The reason for the release is mainly because of the long-standing engine problems of a security software in China. I hope this article can make substantial updates.
Security software should give users and users safety, not trouble
.The specific engine problem manifests itself as scanning the file, creating a copy, and then scanning the file of this copy.
Even shell killers like AVP will not take off all the shells when they see them. It is also very likely that viruses can be extracted directly from the shells.
definition.
The source code is as follows, and some of them are deleted, because this article is not for everyone to write the scanner, and this engine is no longer used.
.
const cBuf_Size = 65536;
var fintbuffer:pbytearray;
procedure CheckInternalBuffer ( aPos : Integer );
var
pFR : Integer;
begin
if (fIntBufferPos = -1 ) or (aPos < fIntBufferPos) or ((aPos+16) >
(fIntBufferPos+cBuf_size))
then begin
pFR := aPos - (cBuf_size div 2);
if pFR < 0
then
pFR := 0;
:= pFR;
( fIntBuffer^, cBuf_Size);
fIntBufferPos := pFR;
end;
end;
procedure FreeFile;
begin
if fIntFile <> nil
then begin
;
fIntFile := nil;
end;
end;
function CanOpenFile ( const aName : string ) :Boolean;
var
fHandle : THandle ;
begin
Result := False;
//ReadOnly := True;
if FileExists ( aName )
then begin
fhandle:=CreateFileA(pchar(aname ) , GENERIC_READ, FILE_SHARE_READ ,
NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if fhandle <> INVALID_HANDLE_VALUE
then begin
closehandle ( fHandle );
Result := True;
end;
end;
end;
function LoadFromFile(const Filename: string): Boolean;
begin
Result := True;
fIntFile := newreadfilestream ( filename );
try
:= 0;
fdatasize2:=;
fintbufferpos:=-1;
Result := True;
finally
end
end;
function Find ( aBuffer : PChar ; const aCount , aStart , aEnd : Integer
) : Integer;
// find something in the current file and return the
position, -1 if not found const IgnoreCase , SearchText : Boolean
var
// pCR : TCursor;
pChAct : Char;
pCMem , pCFind , pCHit , pEnd : Integer;
begin
Result := -1;
pEnd := aEnd;
if aCount < 1
then
Exit;
if aStart + aCount > (pEnd+1)
then
Exit; // will never be found, if search-part is smaller than
searched data
try
pCMem := aStart;
PCFind := 0;
pCHit := pCMem+1;
repeat
if pCMem > pEnd
then
Exit;
CheckInternalBuffer ( pCMem );
PChAct := Char(fIntBuffer [ pCMem - fIntBufferPos]);
if ( PChAct = aBuffer[PCFind] )
then begin
if PCFind = (aCount-1)
then begin
Result := PCMem-aCount+1;
Exit;
end
else begin
if PCFind = 0
then
PCHit := PCMem+1;
Inc ( PCMem );
Inc ( PCFind );
end;
end
else begin
PCMem := PCHit;
PCFind := 0;
PCHit := PCMem+1;
end;
until False;
finally
// Cursor := pCR;
end;
end;
function TForm1.check2(filename:string):boolean;
const
cHexChars = 0123456789ABCDEF;
var h,n,x,
findlen,FindPos,mypos : longint;
up , findstr:string;
pSTR : String;
pCT,pCT1: integer;
begin
result:=false;
Findstr,mypos gives value:
mypos:=mypoint;
pSTR := ;
pCT1 := Length ( findstr ) div 2;
for pCT := 0 to (Length ( findstr ) div 2) -1
pStr := pStr + Char ( (Pos ( findstr[pCt*2+1] , cHexChars ) -1) * 16 +
(Pos ( findstr[pCt*2+2] , cHexChars ) -1));
GetMem ( FindBuf , pCT1 );
try
FindLen := pCT1;
Move ( pStr[1] , FindBuf^, pCt1 );
FindPos :=Find (findstr, FindBuf , FindLen ,mypos, mypos+findlen-1)
if FindPos = -1
then exit
else
begin
// do something!
result:=true;
exit;
end;
finally
end;
end;
Code omission that supports multi-section definitions is nothing more than finding it before continuing.
Support? The code that ignores some bytes is omitted, nothing more than changing the function.
The code is very messy, indeed, I have never liked to arrange it neatly, otherwise how could I get a bug (funny)
This code is separated from the hexadecimal editor code. Since the original control is used to edit files for the user, it is silently
I believe that I copy the file to the temporary WINDOWS folder and modify it
Copy files to avoid user misoperation.
Therefore, when using any control, you still have to carefully check the source code intention and modify it if necessary, otherwise it will be detrimental to the user.
.
Regarding domestic software killing, Jiang Min corrects it without knowing the mistake. If you remove the virus code of a certain security software that can check 2,000 viruses, you cannot think it
Have measurements
Rising, if it can enhance the killing power of international virus hunting, pay more attention to foreign trends, there is still hope.
Kingsoft, don’t give away things that users don’t need for free, as the future will be better.
Foreign soft hunting ability: KAV>MCAFEE>NOD32
Unknown virus hunting power is the opposite
The last little requirement is that Chinese people use less foreign multi-engine detection, so that domestic products can be more confident in killing soft-soft.
About the author of this article, jike, the creator of the2avpro (pclxav), the software is running the second generation of feature code engine,
It is still unknown whether the third generation of floating feature code engine can come out.
