible?

Share this post


Link to post
Share on other sites



#2 ·  Posted

Hello. We do not support these kind of stuff.

Avoid using AutoIt for that.

 

Saludos

 

Share this post


Link to post
Share on other sites

#3 ·  Posted

13 minutes ago, Danyfirex said:

Hello. We do not support these kind of stuff.

Avoid using AutoIt for that.

 

Saludos

 

which class of stuff? an antivirus is legal is nothing bad idk why you say this stuff? this go against the rules?

Share this post


Link to post
Share on other sites

#4 ·  Posted

SoyArcano,

AutoIt is most definitely NOT the language for building anti-virus apps. Thread closed to prevent further waste of bandwidth.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.