search

SwuduSusuwu / SubStack

Stages blog posts, has C++ sources which match posts. Blog is about antivirus + autonomous tools + human nervous tissues
https://SwuduSusuwu.substack.com/
Apache License 2.0
1 stars 0 forks source link

`cxx/VirusAnalysis.cxx`, `cxx/ClassSys.*xx`, `cxx/ClassPortableExecutable.hxx`: auto scan of downloads/launches #28

Open SwuduSusuwu opened 16 hours ago

SwuduSusuwu commented 16 hours ago

Rationale: some users forget to scan new executables, plus some viruses cause infection without execution.

Background: +classSysKernelSetHook(): for ?virusAnalysisHook gives https://github.com/SwuduSusuwu/SubStack/blob/f69c1ee6bc108bdf5f4647c12303d8a84dfb67a0/cxx/ClassSys.hxx#L54-L72 which is used as https://github.com/SwuduSusuwu/SubStack/blob/f69c1ee6bc108bdf5f4647c12303d8a84dfb67a0/cxx/VirusAnalysis.cxx#L145-L173 ; both have lots todo (classSysKernelSetHook requires kernel code to do this, virusAnalysisHook requires specialization for all the versions of operating system functions which can download or execute). As those functions require specialized knowledge of operating systems, this is one of the more difficult tasks to finish alone. Wish for pull requests (or suggestions) for this task.