简单的病毒清除程序

发布于 2024-10-16 16:34:10 字数 1437 浏览 7 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

听你说爱我 2024-10-23 16:34:10

您必须投入更多的智能,而不仅仅是进行一些模式匹配并删除隔离的病毒代码。

您针对的病毒是文件感染者,在当今时代很少使用。
大多数时候,它们的复制过程如下:

  1. 它们在 PE 文件的开头或结尾处复制自身
  2. 找到PE文件的入口点
  3. 将跳转指令放置到该位置,指向其代码 对

文件进行杀毒是任何防病毒软件中最困难的部分。它依赖于病毒代码的质量:如果有错误,主机文件将无法恢复。

无论如何,您正在进入一个机器指令的世界,其中反汇编器(IDA、PE Explorer ...)和调试器将是您最亲密的朋友。

You'll have to put more intelligence than simply do some pattern matching and remove the isolated virus code.

The viruses you are aiming at are files infectors which are rarely used in our days.
Most of the time their replication process is as follow:

  1. They copy themselves at the beginning or at the end of the PE files
  2. Locate the entry point of the PE files
  3. Put a jump instruction to this location pointing at theirs code

Disinfecting a file is the most difficult part for any anti-virus. It relies on the quality of the virus code: if it's buggy, the host file will just be unrecoverable.

In any case, you are entering a world of machine instructions where disassemblers (IDA, PE Explorer ...), and debuggers will be your dearest friends.

入画浅相思 2024-10-23 16:34:10

对两个文件进行差异,基本思想是逐个字符地比较原始文件和受感染文件,直到并将差异保存到某些数据结构中。然后,将来您可以在其他文件中查找“病毒”(假设它是差异的集合)并删除“病毒”。

唯一的问题是,两个与“病毒”无关的文件之间可能会存在差异,例如,受感染的文件以与原始文件不同的方式进行了修改,而与病毒无关。

编辑***
检查其他文件是否存在病毒不会太难,但我运行的假设是您正在处理某种纯文本形式的文件,对于二进制修复文件,我认为您无法删除“病毒” 。

Do a difference of the two files, the basic idea would be to compare the original and infected files character by character until and saving discrepancies to some data structure. Then in the future you could look for the "virus" which would hypothetically be a collection of the differences, in other files and remove the "virus".

The only problem with this is that there will probably be discrepancies between the two files which have nothing to do with the "virus", e.g. the infected file was modified in some way different from the original, which has nothing to do with the virus.

EDIT***
Checking other files for the virus would not be too hard, but I am running under the assumption that you are dealing with some plain text form of file, for binary propitiatory files, I do not think you would be able to remove the "virus".

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文