二进制文件扫描仪 [英] Binary file scanner

问题描述

我正在对文件进行十六进制扫描，并且我有一个包含十六进制病毒串的数据库.

I'm doing a hexadecimal scanner for files, and I have a database with hex strings of viruses.

我有XML格式的数据库和VB.NET中的扫描器.

I have the database as XML and the scanner in VB.NET.

目标:执行简单的防病毒程序(不使用扫描仪MD5).

Goal: perform a simple antivirus (no scanner MD5).

好吧，我想要在列表框中列出几个文件，并进行遍历，然后扫描十六进制围栏，扫描每个文件，将匹配的文件传递到listbox2.

Well, what I want is to list several files in a listbox and go through it and scan the hex fence scanning every one of them, those that match are passed to listbox2.

Imports System.IO
Imports System.Text

Public Class HexEngine

    Dim ArrayHold() As Byte
    Dim Index As Integer = 0
    Dim Str As New StringBuilder
    Dim tStr As String = ""
    Dim tempStr As String = ""
    Dim IndexEnd As Integer = 0
    Dim InputString As String = ""
    Dim a As Integer

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        listv.Items.Clear()
        For abc = 0 To ListBox1.Items.Count - 1


            Scan(ListBox1.Items(a).ToString)

        Next abc
    End Sub

    Private Sub Scan(ByVal dir As String)


        Dim myStreamReader As StreamReader = Nothing
        myStreamReader = File.OpenText(dir)
        InputString = myStreamReader.ReadToEnd()
        ArrayHold = Encoding.Default.GetBytes(InputString)

        Do
            IndexEnd = Index + 9

            For x As Integer = Index To IndexEnd

                If x > UBound(ArrayHold) Then
                    tempStr = tempStr
                Else
                    tStr = UCase(Convert.ToString(ArrayHold(x), 16))

                    If tStr.Length < 2 Then tStr = "0" & tStr

                    Str.Append(tStr)
                    tempStr = tempStr & Chr(ArrayHold(x))

                End If
            Next

            Index = Index + 10
        Loop While IndexEnd < UBound(ArrayHold)
        For Each signature As XElement In xml.Root.Elements
            If InStr(1, Str.ToString, signature.<hex>.Value, vbTextCompare) Then
                listv.Items.Add(signature.<name>.Value)
                If listv.Items.Count > 0 Then
                    Label1.Text = "Virus"
                Else
                    Label1.Text = "No Virus"
                End If
            End If
        Next

    End Sub

    Dim xml = <?xml version="1.0"?>
              <signatures>
                  <signature>
                      <name>Eicar-Test-Signatur (AntiVir)</name>
                      <hex>58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e4441</hex>
                  </signature>
                  <signature>
                      <name>Hybris.Gen (AntiVir)</name>
                      <hex>f649e7cc1e00d37e7f3bc85fff3486ac6de91433aa3a39ef1b114d37b534b8323f6ff67132638a3fe2f2afb4aaf9b7e3b4669bb3cab028298aab533c5d73546cdd396fd58c2c7734c50bca68eb709b889a086fb3db5f8ae533a4d5816e8c5f560983695efa14e291c204b1316e657773</hex>
                  </signature>
              </signatures>

    'Dim files As List(Of FileInfo) = FileDirSearcher.GetFiles("C:\Windows\System32", SearchOption.AllDirectories).ToList
    ' Dim dirs As List(Of DirectoryInfo) = FileDirSearcher.GetDirs("C:\Windows\System32", SearchOption.AllDirectories).ToList

    Private Sub Button2_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
        Dim startPath As String = Environment.GetFolderPath(Environment.SpecialFolder.Startup)
        Dim filess As IEnumerable(Of FileInfo) = FileDirSearcher.GetFiles(dirPath:=startPath,
                                                                 searchOption:=SearchOption.TopDirectoryOnly,
                                                                 fileNamePatterns:={"*"},
                                                                 fileExtPatterns:={"*.vbs", "*.exe"},
                                                                 ignoreCase:=True,
                                                                  throwOnError:=True)

        For Each File In Get_All_Files(startPath, False)
            ListBox1.Items.Add(File)
        Next

    End Sub
End Class

#Region " Get All Files Function "

' [ Get All Files Function ]
'
' // By Elektro H@cker
'
' Examples:
'
' Dim Files As Array = Get_All_Files("C:\Test", True)
' For Each File In Get_All_Files("C:\Test", False) : MsgBox(File) : Next

Private Function Get_All_Files(ByVal Directory As String, Optional ByVal Recursive As Boolean = False) As Array
    If System.IO.Directory.Exists(Directory) Then
        If Not Recursive Then : Return System.IO.Directory.GetFiles(Directory, "*", IO.SearchOption.TopDirectoryOnly)
        Else : Return IO.Directory.GetFiles(Directory, "*", IO.SearchOption.AllDirectories)
        End If
    Else
        Return Nothing
    End If
End Function

#End Region

好吧，正如您所看到的，我已经做完了所有事情，但是仍然很慢，并且它不会扫描列表框的文件.

Well, as you can see, I already did everything, but still it is very slow and it does not scan the files of the listbox.

我只想要一个十六进制扫描仪，它可以扫描列表框中的所有文件，并且扫描仪速度很快.

I just want a hex scanner that scans all the files that are in a listbox and that the scanner is fast.

推荐答案

您的循环没有使用正确的变量. abc是循环中的变量，然后在循环内部使用.将您的变量重命名为有意义的变量，它不会发生太多.

Your loop doesn't use the right variable. abc is the variable in the loop and then you use a inside the loop. Rename your variable to something meaningful and it wouldn't happen as much.

    For abc = 0 To ListBox1.Items.Count - 1
        Scan(ListBox1.Items(a).ToString)
    Next abc

由于所有的字符串转换，您的扫描速度很慢.字符串很慢，尤其是在连接时.使用 StringBuilder 或更好的方法是，比较字节的字符串.加载xml时，将十六进制转换为字节，然后仅比较文件中的字节.快得多.

Your scan is slow because of all the string conversion. String is slow, especially with concatenation. Use a StringBuilder or even better, compare bytes instead of string. When the xml is loaded, convert the hex to bytes and then just compare the bytes from the file. Much faster.

这篇关于二进制文件扫描仪的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！