13 posts
Location
USA, duh!
Posted 28 November 2013 - 07:35 AM
Im trying to make an antivirus and anti-exploit. How would I make a anti-exploit which disables certain parts of code? And an antivirus that searchs files on your computer for virus files from the defenitions. It IS possible, after Shinji MalScan came about. How would I make it scan the computer for files in the defenetions it downloads from a URL? How to stop a piece of code from being run from a certain program?
1190 posts
Location
RHIT
Posted 28 November 2013 - 11:10 AM
Searching the computer for virus "definitions" is pointless - and Shinji's "MalScan" is useless because of that. With simple function overriding, a virus can prevent you from ever finding it.
Your best bet is to do sandboxing with function overriding. Overriding a function is easy: simply store the old function in a new variable, and then overwrite it. For example:
local oldPrint = print
print = function(argument)
oldPrint("New print function")
oldPrint(argument)
end
How to implement this is up to you.
Edited on 28 November 2013 - 10:44 AM
13 posts
Location
USA, duh!
Posted 28 November 2013 - 01:57 PM
Searching the computer for virus "definitions" is pointless - and Shinji's "MalScan" is useless because of that. With simple function overriding, a virus can prevent you from ever finding it.
Your best bet is to do sandboxing with function overriding. Overriding a function is easy: simply store the old function in a new variable, and then overwrite it. For example:
local oldPrint = print
print = function(argument)
oldPrint("New print function")
oldPrint(argument)
end
How to implement this is up to you.
Im planning to make it scan files as they are run/downloaded.
1190 posts
Location
RHIT
Posted 28 November 2013 - 02:04 PM
Im planning to make it scan files as they are run/downloaded.
That will be useless as well. Look at this:
print("This")
write("Is")
term["wr".."ite"]("not")
_G["wri".."te"]("something")
_G["pr".."int"]("you can")
getfenv()["w".."rite"]("screen for")
The above code is only a few of the many, many ways I could write something to the screen. And I'm not even having a go at encryption here.
There's just no way to effectively scan for viruses in that way without some very advanced language parsing and extensive (as in twenty to thirty megs at the least) definitions of what a virus might be. Even then, antivirus software is not anywhere close to perfect.
By sticking to function overriding, you can make a rudimentary antivirus in only a few lines of code. It will take some research, but it can be done.
Edited on 28 November 2013 - 01:13 PM
13 posts
Location
USA, duh!
Posted 28 November 2013 - 02:16 PM
Im planning to make it scan files as they are run/downloaded.
That will be useless as well. Look at this:
print("This")
write("Is")
term["wr".."ite"]("not")
_G["wri".."te"]("something")
_G["pr".."int"]("you can")
getfenv()["w".."rite"]("screen for")
The above code is only a few of the many, many ways I could write something to the screen. And I'm not even having a go at encryption here.
There's just no way to effectively scan for viruses in that way without some very advanced language parsing and extensive (as in twenty to thirty megs at the least) definitions of what a virus might be. Even then, antivirus software is not anywhere close to perfect.
By sticking to function overriding, you can make a rudimentary antivirus in only a few lines of code. It will take some research, but it can be done.
Im planning to make it scan files as they are run/downloaded.
That will be useless as well. Look at this:
print("This")
write("Is")
term["wr".."ite"]("not")
_G["wri".."te"]("something")
_G["pr".."int"]("you can")
getfenv()["w".."rite"]("screen for")
The above code is only a few of the many, many ways I could write something to the screen. And I'm not even having a go at encryption here.
There's just no way to effectively scan for viruses in that way without some very advanced language parsing and extensive (as in twenty to thirty megs at the least) definitions of what a virus might be. Even then, antivirus software is not anywhere close to perfect.
By sticking to function overriding, you can make a rudimentary antivirus in only a few lines of code. It will take some research, but it can be done.
I've already wrote a virus database(WIP) in this format:
Virus Name|Virus string
1190 posts
Location
RHIT
Posted 28 November 2013 - 02:25 PM
Okay, I give up. If you want help making an antivirus in this way, it will not be from me because it is simply not feasible. If you want help parsing strings and lexical expressions, I will be glad to do so - however, do not expect it to protect you from viruses. If you want to discuss function overriding more in-depth, feel free to PM me.