January 30th, 2009, 02:02 AM
Anti Malware Developement
I'm planning to develope an anti malware application with my friends.
We are malware analysis professionals. So we do know how to make those definitions.
But we do need some help in the coding part.
actually i hv some doubts.
how can we compare the md5 of a system file n the one in our definitions..
our definitions contain the md5s of malwares.
What should be the algorithm to used to compare md5s.
in normal comparison it ll take whole day just to compre these md5s..
then how to compress our definition files
n then how to use these compressed definitions in our application.
if any of you have experience in developing these kinds of application please help us.
Tell us where to start???
February 3rd, 2009, 04:22 AM
Re: Anti Malware Developement
There are several methods that you could use...
here's one off the top of my head...
sort your MD5's and create a indexing array ...
then when you need to check a MD5 using the indexing array you only comparing to a short list between two indexes..
Something alone this line
you can then build 255 indexes.. (the first byte of the MD5) ... with the index pointing to the first item in the list with that byte..
how your comparative MD5 01ef34--- will search between the first and second index only... (2 and 4) cutting your search to 1/256 of the time.. (less a little overhead) ...
Or if you have a bigger list you can use the first 2 bytes as the index or even the first 4 bytes.. cutting your search to 1/65535 or 1/4294967296 of the time respectively .. (less the indexing overhead) ..
Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
WPF Articles : 3D Animation 1 , 2 , 3
Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.
Tags for this Thread
Click Here to Expand Forum to Full Width
This is a CodeGuru survey question.