Reference to Sir Sergey Alexandrovich Kryukov's answer
refer here[
^]
I came to know that there is no difference between a normal executable which installs and a portable executable.I have several doubts on it and as per Sir Sergey Alexandrovich Kryukov's suggestion I posted this as a separate question.
Doubt 1:
If a portable executable can be copied in a USB/SD card then how to make a licence?
For example:
If my software needs to be purchased for a required period and an user buys for an year since my executable is portable after buying my software an user could copy the portable executable and can make it to run on another computer.So how can I prevent this?
Doubt 2:
I am still learning Win32 but I have knowledge in console application.
How could I change the settings?
For example:
If my software does some disk cleaning and has several options like cleaning recycle bin, Temporary files, etc., If an user ticks the recycle bin the cleaner will clean recycle bin and the user's option is usually saved so every time on opening the executable it remembers the users choice and does its work according to it.But for a portable executable it usually opens as like a new program.
Doubt 3:[Up-date]
Here is a brief explanation of doubt 3.
I did want to create an antivirus.
A short explanation of What I have tried/learned/researched so far in my 5 months of programming experience:
1. C++ is the best language to create an antivirus because it is faster than any other languages but I see several open source projects programmed using Python so I started learning python.
2. There are two techniques for analyzing a malware static(analyzing by not opening an executable) and dynamic(opposite to static).[I am quiet well aware of the two techniques]
3. for dynamic analysis I have downloaded various analyzer tools like PE studio, CFF exploresr, OllyDbg, etc.,(IDA pro is a very good tool by have less money since I am a student of only 17 years)
4. Learned some basic functions of assembly like jumping, calling. I know advanced functions are required but I am learning assembly.
5. Brought a new laptop at a cheap rate.(intel processor, windows) Because I have no faith on virtual machines.
6. I have a good general knowledge in Cyber security, cryptography, etc.,
7. I have knowledge of how threats work.(will be explained in the second section).
8. Learned some concepts in English like proper capitalization, requesting, conversing to an experienced person which is highly useful for getting what I need for Google and also from others.[but this is not up-to the level]
You may ask why Have I explained this to you. I explained this because I will not get any answers like "You have not even done single research and came here to ask this question" and to make some difference between a newbie programmer who asks "How to program an antivirus?" and to avoid down-voting(further).
So here is my problem:
1. Browser hijackers are stable(That is they will not change its position i.e will get located on a single folder). So using SHA-512(MD-5 is enough) algorithm and comparing the hash values we could easily identify the browser hijackers.
2. The same principle would be applied for rouge security software.
Here is where I struck:
1. while a Trojan,keylogger gets it location changed.It may spread through an infected USB/SD cards etc.,
so how do I enable a real time monitoring for finding these threats?I know hash algorithms are useless here.
2. Could you please give me some links/keywords in C/C++ which is related to working on internet.Since my English is poor I'll try to explain this:
C++ functions to access the webpage, download for a webpage(for updating) like this.Just keywords is enough.
Kindly help me with this. This is what I have learned in 5 months.
If I have missed anything kindly notify me.
My sincere Thank you to all who has helped me.