3 replies to this topic

[Tonchi]

is there any book or reference how to start with that? or do you have any other suggestion?

[RhetoricalRuvim]

Wait, you mean building an anti-virus? Using C#? For what things, macro viruses, .NET or Java type of viruses, or .EXE type of viruses?

[Tonchi]

viruses like trojans, malwares, spywares and etc. including facebook viruses

[RhetoricalRuvim]

It's just I'm not sure if C# is the best language for that; well, maybe you can find a way to make it work out.

There's not really a clear way, though, to tell whether a program is a virus or not. It depends on how you interpret it to be. You would probably be better off if you learn assembly language, as that's very similar to the actual machine code that you'll be scanning, but is more simple in that it's more human-readable. You can later on design your program to scan the operation codes inside the executable; that's at least how I think anti-viruses should work.

I actually thought, once, about making an anti-virus, but I didn't really start any project or anything. I just thought of scanning the machine code, and seeing what it does to what, where it uses network functions, where it gets things from, etc.

I don't really understand how virus definitions work, however.


But yeah, if you want to understand how things work, and especially if you want to be able to follow what an executable does, you might find it useful to learn assembly language and have an opcode map handy (opcode means "operation code" ; operation codes tell the processor what to do, each step of the process).