Click here to Skip to main content
15,906,329 members
Please Sign up or sign in to vote.
1.80/5 (5 votes)
See more:
Hi there,
I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it's too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:

"How can I read from EXE files fastly?"

I hope that was clear enough!

Here is my code:
VB
Imports System
Imports System.IO
Imports System.Threading
Public Class Form1
    Dim thread As New Thread(AddressOf RW_EXE)
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Label1.Text = ""
    End Sub
 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        With OpenFileDialog1
            If .ShowDialog() = Windows.Forms.DialogResult.OK Then
                thread.IsBackground = True
                Control.CheckForIllegalCrossThreadCalls = False
                thread.Start()
            End If
        End With
    End Sub
    Sub RW_EXE()
        TextBox1.Text = ""
        Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
        Dim BS As New BinaryReader(FS)
        Dim x As Integer = BS.BaseStream.Position
        Dim y As Integer = BS.BaseStream.Length
        Dim s As String = ""
        While x < y
            s &= BS.ReadByte.ToString("X") & " "
            Label1.Text = x & " from " & y - 1
            x += 1
        End While
        TextBox1.Text = s
        FS.Close()
        BS.Close()
        thread.Abort()
    End Sub
End Class 


As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it's a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).

Is this clear enough?
Posted
Updated 27-Jan-12 3:17am
v5
Comments
Sergey Alexandrovich Kryukov 14-Jan-12 13:08pm    
And we would need explanation: why, what's the idea?
--SA
[no name] 27-Jan-12 6:35am    
The idea is to get the signature of the viures
Manfred Rudolf Bihy 27-Jan-12 6:54am    
Moved code from non-solution to OP's question.
[no name] 27-Jan-12 6:58am    
Do you have a solution to this little problem???!!
Simon_Whale 27-Jan-12 7:27am    
at present my inital comments would be you have terrible variable names, for example what does x, y and s do? a few comments in your code would help us understand what your rountines are trying to do.

Two rules apply:

1) Don't write exe files in VB.
2) See (1).

Unless you know what you are doing, you will (a) mess things up and (b) be rightly treated as a virus.

Why do you want to do that?
 
Share this answer
 
Comments
[no name] 18-Jan-12 3:08am    
Well.....
I am working in an antivirus program and I must learn how to read the hole EXE file so I can get a signature from it...........
If you're trying to read the information in an .EXE file, download and read this[^]. It's pretty complex so I hope your experience is beyond reading/writing text files.
 
Share this answer
 
Comments
[no name] 18-Jan-12 3:12am    
The problem is I have already make a EXE reader but it to slow I must wait for half hours some to times to complete.....
And a have googled for EXE readers and found many programs such as ollydbg and this program read so fast .... why my program too slow?
i hope you have answer
Dave Kreskowiak 18-Jan-12 8:13am    
Why?? How are we going to know that since you haven't told us ANYTHING about how you're reading these files?? All can we can tell you is that you wrote VERY inefficient code if it's taking you a half hour to read a single file.
[no name] 21-Jan-12 16:48pm    
You still not helping me..........
plezzzzzzzzzzz I need help
Dave Kreskowiak 21-Jan-12 18:54pm    
I've given you what I can given the VERY tiny amount of information you've provided. Without YOU showing US what you've written and what you want the code to do and the performance you want out of it, it's impossible to tell you anynthing more.

The quality of the answers you get is directly dictated by the quality of the questions you ask.
Dave Kreskowiak 27-Jan-12 13:55pm    
Look at what you're doing. You're reading a single byte from the file then adding it to a textbox, ONE BYTE AT A TIME. Since strings (the TextBox.Text property gets/sets a string value) are immutable (cannot be changed once created) you are literally creating a new string, copying the old text from the textbox to it, then appending a single character and setting the textbox.text property to this new string on EVERY SINGLE BYTE YOU READ FROM THE FILE! Now wonder it takes forever for you to read the file.
 
Share this answer
 
Comments
[no name] 27-Jan-12 6:38am    
my man the page is not found!!!!
fjdiewornncalwe 27-Jan-12 9:56am    
The link works fine for me. Perhaps it is blocked where you are.
[no name] 28-Jan-12 1:43am    
this is the message I had when I opened the page:
"Page Not Found
We're sorry, but the page you requested could not be found. Please check your typing and try again, or use the search options on this page.
"
[no name] 30-Jan-12 10:06am    
Can you give me another link??? ^_^
Solution

VB
Public Sub DoSomthing()
Dim sbStringBuilder As New StringBuilder

sbStringBuilder.Append(File.ReadAllText(Path))
GoThrough(sbStringBuilder.ToString)
End Sub

Public Function GoThrough(byval Chars() As Char) As Boolean

For i As long = 0 To Ubound(Chars)
    If Chars(i) = Something Then
        Return False
    End If
Next

return True
End Function

' Depending on what you want to do, but looks like you need to learn the basic's before you can write a Virus Protection Software (if you can even make a simple function to read) BTW writing to a textbox.text to store data is a very big waste of time, not only are you duplicating you data but you are telling the window to use there buffer...
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900