Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: VB.NET
Hi there,
I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it's too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:
 
"How can I read from EXE files fastly?"
 
I hope that was clear enough!
 
Here is my code:
Imports System
Imports System.IO
Imports System.Threading
Public Class Form1
    Dim thread As New Thread(AddressOf RW_EXE)
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Label1.Text = ""
    End Sub
 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        With OpenFileDialog1
            If .ShowDialog() = Windows.Forms.DialogResult.OK Then
                thread.IsBackground = True
                Control.CheckForIllegalCrossThreadCalls = False
                thread.Start()
            End If
        End With
    End Sub
    Sub RW_EXE()
        TextBox1.Text = ""
        Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
        Dim BS As New BinaryReader(FS)
        Dim x As Integer = BS.BaseStream.Position
        Dim y As Integer = BS.BaseStream.Length
        Dim s As String = ""
        While x < y
            s &= BS.ReadByte.ToString("X") & " "
            Label1.Text = x & " from " & y - 1
            x += 1
        End While
        TextBox1.Text = s
        FS.Close()
        BS.Close()
        thread.Abort()
    End Sub
End Class 
 
As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it's a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).
 
Is this clear enough?
Posted 14-Jan-12 2:46am
Edited 27-Jan-12 4:17am
v5
Comments
SAKryukov at 14-Jan-12 13:08pm
   
And we would need explanation: why, what's the idea?
--SA
Rasool Ahmed at 27-Jan-12 6:35am
   
The idea is to get the signature of the viures
Manfred R. Bihy at 27-Jan-12 6:54am
   
Moved code from non-solution to OP's question.
Rasool Ahmed at 27-Jan-12 6:58am
   
Do you have a solution to this little problem???!!
Simon_Whale at 27-Jan-12 7:27am
   
at present my inital comments would be you have terrible variable names, for example what does x, y and s do? a few comments in your code would help us understand what your rountines are trying to do.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Two rules apply:
 
1) Don't write exe files in VB.
2) See (1).
 
Unless you know what you are doing, you will (a) mess things up and (b) be rightly treated as a virus.
 
Why do you want to do that?
  Permalink  
Comments
Rasool Ahmed at 18-Jan-12 3:08am
   
Well.....
I am working in an antivirus program and I must learn how to read the hole EXE file so I can get a signature from it...........
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

If you're trying to read the information in an .EXE file, download and read this[^]. It's pretty complex so I hope your experience is beyond reading/writing text files.
  Permalink  
Comments
Rasool Ahmed at 18-Jan-12 3:12am
   
The problem is I have already make a EXE reader but it to slow I must wait for half hours some to times to complete.....
And a have googled for EXE readers and found many programs such as ollydbg and this program read so fast .... why my program too slow?
i hope you have answer
Dave Kreskowiak at 18-Jan-12 8:13am
   
Why?? How are we going to know that since you haven't told us ANYTHING about how you're reading these files?? All can we can tell you is that you wrote VERY inefficient code if it's taking you a half hour to read a single file.
Rasool Ahmed at 21-Jan-12 16:48pm
   
You still not helping me..........
plezzzzzzzzzzz I need help
Dave Kreskowiak at 21-Jan-12 18:54pm
   
I've given you what I can given the VERY tiny amount of information you've provided. Without YOU showing US what you've written and what you want the code to do and the performance you want out of it, it's impossible to tell you anynthing more.
 
The quality of the answers you get is directly dictated by the quality of the questions you ask.
Dave Kreskowiak at 27-Jan-12 13:55pm
   
Look at what you're doing. You're reading a single byte from the file then adding it to a textbox, ONE BYTE AT A TIME. Since strings (the TextBox.Text property gets/sets a string value) are immutable (cannot be changed once created) you are literally creating a new string, copying the old text from the textbox to it, then appending a single character and setting the textbox.text property to this new string on EVERY SINGLE BYTE YOU READ FROM THE FILE! Now wonder it takes forever for you to read the file.
Rasool Ahmed at 28-Jan-12 1:47am
   
I have an idea and want to share with you,
if I have create a five threads for example! and each thread read a part from the file at the same time, is there a chance to work fast?
Dave Kreskowiak at 28-Jan-12 9:42am
   
No. You can read an entire file in the time it takes to hand off work to a single thread.
 
AGAIN. You're reading a file byte-by-byte instead of reading chunks of it at a time. Reading byte-by-byte takes an awful lot of time.
Rasool Ahmed at 30-Jan-12 3:05am
   
So, you think must read Int64 instead of read byte, I have tried this way and it's a fast but it reads the inverse of the string.
Dave Kreskowiak at 30-Jan-12 8:03am
   
This is a virus scanner. What the hell are you checking for strings for?? You treat signatures as a block of bytes, not strings.
Rasool Ahmed at 30-Jan-12 10:05am
   
First, I don't mean character strings.. I mean binary strings.
Second, why you want detials...!!!! only I asked is how to read and write from EXE files rapidly??!!!!! why you need detials????!!!!!
Dave Kreskowiak at 30-Jan-12 10:41am
   
First, do not mix terminology like that. If you say String, everyone thinks a nice human-readable set of characters, not bytes.
 
Second, why do I want details? Because you haven't given sufficient information to answer your question specifically. The quality of the answers you get are directly dictated by the quality of the questions you ask.
 
I've already told you repeated where you're going wrong. Read this: http://msdn.microsoft.com/en-us/library/system.io.filestream.read.aspx
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 4

  Permalink  
Comments
Rasool Ahmed at 27-Jan-12 6:38am
   
my man the page is not found!!!!
Marcus Kramer at 27-Jan-12 9:56am
   
The link works fine for me. Perhaps it is blocked where you are.
Rasool Ahmed at 28-Jan-12 1:43am
   
this is the message I had when I opened the page:
"Page Not Found
We're sorry, but the page you requested could not be found. Please check your typing and try again, or use the search options on this page.
"
Rasool Ahmed at 30-Jan-12 10:06am
   
Can you give me another link??? ^_^
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 5

Solution
 
Public Sub DoSomthing()
Dim sbStringBuilder As New StringBuilder
 
sbStringBuilder.Append(File.ReadAllText(Path))
GoThrough(sbStringBuilder.ToString)
End Sub
 
Public Function GoThrough(byval Chars() As Char) As Boolean
 
For i As long = 0 To Ubound(Chars)
    If Chars(i) = Something Then
        Return False
    End If
Next
 
return True
End Function
 
' Depending on what you want to do, but looks like you need to learn the basic's before you can write a Virus Protection Software (if you can even make a simple function to read) BTW writing to a textbox.text to store data is a very big waste of time, not only are you duplicating you data but you are telling the window to use there buffer...
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 587
1 Sergey Alexandrovich Kryukov 479
2 Maciej Los 305
3 BillWoodruff 220
4 Mathew Soji 195
0 OriginalGriff 7,356
1 Sergey Alexandrovich Kryukov 6,817
2 DamithSL 5,461
3 Manas Bhardwaj 4,946
4 Maciej Los 4,475


Advertise | Privacy | Mobile
Web04 | 2.8.1411023.1 | Last Updated 20 Jan 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100