reading writing EXE files

Question

1.80/5 (5 votes)

See more:

Hi there,
I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it's too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:

"How can I read from EXE files fastly?"

I hope that was clear enough!

Here is my code:

VB

Imports System
Imports System.IO
Imports System.Threading
Public Class Form1
    Dim thread As New Thread(AddressOf RW_EXE)
    Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Label1.Text = ""
    End Sub
 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        With OpenFileDialog1
            If .ShowDialog() = Windows.Forms.DialogResult.OK Then
                thread.IsBackground = True
                Control.CheckForIllegalCrossThreadCalls = False
                thread.Start()
            End If
        End With
    End Sub
    Sub RW_EXE()
        TextBox1.Text = ""
        Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
        Dim BS As New BinaryReader(FS)
        Dim x As Integer = BS.BaseStream.Position
        Dim y As Integer = BS.BaseStream.Length
        Dim s As String = ""
        While x < y
            s &= BS.ReadByte.ToString("X") & " "
            Label1.Text = x & " from " & y - 1
            x += 1
        End While
        TextBox1.Text = s
        FS.Close()
        BS.Close()
        thread.Abort()
    End Sub
End Class

As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it's a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).

Is this clear enough?

Posted 14-Jan-12 1:46am

Rasool Ahmed

Updated 27-Jan-12 3:17am

v5

Add a Solution

Comments

Sergey Alexandrovich Kryukov 14-Jan-12 13:08pm

And we would need explanation: why, what's the idea?
--SA

[no name] 27-Jan-12 6:35am

The idea is to get the signature of the viures

Manfred Rudolf Bihy 27-Jan-12 6:54am

Moved code from non-solution to OP's question.

[no name] 27-Jan-12 6:58am

Do you have a solution to this little problem???!!

Simon_Whale 27-Jan-12 7:27am

at present my inital comments would be you have terrible variable names, for example what does x, y and s do? a few comments in your code would help us understand what your rountines are trying to do.

4 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2012-01-14T01:49:00

Solution 1

Two rules apply:

1) Don't write exe files in VB.
2) See (1).

Unless you know what you are doing, you will (a) mess things up and (b) be rightly treated as a virus.

Why do you want to do that?

Posted 14-Jan-12 1:49am

OriginalGriff

Comments

[no name] 18-Jan-12 3:08am

Well.....
I am working in an antivirus program and I must learn how to read the hole EXE file so I can get a signature from it...........

Dave Kreskowiak · Answer 2 · 2012-01-14T03:55:00

Solution 2

If you're trying to read the information in an .EXE file, download and read this[^]. It's pretty complex so I hope your experience is beyond reading/writing text files.

Posted 14-Jan-12 3:55am

Dave Kreskowiak

Comments

[no name] 18-Jan-12 3:12am

The problem is I have already make a EXE reader but it to slow I must wait for half hours some to times to complete.....
And a have googled for EXE readers and found many programs such as ollydbg and this program read so fast .... why my program too slow?
i hope you have answer

Dave Kreskowiak 18-Jan-12 8:13am

Why?? How are we going to know that since you haven't told us ANYTHING about how you're reading these files?? All can we can tell you is that you wrote VERY inefficient code if it's taking you a half hour to read a single file.

[no name] 21-Jan-12 16:48pm

You still not helping me..........
plezzzzzzzzzzz I need help

Dave Kreskowiak 21-Jan-12 18:54pm

I've given you what I can given the VERY tiny amount of information you've provided. Without YOU showing US what you've written and what you want the code to do and the performance you want out of it, it's impossible to tell you anynthing more.

The quality of the answers you get is directly dictated by the quality of the questions you ask.

Dave Kreskowiak 27-Jan-12 13:55pm

Look at what you're doing. You're reading a single byte from the file then adding it to a textbox, ONE BYTE AT A TIME. Since strings (the TextBox.Text property gets/sets a string value) are immutable (cannot be changed once created) you are literally creating a new string, copying the old text from the textbox to it, then appending a single character and setting the textbox.text property to this new string on EVERY SINGLE BYTE YOU READ FROM THE FILE! Now wonder it takes forever for you to read the file.

[no name] 28-Jan-12 1:47am

I have an idea and want to share with you,
if I have create a five threads for example! and each thread read a part from the file at the same time, is there a chance to work fast?

Dave Kreskowiak 28-Jan-12 9:42am

No. You can read an entire file in the time it takes to hand off work to a single thread.

AGAIN. You're reading a file byte-by-byte instead of reading chunks of it at a time. Reading byte-by-byte takes an awful lot of time.

[no name] 30-Jan-12 3:05am

So, you think must read Int64 instead of read byte, I have tried this way and it's a fast but it reads the inverse of the string.

Dave Kreskowiak 30-Jan-12 8:03am

This is a virus scanner. What the hell are you checking for strings for?? You treat signatures as a block of bytes, not strings.

[no name] 30-Jan-12 10:05am

First, I don't mean character strings.. I mean binary strings.
Second, why you want detials...!!!! only I asked is how to read and write from EXE files rapidly??!!!!! why you need detials????!!!!!

Dave Kreskowiak 30-Jan-12 10:41am

First, do not mix terminology like that. If you say String, everyone thinks a nice human-readable set of characters, not bytes.

Second, why do I want details? Because you haven't given sufficient information to answer your question specifically. The quality of the answers you get are directly dictated by the quality of the questions you ask.

I've already told you repeated where you're going wrong. Read this: http://msdn.microsoft.com/en-us/library/system.io.filestream.read.aspx

LaxmikantYadav · Answer 3 · 2012-01-26T21:43:00

Solution 4

You can start from here : http://msdn.microsoft.com/en-us/magazine/cc301805.aspx[^]

Posted 26-Jan-12 21:43pm

LaxmikantYadav

Comments

[no name] 27-Jan-12 6:38am

my man the page is not found!!!!

fjdiewornncalwe 27-Jan-12 9:56am

The link works fine for me. Perhaps it is blocked where you are.

[no name] 28-Jan-12 1:43am

this is the message I had when I opened the page:
"Page Not Found
We're sorry, but the page you requested could not be found. Please check your typing and try again, or use the search options on this page.
"

[no name] 30-Jan-12 10:06am

Can you give me another link??? ^_^

Member 9335329 · Answer 4 · 2013-01-20T13:31:00

Solution

VB

Public Sub DoSomthing()
Dim sbStringBuilder As New StringBuilder

sbStringBuilder.Append(File.ReadAllText(Path))
GoThrough(sbStringBuilder.ToString)
End Sub

Public Function GoThrough(byval Chars() As Char) As Boolean

For i As long = 0 To Ubound(Chars)
    If Chars(i) = Something Then
        Return False
    End If
Next

return True
End Function

' Depending on what you want to do, but looks like you need to learn the basic's before you can write a Virus Protection Software (if you can even make a simple function to read) BTW writing to a textbox.text to store data is a very big waste of time, not only are you duplicating you data but you are telling the window to use there buffer...

reading writing EXE files

4 solutions

Solution 1

Solution 2

Solution 4

Solution 5

Add your solution here

Preview 0

Existing Members

...or Join us