hi fellows .

I am developing an Anti-Virus software . and i want to have your suggestion and alternative .

so i want you to help ( or give me an alternative ) to how to search an Hex Value in a File .

i can do that in 2 ways :

1- Dump the File and save the results into a text file in a Temp directory , then use the simple Pos function to search for the Hex Value into this text file as some AV softwares do .

2- Open the File with TMemoryStream , then use a function to convert the Hex Value into the String representation then use the Function Pos to search for the converted String Value .

but what i want is your alternatives , please is there any other suggestions to search for the Hex Value directly into the File without conversion or dumping .


waiting for all your reply .

regards Randy .

Hi and welcome to the DP.

There is no such thing as a "hex value". Hexadecimal is merely the representation of a number, so is octal and decimal. The point being, that all are equivalent, no matter how you represent them.

Which particular AV software dumps what into a text file? I think you are lacking some very fundamental basics, so you shouldn't start with an AV software. It's certainly possible for one person to write one, but firstly most AV companies started years ago (most of them far more than a decade ago, some two decades ago) and secondly it will take not only time but also a lot of skill. While you may have the time, the skill is a prerequisite - it won't be enough to acquire it over time, because essentially you'll find at some point that you have completely screwed up your design and you can start over from scratch.

Even the Search for Strings is a Science itself.

thank you Olli , but i have talked with One of the Developper of PANDA Av , about this , so he replayed me that it can be possible to dump a file then do a search on that saved dumped file with the Function POS .he even sent me an exemple for that and i saw how does it work .

so dumping a File is a solution but not enough especially when dealing with big Files ( tht'a what he advised me ).

when i said There is no such thing as a "hex value". i mean i can convert some Hex into s string then search for this string in the file .
thank you

yes Dezipaitor that's right but not enough when dealing with Virus ...

IntToHex