防病毒，文件扫描C＃ [英] Antivirus, File Scanning C#

问题描述

我正在努力学习一些关于创建防病毒的基础知识。我知道这需要很多时间和经验，但作为一个初学者我想出了这个想法和这个问题：



我想收集一个范围病毒启动，并以十六进制格式读取它们。由于我已经知道这些文件是病毒，我将读取的十六进制代码保存在数据库中。



现在我可以扫描文件夹并再次以十六进制读取所有文件如果一个文件的内容与我存储的十六进制代码之一匹配，那么我可以说它是病毒。



现在我想知道我是否真的可以判断这样的文件，如果是这样的话我怎样才能真正读取十六进制的大量文件并进行比较以一种不花费很多时间的方式？

I''m trying to learn some basics about creating antiviruses. I know that it needs a lot of time and experience to do so but as a beginner I came up with this idea and this question:

I thought about collecting a range of viruses to start, and read them in hex format. Since I already know that these files are viruses, I keep the read hex codes in a database.

Now I can scan a folder and read all files again in hex so if the content of one file matches with one of my stored hex codes then I can say it is a virus.

Now I''d like to know whether I can really judge a file like this and if so how can I really read a lot of files in hex and make comparisons in a way that doesn''t take a lot of time ?

推荐答案

我认为你实际上是指二进制比较，而不是十六进制。但是，只扫描文件并将其与已知病毒码进行比较，并不能保证该文件也是病毒。还有许多其他检查需要完成，包括检查可能将无辜的应用程序变成病毒或木马的嵌入式代码更改。正如你在第二句中所说，这需要大量的时间和经验。您可能希望访问一些反病毒提供商的网站以获取更多信息。

I think you actually mean binary comparisons, rather than hex. However, just scanning a file and comparing it with a known virus pattern will not guarantee that the file is also a virus. There are many other checks that need to be done, including checking for embedded code changes that may turn an innocent application into a virus or trojan. As you say in your second sentence this takes a lot of time and experience. You may like to go to some of the anti-virus providers'' websites for further information.

简短的回答是您无法验证此类文件。实际上，您的描述只是告诉您文件与另一个文件完全相同 - 但这是一个过于简单的测试。病毒通常是一种模式，而不是整个文件，因此它可能会尝试感染任何exe（例如）。当然，这意味着您只能使用此技术找到一个exe文件。

The short answer is that you can''t validate files like this. Effectively, your description just tells you that a file is identical to another - but this is too simplistic a test. A virus is typically a pattern, rather than a whole file, so it may attempt to infect any exe (for instance). This, of course, means that you would only find one exe file with this technique.

这篇关于防病毒，文件扫描C＃的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！