SoyArcano Posted May 31, 2017 Share Posted May 31, 2017 i want to make a antivirus in autoit with follow features. 1, process monitoring 2. behavior blocker. 3. use NtCreateProcess/Ex from kernel-mode to monitor process execution. IAT hooking. Look into hooking: - NtCreateThreadEx - hook this to block injection but you need to check parameters in the callback function to filter real injection attacks in case the program is just creating a new thread within its process - NtAllocateVirtualMemory/NtWriteVirtualMemory - if these two functions are used on a specific process (get PID of process being targeted) and then it calls NtCreateThreadEx on that same process = injection attack - NtGetContextThread/NtSetContextThread - look out for usage of these after process execution has been performed via NtCreateUserProcess and that same process has been suspended (main thread -> NtSuspendThread) = indicator of dynamic forking - NtWriteFile - hook and filter for hosts file, browser config files, etc. Alternatively use a file system mini-filter which is more efficient and secure - NtSetValueKey - hook this and other registry functions and filter for UAC/SmartScreen/Windows Firewall/Windows Defender settings and also Run/RunOnce locations, you can check other areas too. Alternatively use a kernel-mode callback which is more secure and efficient ... ETC ... it's possible? Link to comment Share on other sites More sharing options...
Danyfirex Posted May 31, 2017 Share Posted May 31, 2017 Hello. We do not support these kind of stuff. Avoid using AutoIt for that. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut Link to comment Share on other sites More sharing options...
SoyArcano Posted May 31, 2017 Author Share Posted May 31, 2017 13 minutes ago, Danyfirex said: Hello. We do not support these kind of stuff. Avoid using AutoIt for that. Saludos which class of stuff? an antivirus is legal is nothing bad idk why you say this stuff? this go against the rules? Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted May 31, 2017 Moderators Share Posted May 31, 2017 SoyArcano, AutoIt is most definitely NOT the language for building anti-virus apps. Thread closed to prevent further waste of bandwidth. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Recommended Posts