Jump to content
Tuts 4 You

Anti-Virus Coding Requirement

maxil122

By maxil122
in Malware Reverse Engineering

 Share

Recommended Posts

maxil122

maxil122

Posted
Posted

Hello,

Please, can someone help me to know what is required to made an Anti-virus:

- Which language is more efficient ?

- What's required like Windows Internals / Coding in low level / Good know in x86 family / File systems (PE) / Reversing / Unpacking... ? It will be helpful if you make it clear.

Thanks.

Link to comment
Share on other sites
Killboy

Killboy

Posted
Posted

I'd go for C++, simply because it allows you to go 64bit without much effort.

It's not as fast as MASM (if you code MASM properly that is, poor MASM code is worse than good VB code in that matter :D ) but allows you to do most low-level stuff within the language specs, even without inline asm.

Other than that you really need to know what youre doing. All the stuff you quoted is pretty important, especially Windows internals for the integration into the OS (drivers etc.) and knowledge of the PE format.

Besides, you'll have to collect all the malware signatures, so yeah, it's gonna be hard :D

Link to comment
Share on other sites
maxil122

maxil122

Posted
  • Author
Posted

Thanks Killboy,

I'd go for C++, simply because it allows you to go 64bit without much effort.

It's not as fast as MASM (if you code MASM properly that is, poor MASM code is worse than good VB code in that matter ) but allows you to do most low-level stuff within the language specs, even without inline asm.

I'm familiar with Win32 ASM (MASM package) , but i have a trouble which assembler i'm going to use. Source codes in MASM are more available than other assemblers. Anyway must to take a look in Fasm. I c it a good assembler.

Other than that you really need to know what youre doing. All the stuff you quoted is pretty important, especially Windows internals for the integration into the OS (drivers etc.) and knowledge of the PE format.

It's crystal clear right now, thanks.

Besides, you'll have to collect all the malware signatures, so yeah, it's gonna be hard

The ClamAV database is free, i can start with this one.

Thanks.

Link to comment
Share on other sites
maxil122

maxil122

Posted
  • Author
Posted
Take a look into HIP Systems.

What does HIP stand for? Host-Based Intrusion Prevention System ? What kind of informations can HIP give us ?

Link to comment
Share on other sites
GamingMasteR

GamingMasteR

Posted
Posted

HIPS can give you info about how to make a self-defence system for the AV, also you can detect/restrict suspected behaviors by malwares .

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...