Jump to content

My Project


Sykole

Recommended Posts

The description of this forum is; "Where all the unrelated watermelons and other nonsense go" and I guess this is my watermelon :kappa:

So the past year, I have been working on a project, which was to me more than anything a personal assistance. As I have dealt with files ranging from 5 to 10 each day, It was common to find one or two being malicious but it required a few tools to get the job done (And yes, I used to work as a file analyzer). Anyways, I decided to create a tool which I can depend on and has all those features combined into one, and that is it. I have somewhat successfully got everything sorted.

This is a holder, so not all the functions are implemented yet, but they were in the older version but I decided to create a new GUI with a complete recode for the engine. 

It depends on heuristic scanning, and on a custom engine and logic which I created myself (Thanks to dnlib for the .NET decoding library, oh and to BeeEngine for the instruction decoding too hehe) 

Enough talking, here are some screenshots (BF as an example LOL)

01f08016f8e041faa774dc2846003b45.png

4ibl05.jpg

05575eaed0e2414c9d215ef1ca6ee1ad.png

390195a41be144ffb1c394f70e9ea0c7.png

The basically,  the pictures above show the strings found in the file I scanned (Which is the client in this case), it has a specific criteria which is in this case already implemented in the engine and is not modify-able

Then there's the "logic" box where it basically scans and understand (in a way) how the file works and functions and then concludes if the file is safe or not.

So what do you think? Would you consider using this tool to check files you download?  

It also loaded 28mb (which is the client) in around 48 seconds which I consider really good because it took so much optimization for it to reach that level (String scanning included).

Would appreciate your opinions :D

 

Edited by Sykole
Link to comment
Share on other sites

7 hours ago, veryhasted said:

You should obviously call it "Super Advanced File Blaster 3000" :kappaross:

There is polish proverb. "Don't call wolf from forest."

 

By image expecting informatic nonsense that i'd to understand.

Saw by content informatic nonsense that i'd to understand.

Edited by Dallarian
Link to comment
Share on other sites

Basically, this is a quick guide for normal users (Which I focused on more while creating the tool) and for advanced ones too.

Each file we have on our computers uses "Libraries"; Those libraries indicate in a some way what does the file do.

For example, we get hmm.. Chrome.exe which is a browser and connects to the internet; When they have made Chrome they added a known library which in general allows any file to connect to the internet. This allows my program to tell you that the file can access the internet. You wouldn't want to download an alarm which connects to the internet, sounds suspicious right?

Here is a screenshot of the old GUI; (Analyze of Chrome.exe) 

baf6fbd66f6745e69bed3903b01b82a0.png

The "Results/Comments" box is the most important one for regular users since it basically gives you the information you need, no more and no less.

Hope I made it clearer. :)

 

Link to comment
Share on other sites

I will re-code the program entirely, if you have any suggestions, or additions you would like to see, just let me know on this thread please, would mean the world to me!  

 

Edit; With what I have in mind, the update should reduce the code size by around 1000 lines, and would improve the performance by at least 60%, also a few edits for the GUI which should help minimize the overall consumed space and allow regular users to "explore" and understand the features provided better. :D 

Edited by Sykole
Link to comment
Share on other sites

  • 3 weeks later...

I literally got the program to handle RAM issues after hours and hours of work with no result. I feel so damn achieved right now. lol

> Now instead of loading multiple files in the program's memory, and it stacking on it each other, now each file is properly disposed and clears not less than ~20k RAM usage, that's for a like 12mb file (blackops2), having it on larger scale would affect it even more.

God bless :kappa: He has been supporting me all the way 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use