阅读写EXE文件 [英] reading writing EXE files
问题描述
你好,
我正在制作病毒扫描程序,直到现在我的工作做得很好。
但是你知道每个病毒或每个程序都有签名可以是其他程序中唯一的,并且为了找到这个签名,我必须从执行文件中读取二进制流,我已经阅读了这篇文章将代码注入可移植可执行文件,描述PE(可移植执行文件)以了解EXE文件的结构,
但我有一个问题:当我读EXE文件时它太慢而其他反病毒如卡巴斯基太快了。
这些反病毒如何运作得太快但是我的程序很慢,现在我真正的问题是:
如何快速读取EXE文件?
我希望这很清楚!
这是我的代码:
Hi there,
I am making a virus scanner, until now I have done well in my work.
But as you know each virus or each program have a signature that can be unique from other programs, and to found this signature I must read the binary stream from execution files, and I have read this article Inject your code to a Portable Executable file that descripe the PE (portable execution file) to know the structure of the EXE files,
but I have one problem that: when I read the EXE file it''s too slow and the other anti-viruses like kaspersky too fast.
How these anti-virueses work too fast but my program is slow, now my real question is:
"How can I read from EXE files fastly?"
I hope that was clear enough!
Here is my code:
Imports System
Imports System.IO
Imports System.Threading
Public Class Form1
Dim thread As New Thread(AddressOf RW_EXE)
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Label1.Text = ""
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
With OpenFileDialog1
If .ShowDialog() = Windows.Forms.DialogResult.OK Then
thread.IsBackground = True
Control.CheckForIllegalCrossThreadCalls = False
thread.Start()
End If
End With
End Sub
Sub RW_EXE()
TextBox1.Text = ""
Dim FS As New FileStream(OpenFileDialog1.FileName, FileMode.Open, FileAccess.Read)
Dim BS As New BinaryReader(FS)
Dim x As Integer = BS.BaseStream.Position
Dim y As Integer = BS.BaseStream.Length
Dim s As String = ""
While x < y
s &= BS.ReadByte.ToString("X") & " "
Label1.Text = x & " from " & y - 1
x += 1
End While
TextBox1.Text = s
FS.Close()
BS.Close()
thread.Abort()
End Sub
End Class
As你看到上面的代码,我创建了一个FileStream,它以读取模式打开文件,我创建了一个BinaryStream,使程序能够从创建的文件中读取二进制文件,然后通过读取二进制文件来检测病毒。从病毒中取出签名并用DATA BASE检查它是否是病毒!
然后我声明X,Y,X =当前读取的位置首先等于0的文件。
Y =到二进制的长度e文件(EXE文件的字符串长度)。
然后我放入while循环,这样我就可以从文件字节字节读取,直到x等于y(表示位置等于长度)该文件)。
这是否足够清楚?
As you see the code above, I have create a FileStream that open the file in read mode and I have create a BinaryStream that enables the program to read a binary from the file created before which achieve my point to detect the virus by read the binary and get the signature out the out the viruse and check with the DATA BASE to see if it''s a virus or not!.
Then I have declare X,Y , X=to current position of reading the file which first equal to 0.
Y= to the length of binary in the file (length of the string of the EXE file).
And then I have put while loop so I can read from the file byte byte until the x equal to y (means the position equal to length of the file).
Is this clear enough?
推荐答案
适用两条规则:
1)不要在VB中写exe文件。
2)参见(1)。
除非你知道自己在做什么,否则你会(a)搞砸了事情,并且(b)被正确地视为病毒。
为什么你想这样做吗?
Two rules apply:
1) Don''t write exe files in VB.
2) See (1).
Unless you know what you are doing, you will (a) mess things up and (b) be rightly treated as a virus.
Why do you want to do that?
如果你试图读取.EXE文件中的信息,请下载并阅读这个 [ ^ ]。它非常复杂,所以我希望你的经验不仅仅是读/写文本文件。
If you''re trying to read the information in an .EXE file, download and read this[^]. It''s pretty complex so I hope your experience is beyond reading/writing text files.
你可以从这里开始:http://msdn.microsoft.com/en-us/magazine/cc301805.aspx [ ^ ]
You can start from here : http://msdn.microsoft.com/en-us/magazine/cc301805.aspx[^]
这篇关于阅读写EXE文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
