Delphi-PRAXiS

Delphi-PRAXiS (https://www.delphipraxis.net/forum.php)
-   Object-Pascal / Delphi-Language (https://www.delphipraxis.net/32-object-pascal-delphi-language/)
-   -   Delphi file scanner (https://www.delphipraxis.net/112883-file-scanner.html)

randy_dom 28. Apr 2008 22:37
file scanner
 
hi fellows .

I am developing an Anti-Virus software . and i want to have your suggestion and alternative .

so i want you to help ( or give me an alternative ) to how to search an Hex Value in a File .

i can do that in 2 ways :

1- Dump the File and save the results into a text file in a Temp directory , then use the simple Pos function to search for the Hex Value into this text file as some AV softwares do .

2- Open the File with TMemoryStream , then use a function to convert the Hex Value into the String representation then use the Function Pos to search for the converted String Value .

but what i want is your alternatives , please is there any other suggestions to search for the Hex Value directly into the File without conversion or dumping .


waiting for all your reply .

regards Randy .

Olli 28. Apr 2008 22:52
Re: file scanner
 
Hi and welcome to the DP.

There is no such thing as a "hex value". Hexadecimal is merely the representation of a number, so is octal and decimal. The point being, that all are equivalent, no matter how you represent them.

Which particular AV software dumps what into a text file? I think you are lacking some very fundamental basics, so you shouldn't start with an AV software. It's certainly possible for one person to write one, but firstly most AV companies started years ago (most of them far more than a decade ago, some two decades ago) and secondly it will take not only time but also a lot of skill. While you may have the time, the skill is a prerequisite - it won't be enough to acquire it over time, because essentially you'll find at some point that you have completely screwed up your design and you can start over from scratch.

Dezipaitor 28. Apr 2008 23:06
Re: file scanner
 
Even the Search for Strings is a Science itself.

randy_dom 28. Apr 2008 23:14
Re: file scanner
 
thank you Olli , but i have talked with One of the Developper of PANDA Av , about this , so he replayed me that it can be possible to dump a file then do a search on that saved dumped file with the Function POS .he even sent me an exemple for that and i saw how does it work .

so dumping a File is a solution but not enough especially when dealing with big Files ( tht'a what he advised me ).

when i said There is no such thing as a "hex value". i mean i can convert some Hex into s string then search for this string in the file .
thank you

randy_dom 28. Apr 2008 23:24
Re: file scanner
 
Zitat:
Zitat von Dezipaitor
Even the Search for Strings is a Science itself.
yes Dezipaitor that's right but not enough when dealing with Virus ...

Nuclear-Ping 29. Apr 2008 08:44
Re: file scanner
 
Delphi-Referenz durchsuchenIntToHex


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:42 Uhr.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz