help writing shield for clam anti virus
From: joe (jcharth_at_hotmail.com)
Date: 05/31/04
- Next message: Alex: "Re: Driver filter for Serial Port"
- Previous message: Alexander Grigoriev: "Re: Driver filter for Serial Port"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 31 May 2004 15:06:43 GMT
Hi I am trying to create an open source shield. I wrote a little process
scanner with the code from an example by Ivo. Currently it scans every
process after it is launched and it tell warns when i file that is running
is infected. I found a couple of driver examples on the web for reporting
file io access. One is called filemon and the other is called spy. I found
spy at code guru. I also found another example that halts the system. my
idea is to monitor update, create file and halt the system as soon as one
of this files is infected then remove the file in the halt screen. I found
a piece of code to halt the system too. My problem is that i cant get any
out put of the sys or vxd drivers. I was wondering if anyone can help me to
do this. I believe the spy driver is written in asm and i dont have ddk so
i cant recmpile the driver, and i believe it only outputs file access to a
file and it only works with vxds.
I am using the cygwin compiler and i have managed to compile the cpp code
of filemon but i cant get it to print the io access to screen.
I created a loop with the following code but i cant get anything out of it
if ( ! DeviceIoControl( sys_handle, FILEMON_getstats,
NULL, 0, &Stats,
sizeof Stats,
&StatsLen, NULL ) )
{ printf( "no access driver" );}
printf( "%s\n", Stats );
thanks in advanced for the help.
- Next message: Alex: "Re: Driver filter for Serial Port"
- Previous message: Alexander Grigoriev: "Re: Driver filter for Serial Port"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
