@spaceworm
Why do you move 0 to eax on line 64 and 69? I know that eax is where the return value is stored, but I don't see what you are accomplishing by moving 0 to eax manually, especially since this function only has one exit point where it always returns 0 anyways.
As I said in the comments, it removes it all in the registry, and then blocks the file. Next if I can use Kernel Drivers I am sure to mess up the Malwares, just understand read the code before commenting man.
First any malware in the registry location specified in the code will be fried and also do be aware it will kill your malware because normally that's where they start up from.
Sorry, if you read the code it returns true meaning 1. Anyway I felt like doing that. Sorry bout that.
@darkestfright
So? I'm fairly sure you can use GPL code in proprietary software if the copyright holder gives you permission, so if you're the copyright holder then you automatically have permission.
Let me challenge you to a AV, kill and dual, what we do is you create a malware I will try kill it in any way possible, then I will create a Malware and you will try kill it And I assure you putting a bet, that you will not even some close to killing my Malware. It will instead own your AV so badly.
Next this code can kill known malware like Black Shades and as your would be a unknown virus it would need heuristics to scan and I got the right one.
My technique, hook all process from before, then when a new process comes into hand hook that as well, then if the process is malware it would use CopyFile and MoveFile fairly quickly so I will just create a callback and return 0, then call ExitProcess from within the process, and bamn your Virus has been terminated.
This is not about your coding skill, this is about a statement you made earlier :p I have no doubt that I will fail miserably at making any kind of AV, but I also think you should not boast with untrue statements.
My technique, hook all process from before, then when a new process comes into hand hook that as well, then if the process is malware it would use CopyFile and MoveFile fairly quickly so I will just create a callback and return 0, then call ExitProcess from within the process, and bamn your Virus has been terminated.
Why do I have the impression this isn't anything new? Maybe because it's common sense for an antivirus to function this way?
Look I am not boasting but I am saying with minor improvement it can kill even famous Malwares such as Black Shades right? which does have ACL and DACL protection yet it kills it via few tricks but all malwares without rootkits always start up in the registry and in the run location and mine scans around it and removes those malwares and technically it does so look try create a malware with the specifications of the scan and see what the scan file does.
@Catfish
AV's do not hook what functions I hook they operate solely from Kernel whereas mine use Malware tricks against themselves. This is the idea, I adopted and changed the idea from SpyEye.
Uh you had your supposed I.Q. in your profile, seriously who does that?
I am willing to test you in a sandboxed environment if you ever actually release anything. I expected a thread titled "Unveiling of Epsilon Anti-Virus" that something would be unveiled, 7 pages later...still nothing.
Yeah, I know that dude ask Script Coder, he knows us two and we do talk to him often, at-least I do anyway I don't know bout Script Coder we did work on a project with him.
I think Script should comment.
Anyway Naraku then why are you commenting if the topic is not understood by you, the best thing is to keep quite.
Yeah, I know that dude ask Script Coder, he knows us two and we do talk to him often, at-least I do anyway I don't know bout Script Coder we did work on a project with him.
SpaceWorm wrote:
If any of you are familiar with "Cyberwarfare" I am his Older Brother & I have uploaded a video in his Account. I hope you enjoy this:
You say that like it means anything. I don't know him anymore than I know you.
Anyway Naraku then why are you commenting if the topic is not understood by you
I never said I couldn't understand your code, I said I'm not a WINAPI guy by which I meant I don't use it much other then for testing and trying to help others.