IchBistTod Posted July 12, 2009 Share Posted July 12, 2009 (edited) Okay well I want to make an anti-virus but I am stuck on two issues. 1)monitoring what a process is doing(ex what file it is writing to and what its writing to it.(For cryptors that hide a file inside to bypass scan time detection) and 2)pausing a process while I scan the exe its using. any help greatly appriciated. Edited July 12, 2009 by IchBistTod [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
IchBistTod Posted July 13, 2009 Author Share Posted July 13, 2009 **bump** [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
Andreik Posted July 13, 2009 Share Posted July 13, 2009 Answer for 2nd question: you can use NtSuspendProcess from ntdll.dll When the words fail... music speaks. Link to comment Share on other sites More sharing options...
IchBistTod Posted July 13, 2009 Author Share Posted July 13, 2009 sorry im really not all that good with dllcalls.... could you please give me the dll call i would need to use with example.exe as the process i am pausing? [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
DCCD Posted July 13, 2009 Share Posted July 13, 2009 2)pausing a process while I scan the exe its using.did you mean decompress all "EXE" files? [u][font=Arial Black]M[/font]y Blog, AVSS Parts[/u][font=Arial Black]Else[/font][font=Arial Black]L[/font]ibya Linux Users Group Link to comment Share on other sites More sharing options...
IchBistTod Posted July 13, 2009 Author Share Posted July 13, 2009 no, I mean to stop the exe from executing while its being scanned, so if its a virus it cant cause damage during the scan, and be deleted before any damage is cause. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 13, 2009 Share Posted July 13, 2009 Let this one go. It's not possible to do anything useful in autoit when it comes to antivirus since it requires a kernel driver to monitor the system in a reliable way. The main rule is, if you don't know how to do it, then it's most likely that you can't do it. If you're still interested in general process monitoring and such then check out my api hooking script in my, it only works in current process but should give some insight in the subject. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
herewasplato Posted July 14, 2009 Share Posted July 14, 2009 Let this one go. ...Now if you could just convince LittleCoderNthai:http://www.autoitscript.com/forum/index.php?app=core&module=search&do=user_posts&mid=50586:-( [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
IchBistTod Posted July 14, 2009 Author Share Posted July 14, 2009 You seem to have been here a long time. So im sorry that I mus correct you. Anything is possible in autoit, even if its via DLL's, COM Objects, and inline ASM. AutoIt is a RAD(Rapid application development) language. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
herewasplato Posted July 14, 2009 Share Posted July 14, 2009 (edited) You seem to have been here a long time.So im sorry that I mus correct you. Anything is possible in autoit, even if its via DLL's, COM Objects, and inline ASM. AutoIt is a RAD(Rapid application development) language.I'm not sure if you were talking to monoceres who is young and bright or me (old and dull). Yes, I've been using AutoIt longer than the forum join date would indicate... but that really does not matter. I only use AutoIt to do the things that I need it to do. It can do far more than I know how to make it do.monoceres, on the other hand, has a pretty good understanding of AutoIt and programming in general... far better than I.Maybe you and LittleCoderNthai should get together via PMs and work something up. I would not expect much help from those that think that AutoIt is the wrong tool for the job. Edited July 14, 2009 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size] Link to comment Share on other sites More sharing options...
trung0407 Posted July 14, 2009 Share Posted July 14, 2009 When it comes with memory reading, pointers, processes, etc... you should use C++ lol You're not gonna make a DLL call in every line of your Autoit script, are you? What Autoit lacks is pointers, if they implement it, you could do lots of things more. Link to comment Share on other sites More sharing options...
monoceres Posted July 14, 2009 Share Posted July 14, 2009 (edited) You seem to have been here a long time.So im sorry that I mus correct you. Anything is possible in autoit, even if its via DLL's, COM Objects, and inline ASM. AutoIt is a RAD(Rapid application development) language.Oh really? Write me a driver that operates in ring-0 and I stand corrected.Trying to make an anti-virus in user mode is plain stupid and bound to fail.Edit: Implementing the anti-virus part in a custom written dll does not count. Edited July 14, 2009 by monoceres Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
GodlessSinner Posted July 14, 2009 Share Posted July 14, 2009 Possible to do the follow: Write a script, that will scan your exe's, get sizes or heshes of them and write it encrypted to end of each exe. Also may to do via register an item in context menu of exe's for run it only when file checking is ok. And more difficult is to do this: -write a script that will pack exe in itself and also pack one encrypted copy of exe, and in this case file can check itself and recover if it has been infected and more... _____________________________________________________________________________ Link to comment Share on other sites More sharing options...
IchBistTod Posted July 14, 2009 Author Share Posted July 14, 2009 driver in pure autoit = fail. AutoIt can take a relativity small set of functions from a DLL made in C or C++ and link them together persay, and give them much more functionality. AutoIt can be used in conjunction with other programming languages to accomplish great things. Sorry if what i said was mis-understood. I was here looking for pre created DLLs to save some work. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
IchBistTod Posted July 14, 2009 Author Share Posted July 14, 2009 (edited) and from observation of LittleCoderNthai's posts, he seems to be about 12 or 13(or from India, as people from India that I have talked to on the internet always seem about 12 or 13 even if they are in their 30;s) He has no knowledge of autoit what-so-ever, he lies so he seems smarter than he really is, and he asks questions for every step of the way, while I was asking for just two solutions, one of witch I found, and should be able to use as soon as figure out its DLL call. And no, I'm not against Indians, I am sure other countries have a large group of people that sound 12-13 regardless of age as well, I however have not encountered them. The last time I had a partner, he took the completely useless source code I gave him(I told him it was the project) and tried to blackmail me and sell it, without even knowing what it was...... This guy gives off that same kinda person vibe. Edited July 14, 2009 by IchBistTod [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
IchBistTod Posted July 14, 2009 Author Share Posted July 14, 2009 (edited) In autoit, with the basic functions and windows DLL's it is possible to do all of the following1.Get a process's full path2.stop the process from executing3.scan the binary against a database, and hash's against a database4.create virus signatures and hashes and add them to a database5.kill infected processes and delete their EXE and find/kill all of its child processes and delete their EXEs6.unhook handles on files7.create backups of the registry, and all files on the hard drive that can later be used to restore the system8.More things, that I don't feel like writing...but you get the hint.Edit:Oh and by the way, I never said it was possible to make a Driver in autoit, I said it was possible to make anything WITH THE USE OF DLL Calls, COM Objects and Inline ASM Edited July 14, 2009 by IchBistTod [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now