在大于实际病毒的二进制文件中检查病毒签名

时间:2019-05-05 18:24:49

标签: c

我正在尝试扫描二进制文件以查找病毒签名,但该文件大于病毒。因此,我尝试使用一个循环使每个循环更接近EOF。
我不知道我是否正确使用fseek()。如果我将病毒签名与其自身进行比较,但将其与其中具有签名的文件进行比较,则它不起作用。

此外,对于如何遍历文件夹中文件列表的任何帮助,将不胜感激。

//loop in main 
FILE * log = fopen("C:\\Users\\משתמש\\Desktop\\log.txt", "a");
    fprintf(log,"Anti-virus began! Welcome!\n\n");
    fprintf(log,"folder to scan:\n");
    fprintf(log, "%s\n",argv[2]);
    fprintf(log,"virus signature:\n");
    fprintf(log, "%s\n",argv[3]);
    fprintf(log,"scanning option:\n");
    fprintf(log, "%s\n\n\n", argv[1]);
    fprintf(log, "results:\n\n");
    for (int i = 0; i+size <=size+1; i++)
    {
        found = 0;
        found = normalScan(file, virus, i, size, vsize);
        if (found == 1)
        {
            fprintf(log, "%s  infected!\n", argv[3]);
            break;
        }
    }
    if (found != 1)
    {
        fprintf(log, "%s  not infected\n", argv[3]);
        printf("%d", found);
    }
//function for scanning
int normalScan(FILE * file,FILE* virus, int start,int size,int vsize)
{
    int found = 0;
    char* buffer = (char*)malloc((size + 1) * sizeof(char));
    char* virusSig = (char*)malloc((vsize + 1) * sizeof(char));
    if (start + vsize <= size)
    {
        buffer[size] = 0;
        virusSig[vsize] = 0;
        fseek(file, vsize, start + 1);
        fread(buffer, 1, size, file);
        fseek(virus, vsize, start + 1);
        fread(virusSig, 1, vsize, virus);
        int result = strcmp(buffer, virusSig);
        if (result == 0)
        {
            printf("\nVirus was found in file\n");
            printf("%s\n\n%s\n\n", buffer, virusSig);
            found = 1;
        }
        else
        {
            found = -1;
        }
    }
    if (found != 0)
    {
       free(virusSig);
       free(buffer);
       return found;
    }
    else
    {
       free(virusSig);
       free(buffer);
       return -1;
    }
}

0 个答案:

没有答案