Monitor my files in on-access

delphi package - easy access to security apis

Monitor my files in on-access

Postby rafu5418 » Sun May 08, 2011 3:43 pm

Dear sir,
im developing an antivirus malware app. i want to know how i can get files details or files info when i open each folder.
I mean i want to make on-access scan system on my anti-malware app.

How i can get components info each and every time i visit any drive or folder on my computer... so that i can match them with my malware database.

Do you have any function or dll of On-access scan developing tool?

(sorry for the bad english)

Best regard
rafu
rafu5418
 
Posts: 3
Joined: Sun May 08, 2011 3:35 pm

Re: Monitor my files in on-access

Postby madshi » Sun May 08, 2011 4:46 pm

Can you describe your needs in a more technical way? Things like "when I open a folder" can be interpreted in many different ways.
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Re: Monitor my files in on-access

Postby rafu5418 » Sun May 08, 2011 8:00 pm

Thank you for reply sir,
I mean. i want to read or access any file during computer browsing like when i goto d drive or c drive the my app will track files details. I want to make my antimalware on-access scan system.

Please can you tel me sir, how i can make on-access scan system by your dll i will buy it..
rafu5418
 
Posts: 3
Joined: Sun May 08, 2011 3:35 pm

Re: Monitor my files in on-access

Postby madshi » Sun May 08, 2011 8:18 pm

What you're saying is not really describing things on a programming level. You say "when i goto d drive or c drive my app will track files details". You probably mean when the end user opens the Windows Explorer to browse drive C: or D: then you want to do something. I'm not fully sure yet what you want to do exactly. You can get file details by using FindFirstFile, FindNextFile. On a programming level, what is exactly the "event" you want to react to? The end user doing something inside of the Windows Explorer? If that's what you want then you may have to subclass the Explorer's ListView component to catch double clicks etc. But that would only work for the Explorer. It would not work if e.g. Notepad would open a "file open/save as" dialog. Do you want to react to "file open/save as" dialogs of any application, too? I don't have any ready to use code or libraries for things like that. Or do you want to react to any application trying to open a file (e.g. by calling "CreateFile")? That's a whole different thing.

The first thing you need to decide on is what event *exactly* shall trigger your code. E.g. the user double clicking the list view in the Explorer would be an example of what you may want to react to. Or maybe you want to be notified when an application calls a specific win32 API? Think about what you want exactly and then describe it exactly. I don't really want to *guess* what you want.
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Re: Monitor my files in on-access

Postby rafu5418 » Sun May 08, 2011 8:43 pm

Dear sir,
i already made the real-time scan system by .Net (FileSystemWatcher) class component.. This component has three function event (Create),(Modify),(Move). I have virus list database by md5. when i open a file in any where on system this (FileSystemWatcher) component trigger the file with my virus database signature list.If the open file and virus database matches app delete the file. (Modify),(Move) function are also work as same.

But the problem is if the file already exist in my system it's not matches with the database because (file is in idle mode) FileSystemWatcher failed to catch the details. Now i want, on-access scan system so that i can match the files with my virus database. is there any component like FileSystemWatcher?

i also want to make basic firewall for blocking website.. i need a sdk to terminate IP and ports and website form visiting..

Please replay ir

Best Regard
rafu
rafu5418
 
Posts: 3
Joined: Sun May 08, 2011 3:35 pm

Re: Monitor my files in on-access

Postby madshi » Tue May 10, 2011 11:21 am

I'm not familiar with FileSystemWatcher. What do you mean exactly with "it failed to catch the details"? What did it catch and what should it have catched instead? Can you give me an example?

Look here for an open source firewall project using my madCodeHook API hooking library:

http://isafer.sourceforge.net/Introduction.htm
madshi
Site Admin
 
Posts: 9774
Joined: Sun Mar 21, 2004 5:25 pm

Re: Monitor my files in on-access

Postby ira » Fri May 13, 2011 2:21 am

rafu5418, read this viewtopic.php?f=9&t=5305
ira
 
Posts: 49
Joined: Mon Dec 14, 2009 6:29 am


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 2 guests