Here is the pseudocode of how I see search engine:
open text document with hash signatures //MD5, SHA1, SHA256 or some other hashing file foreach string line in document: foreach list in pre_list: //pre_list is a list with all files and documents on computer if (line == list): check = true //check is a bool value for checking if virus has been found print 'Suspicious software is found' if check == false: print 'There is no suspicious software on your computer'
I know if I search computer by processes that it could be a hole in a program because virus makers can rename their viruses and it would provide passing the scan process. I saw too that MD5 is broken hash so it is not reliable way. What do you suggest??? How to make dynamic allocation which will contain all files and documents on someones computer (C, unmanaged C++, managed C++ or C#)? Is there any tutorial for AV begginers that shows primitive principles of doing search engines?