The reason for the release is mainly because of the long-standing engine problem of a security software in China.
Security software should be provided to users and users with security, rather than troubles.
A specific engine problem occurs when a file is scanned, a copy is created, and the copied file is scanned.
Even Shell kill experts like AVP won't take off their shells if they see them. It is also very likely that they can directly extract viruses from the shells.
Definition.
The source code is as follows. Some sections are deleted, because this article does not allow everyone to write scanners, and this engine is no longer used.
.
Const cBuf_Size = 65536;
Var fintbuffer: pbytearray;
Procedure CheckInternalBuffer (aPos: Integer );
Var
PFR: Integer;
Begin
If (fIntBufferPos =-1) or (aPos <fIntBufferPos) or (aPos + 16)>
(FIntBufferPos + cBuf_size ))
Then begin
PFR: = aPos-(cBuf_size div 2 );
If pFR <0
Then
PFR: = 0;
FIntFile. Position: = pFR;
FIntFile. Read (fIntBuffer ^, cBuf_Size );
FIntBufferPos: = pFR;
End;
End;
Procedure FreeFile;
Begin
If fIntFile <> nil
Then begin
FIntFile. Free;
FIntFile: = nil;
End;
End;
Function CanOpenFile (const aName: string): Boolean;
Var
FHandle: THandle;
Begin
Result: = False;
// ReadOnly: = True;
If FileExists (aName)
Then begin
Fhandle: = CreateFileA (pchar (aname), GENERIC_READ, file_assist_read,
NIL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 );
If fhandle <> INVALID_HANDLE_VALUE
Then begin
Closehandle (fHandle );
Result: = True;
End;
End;
End;
Function LoadFromFile (const Filename: string): Boolean;
Begin
Result: = True;
FIntFile: = newreadfilestream (filename );
Try
FIntFile. Position: = 0;
Fdatasize2: = fintfile. Size;
Fintbufferpos: =-1;
Result: = True;
Finally
End
End;
Function Find (aBuffer: PChar; const aCount, aStart, aEnd: Integer
): Integer;
// Find something in the current file and return
Position,-1 if not found const IgnoreCase, SearchText: Boolean
Var
// PCR: TCursor;
PChAct: Char;
PCMem, pCFind, pCHit, pEnd: Integer;
Begin
Result: =-1;
PEnd: = aEnd;
If aCount <1
Then
Exit;
If aStart + aCount> (pEnd + 1)
Then
Exit; // will never be found, if search-part is smaller
Searched data
Try
PCMem: = aStart;
PCFind: = 0;
PCHit: = pCMem + 1;
Repeat
If pCMem> pEnd
Then
Exit;
CheckInternalBuffer (pCMem );
PChAct: = Char (fIntBuffer [pCMem-fIntBufferPos]);
If (PChAct = aBuffer [PCFind])
Then begin
If PCFind = (aCount-1)
Then begin
Result: = PCMem-aCount + 1;
Exit;
End
Else begin
If PCFind = 0
Then
PCHit: = PCMem + 1;
Inc (PCMem );
Inc (PCFind );
End;
End
Else begin
PCMem: = PCHit;
PCFind: = 0;
PCHit: = PCMem + 1;
End;
Until False;
Finally
// Cursor: = pCR;
End;
End;
Function TForm1.check2 (filename: string): boolean;
Const
CHexChars = 0123456789 ABCDEF;
Var h, n, x,
Findlen, FindPos, mypos: longint;
Up, findstr: string;
PSTR: String;
PCT, pCT1: integer;
Begin
Result: = false;
Findstr, mypos value:
Mypos: = mypoint;
PSTR: =;
PCT1: = Length (findstr) div 2;
For pCT: = 0 to (Length (findstr) div 2)-1
PStr: = pStr + Char (Pos (findstr [pCt * 2 + 1], cHexChars)-1) * 16 +
(Pos (findstr [pCt * 2 + 2], cHexChars)-1 ));
GetMem (FindBuf, pCT1 );
Try
FindLen: = pCT1;
Move (pStr [1], FindBuf ^, pCt1 );
FindPos: = Find (findstr, FindBuf, FindLen, mypos, mypos + findlen-1)
If FindPos =-1
Then exit
Else
Begin
// Do something!
Result: = true;
Exit;
End;
Finally
End;
End;
The code that supports multi-segment definition is omitted, that is, the code can be found and then continued.
Supported? Ignore Part Of The Byte Code omitted, nothing more than modifying the function.
The code is messy. Indeed, I have never liked to arrange it neatly. Otherwise, how can I make a BUG (funny)
This code is separated from the hexadecimal editor code. Since the original control is used to edit files
Copy the file to the temporary WINDOWS folder and modify
To avoid misoperation.
Therefore, to use any control, you must carefully check the source code intent and modify it if necessary. Otherwise, it will be detrimental to the user.
.
Jiangmin can modify the virus code of a security software that can check 2000 viruses if he does not know how to kill software in China.
Measurement available
Rising stars, if they can improve the international virus hunting capabilities and pay more attention to foreign trends, there is still hope.
Kingsoft, do not give away what users do not need for free, the future will be better.
Foreign Anti-Virus capabilities: KAV> MCAFEE> NOD32
The opposite is unknown virus hunting.
The last little requirement is that we hope Chinese people will rarely use foreign multi-engine detection, so that we can try to make the domestic environment more powerful.
The author of this article, jike, creator of the2avpro (pclxav), is running the second generation of signature engine
It is still unknown whether three generations of floating pattern engines can come out.
Contact: jike_man@hotmail.com http://crackchina.nease.net/