I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file
that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it's too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:
"How can I read from EXE files fastly?"
I hope that was clear enough!
Here is my code:
Public Class Form1
Dim thread As New Thread(AddressOf RW_EXE)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Label1.Text = ""
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
If .ShowDialog() = Windows.Forms.DialogResult.OK Then
thread.IsBackground = True
Control.CheckForIllegalCrossThreadCalls = False
TextBox1.Text = ""
Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
Dim BS As New BinaryReader(FS)
Dim x As Integer = BS.BaseStream.Position
Dim y As Integer = BS.BaseStream.Length
Dim s As String = ""
While x < y
s &= BS.ReadByte.ToString("X") & " "
Label1.Text = x & " from " & y - 1
x += 1
TextBox1.Text = s
As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it's a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).
Is this clear enough?