Contact: jike_man@/
Security software should give users and users safety, not trouble
.The specific engine problem manifests itself as scanning the file, creating a copy, and then scanning the file of this copy.
Even shell killers like AVP will not take off all the shells when they see them. It is also very likely that viruses can be extracted directly from the shells.
definition.
The source code is as follows, and some of them are deleted, because this article is not for everyone to write the scanner, and this engine is no longer used.
.
const cBuf_Size = 65536;
var fintbuffer:pbytearray;
procedure CheckInternalBuffer ( aPos : Integer );
var
pFR : Integer;
begin
if (fIntBufferPos = -1 ) or (aPos < fIntBufferPos) or ((aPos+16) >
(fIntBufferPos+cBuf_size))
then begin
pFR := aPos - (cBuf_size div 2);
if pFR < 0
then
pFR := 0;
:= pFR;
( fIntBuffer^, cBuf_Size);
fIntBufferPos := pFR;
end;
end;
procedure FreeFile;
begin
if fIntFile <> nil
then begin
;
fIntFile := nil;
end;
end;
function CanOpenFile ( const aName : string ) :Boolean;
var
fHandle : THandle ;
begin
Result := False;
//ReadOnly := True;
if FileExists ( aName )
then begin
fhandle:=CreateFileA(pchar(aname ) , GENERIC_READ, FILE_SHARE_READ ,
NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
if fhandle <> INVALID_HANDLE_VALUE
then begin
closehandle ( fHandle );
Result := True;
end;
end;
end;
function LoadFromFile(const Filename: string): Boolean;
begin
Result := True;
fIntFile := newreadfilestream ( filename );
try
:= 0;
fdatasize2:=;
fintbufferpos:=-1;
Result := True;
finally
end
end;
function Find ( aBuffer : PChar ; const aCount , aStart , aEnd : Integer
) : Integer;
// find something in the current file and return the
position, -1 if not found const IgnoreCase , SearchText : Boolean
var
// pCR : TCursor;
pChAct : Char;
pCMem , pCFind , pCHit , pEnd : Integer;
begin
Result := -1;
pEnd := aEnd;
if aCount < 1
then
Exit;
if aStart + aCount > (pEnd+1)
then
Exit; // will never be found, if search-part is smaller than
searched data
try
pCMem := aStart;
PCFind := 0;
pCHit := pCMem+1;
repeat
if pCMem > pEnd
then
Exit;
CheckInternalBuffer ( pCMem );
PChAct := Char(fIntBuffer [ pCMem - fIntBufferPos]);
if ( PChAct = aBuffer[PCFind] )
then begin
if PCFind = (aCount-1)
then begin
Result := PCMem-aCount+1;
Exit;
end
else begin
if PCFind = 0
then
PCHit := PCMem+1;
Inc ( PCMem );
Inc ( PCFind );
end;
end
else begin
PCMem := PCHit;
PCFind := 0;
PCHit := PCMem+1;
end;
until False;
finally
// Cursor := pCR;
end;
end;
function TForm1.check2(filename:string):boolean;
const
cHexChars = 0123456789ABCDEF;
var h,n,x,
findlen,FindPos,mypos : longint;
up , findstr:string;
pSTR : String;
pCT,pCT1: integer;
begin
result:=false;
Findstr,mypos gives value:
mypos:=mypoint;
pSTR := ;
pCT1 := Length ( findstr ) div 2;
for pCT := 0 to (Length ( findstr ) div 2) -1
pStr := pStr + Char ( (Pos ( findstr[pCt*2+1] , cHexChars ) -1) * 16 +
(Pos ( findstr[pCt*2+2] , cHexChars ) -1));
GetMem ( FindBuf , pCT1 );
try
FindLen := pCT1;
Move ( pStr[1] , FindBuf^, pCt1 );
FindPos :=Find (findstr, FindBuf , FindLen ,mypos, mypos+findlen-1)
if FindPos = -1
then exit
else
begin
// do something!
result:=true;
exit;
end;
finally
end;
end;
Code omission that supports multi-section definitions is nothing more than finding it before continuing.
Support? The code that ignores some bytes is omitted, nothing more than changing the function.
The code is very messy, indeed, I have never liked to arrange it neatly, otherwise how could I get a bug (funny)
This code is separated from the hexadecimal editor code. Since the original control is used to edit files for the user, it is silently
I believe that I copy the file to the temporary WINDOWS folder and modify it
Copy files to avoid user misoperation.
Therefore, when using any control, you still have to carefully check the source code intention and modify it if necessary, otherwise it will be detrimental to the user.
.
Regarding domestic software killing, Jiang Min corrects it without knowing the mistake. If you remove the virus code of a certain security software that can check 2,000 viruses, you cannot think it
Have measurements
Rising, if it can enhance the killing power of international virus hunting, pay more attention to foreign trends, there is still hope.
Kingsoft, don’t give away things that users don’t need for free, as the future will be better.
Foreign soft hunting ability: KAV>MCAFEE>NOD32
Unknown virus hunting power is the opposite
The last little requirement is that Chinese people use less foreign multi-engine detection, so that domestic products can be more confident in killing soft-soft.
About the author of this article, jike, the creator of the2avpro (pclxav), the software is running the second generation of feature code engine,
It is still unknown whether the third generation of floating feature code engine can come out.
Contact: jike_man@/