请帮我一个程序病毒检测使用检测恶意行为 [英] Please help me with a program for virus detection using detection of malicious behavior

查看:134
本文介绍了请帮我一个程序病毒检测使用检测恶意行为的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我知道如何防病毒检测病毒。我读了几aticles:

如何杀毒软件检测病毒?

http://www.antivirusworld.com/articles/antivirus.php

http://www.agusblog.com/word$p$pss/what-is-a-virus-signature-are-they-still-used-3.htm

http://hooked-on-mnemonics.blogspot.com/2011/01/intro-to-creating-anti-virus-signatures.html

在这个1个月假期我有。我想学习和放大器; code一个简单的病毒检测程序: 因此,有2-3办法(从上面的文章):

  1. 病毒字典:搜索病毒特征码
  2. 在检测恶意行为

我想从第二个方法。我想用简单的事情开始了。

作为一个方面说明,最近我遇到了一个名为 ThreatFire的用于此目的的软件。它做了pretty的好工作。

  1. 第一件事,我不明白的是如何将这些程序相互发泄的另一间执行,并提示用户有关它的行动。不是它类似违规行为?
  2. 它是如何进行扫描的其他程序的内存?程序是只限于它的虚拟空间吗?
  3. 是C#.NET正确的做这种东西?
  4. 请发表你的想法如何去做?也提一些简单的事情,我可以做的。
解决方案

  1. 这是因为所涉及的软件可能已安装,以使其低水平内核访问一个特殊的驱动程序,使其能够拦截和拒绝各种潜在的恶意行为。

  2. 通过具有很多司机这样做的权利,这赋予它扫描另一个进程的内存空间的能力。

  3. 没有。 C#需要操作系统的一个很好的块已经装载。驱动程序首先需要加载。

  4. 了解有关驱动程序和内核级编程。 。 。我没有这样做,所以我不能有更多的帮助这里。

I know how antivirus detects viruses. I read few aticles:

How do antivirus programs detect viruses?

http://www.antivirusworld.com/articles/antivirus.php

http://www.agusblog.com/wordpress/what-is-a-virus-signature-are-they-still-used-3.htm

http://hooked-on-mnemonics.blogspot.com/2011/01/intro-to-creating-anti-virus-signatures.html

During this one month vacation I'm having. I want to learn & code a simple virus detection program: So, there are 2-3 ways (from above articles):

  1. Virus Dictionary : Searching for virus signatures
  2. Detecting malicious behavior

I want to take the 2nd approach. I want to start off with simple things.

As a side note, recently I encountered a software named "ThreatFire" for this purpose. It does a pretty good job.

  1. 1st thing I don't understand is how can this program inter vent an execution of another between and prompt user about its action. Isnt it something like violation?
  2. How does it scan's memory of other programs? A program is confined to only its virtual space right?
  3. Is C# .NET correct for doing this kind of stuff?
  4. Please post your ideas on how to go about it? Also mention some simple things that I could do.

解决方案

  1. This happens because the software in question likely has a special driver installed to allow it low level kernel access which allows it to intercept and deny various potentially malicious behavior.

  2. By having the rights that many drivers do, this grants it the ability to scan another processes memory space.

  3. No. C# needs a good chunk of the operating system already loaded. Drivers need to load first.

  4. Learn about driver and kernel level programming. . . I've not done so, so I can't be of more help here.

这篇关于请帮我一个程序病毒检测使用检测恶意行为的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