Page 1 of 1

Monitor my files in on-access

Posted: Sun May 08, 2011 3:43 pm
by rafu5418
Dear sir,
im developing an antivirus malware app. i want to know how i can get files details or files info when i open each folder.
I mean i want to make on-access scan system on my anti-malware app.

How i can get components info each and every time i visit any drive or folder on my computer... so that i can match them with my malware database.

Do you have any function or dll of On-access scan developing tool?

(sorry for the bad english)

Best regard
rafu

Re: Monitor my files in on-access

Posted: Sun May 08, 2011 4:46 pm
by madshi
Can you describe your needs in a more technical way? Things like "when I open a folder" can be interpreted in many different ways.

Re: Monitor my files in on-access

Posted: Sun May 08, 2011 8:00 pm
by rafu5418
Thank you for reply sir,
I mean. i want to read or access any file during computer browsing like when i goto d drive or c drive the my app will track files details. I want to make my antimalware on-access scan system.

Please can you tel me sir, how i can make on-access scan system by your dll i will buy it..

Re: Monitor my files in on-access

Posted: Sun May 08, 2011 8:18 pm
by madshi
What you're saying is not really describing things on a programming level. You say "when i goto d drive or c drive my app will track files details". You probably mean when the end user opens the Windows Explorer to browse drive C: or D: then you want to do something. I'm not fully sure yet what you want to do exactly. You can get file details by using FindFirstFile, FindNextFile. On a programming level, what is exactly the "event" you want to react to? The end user doing something inside of the Windows Explorer? If that's what you want then you may have to subclass the Explorer's ListView component to catch double clicks etc. But that would only work for the Explorer. It would not work if e.g. Notepad would open a "file open/save as" dialog. Do you want to react to "file open/save as" dialogs of any application, too? I don't have any ready to use code or libraries for things like that. Or do you want to react to any application trying to open a file (e.g. by calling "CreateFile")? That's a whole different thing.

The first thing you need to decide on is what event *exactly* shall trigger your code. E.g. the user double clicking the list view in the Explorer would be an example of what you may want to react to. Or maybe you want to be notified when an application calls a specific win32 API? Think about what you want exactly and then describe it exactly. I don't really want to *guess* what you want.

Re: Monitor my files in on-access

Posted: Sun May 08, 2011 8:43 pm
by rafu5418
Dear sir,
i already made the real-time scan system by .Net (FileSystemWatcher) class component.. This component has three function event (Create),(Modify),(Move). I have virus list database by md5. when i open a file in any where on system this (FileSystemWatcher) component trigger the file with my virus database signature list.If the open file and virus database matches app delete the file. (Modify),(Move) function are also work as same.

But the problem is if the file already exist in my system it's not matches with the database because (file is in idle mode) FileSystemWatcher failed to catch the details. Now i want, on-access scan system so that i can match the files with my virus database. is there any component like FileSystemWatcher?

i also want to make basic firewall for blocking website.. i need a sdk to terminate IP and ports and website form visiting..

Please replay ir

Best Regard
rafu

Re: Monitor my files in on-access

Posted: Tue May 10, 2011 11:21 am
by madshi
I'm not familiar with FileSystemWatcher. What do you mean exactly with "it failed to catch the details"? What did it catch and what should it have catched instead? Can you give me an example?

Look here for an open source firewall project using my madCodeHook API hooking library:

http://isafer.sourceforge.net/Introduction.htm

Re: Monitor my files in on-access

Posted: Fri May 13, 2011 2:21 am
by ira
rafu5418, read this viewtopic.php?f=9&t=5305