Click here to Skip to main content
12,890,181 members (48,065 online)
Rate this:
Please Sign up or sign in to vote.
See more: VB VB.NET
Hi there,
I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it's too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:

"How can I read from EXE files fastly?"

I hope that was clear enough!

Here is my code:
Imports System
Imports System.IO
Imports System.Threading
Public Class Form1
    Dim thread As New Thread(AddressOf RW_EXE)
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Label1.Text = ""
    End Sub
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        With OpenFileDialog1
            If .ShowDialog() = Windows.Forms.DialogResult.OK Then
                thread.IsBackground = True
                Control.CheckForIllegalCrossThreadCalls = False
            End If
        End With
    End Sub
    Sub RW_EXE()
        TextBox1.Text = ""
        Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
        Dim BS As New BinaryReader(FS)
        Dim x As Integer = BS.BaseStream.Position
        Dim y As Integer = BS.BaseStream.Length
        Dim s As String = ""
        While x < y
            s &= BS.ReadByte.ToString("X") & " "
            Label1.Text = x & " from " & y - 1
            x += 1
        End While
        TextBox1.Text = s
    End Sub
End Class 

As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it's a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).

Is this clear enough?
Posted 14-Jan-12 1:46am
Updated 27-Jan-12 3:17am
SAKryukov 14-Jan-12 13:08pm
And we would need explanation: why, what's the idea?
Rasool Ahmed 27-Jan-12 6:35am
The idea is to get the signature of the viures
Manfred R. Bihy 27-Jan-12 6:54am
Moved code from non-solution to OP's question.
Rasool Ahmed 27-Jan-12 6:58am
Do you have a solution to this little problem???!!
Simon_Whale 27-Jan-12 7:27am
at present my inital comments would be you have terrible variable names, for example what does x, y and s do? a few comments in your code would help us understand what your rountines are trying to do.
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Two rules apply:

1) Don't write exe files in VB.
2) See (1).

Unless you know what you are doing, you will (a) mess things up and (b) be rightly treated as a virus.

Why do you want to do that?
Rasool Ahmed 18-Jan-12 3:08am
I am working in an antivirus program and I must learn how to read the hole EXE file so I can get a signature from it...........
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

If you're trying to read the information in an .EXE file, download and read this[^]. It's pretty complex so I hope your experience is beyond reading/writing text files.
Rasool Ahmed 18-Jan-12 3:12am
The problem is I have already make a EXE reader but it to slow I must wait for half hours some to times to complete.....
And a have googled for EXE readers and found many programs such as ollydbg and this program read so fast .... why my program too slow?
i hope you have answer
Dave Kreskowiak 18-Jan-12 8:13am
Why?? How are we going to know that since you haven't told us ANYTHING about how you're reading these files?? All can we can tell you is that you wrote VERY inefficient code if it's taking you a half hour to read a single file.
Rasool Ahmed 21-Jan-12 16:48pm
You still not helping me..........
plezzzzzzzzzzz I need help
Dave Kreskowiak 21-Jan-12 18:54pm
I've given you what I can given the VERY tiny amount of information you've provided. Without YOU showing US what you've written and what you want the code to do and the performance you want out of it, it's impossible to tell you anynthing more.

The quality of the answers you get is directly dictated by the quality of the questions you ask.
Dave Kreskowiak 27-Jan-12 13:55pm
Look at what you're doing. You're reading a single byte from the file then adding it to a textbox, ONE BYTE AT A TIME. Since strings (the TextBox.Text property gets/sets a string value) are immutable (cannot be changed once created) you are literally creating a new string, copying the old text from the textbox to it, then appending a single character and setting the textbox.text property to this new string on EVERY SINGLE BYTE YOU READ FROM THE FILE! Now wonder it takes forever for you to read the file.
Rasool Ahmed 28-Jan-12 1:47am
I have an idea and want to share with you,
if I have create a five threads for example! and each thread read a part from the file at the same time, is there a chance to work fast?
Dave Kreskowiak 28-Jan-12 9:42am
No. You can read an entire file in the time it takes to hand off work to a single thread.

AGAIN. You're reading a file byte-by-byte instead of reading chunks of it at a time. Reading byte-by-byte takes an awful lot of time.
Rasool Ahmed 30-Jan-12 3:05am
So, you think must read Int64 instead of read byte, I have tried this way and it's a fast but it reads the inverse of the string.
Dave Kreskowiak 30-Jan-12 8:03am
This is a virus scanner. What the hell are you checking for strings for?? You treat signatures as a block of bytes, not strings.
Rasool Ahmed 30-Jan-12 10:05am
First, I don't mean character strings.. I mean binary strings.
Second, why you want detials...!!!! only I asked is how to read and write from EXE files rapidly??!!!!! why you need detials????!!!!!
Dave Kreskowiak 30-Jan-12 10:41am
First, do not mix terminology like that. If you say String, everyone thinks a nice human-readable set of characters, not bytes.

Second, why do I want details? Because you haven't given sufficient information to answer your question specifically. The quality of the answers you get are directly dictated by the quality of the questions you ask.

I've already told you repeated where you're going wrong. Read this:
Rate this: bad
Please Sign up or sign in to vote.

Solution 4

Rasool Ahmed 27-Jan-12 6:38am
my man the page is not found!!!!
Marcus Kramer 27-Jan-12 9:56am
The link works fine for me. Perhaps it is blocked where you are.
Rasool Ahmed 28-Jan-12 1:43am
this is the message I had when I opened the page:
"Page Not Found
We're sorry, but the page you requested could not be found. Please check your typing and try again, or use the search options on this page.
Rasool Ahmed 30-Jan-12 10:06am
Can you give me another link??? ^_^
Rate this: bad
Please Sign up or sign in to vote.

Solution 5


Public Sub DoSomthing()
Dim sbStringBuilder As New StringBuilder
End Sub
Public Function GoThrough(byval Chars() As Char) As Boolean
For i As long = 0 To Ubound(Chars)
    If Chars(i) = Something Then
        Return False
    End If
return True
End Function
' Depending on what you want to do, but looks like you need to learn the basic's before you can write a Virus Protection Software (if you can even make a simple function to read) BTW writing to a textbox.text to store data is a very big waste of time, not only are you duplicating you data but you are telling the window to use there buffer...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

    Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170424.1 | Last Updated 20 Jan 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100