Writing an Antivirus in C#

Question

3.00/5 (1 vote)

See more:

Hi every one

I want to write an AV in VC# but I don't know how I can monitor FileSystem events like opening a file, reading, creating, ...
C# FileSystem Class doesn't give me enough control. I want to make something like scanner driver (Windows Driver Kit) in C#.

I searched Google but I couldn't find any thing useful. They don't have on access time scan. They have just manual scan.

Thanks.

Posted 24-May-11 22:05pm

Coder-123456

Add a Solution

4 solutions

Solution 2

similar qustion link in cp
How to Develop a Anti Virus Using c# or vb .net[^]
How to create an antivirus in C#[^]

Posted 24-May-11 22:22pm

ambarishtv

Comments

Sergey Alexandrovich Kryukov 25-May-11 10:18am

Hope looking at these discussion will be sobering... :-) My 5.
--SA

Solution 6

Try
http://codemink.com/how-to-make-antivirus-using-c-programming-language/[^]
http://itsecuritylab.eu/index.php/2010/09/03/writing-crypter-bypassing-antivirus-how-to-for-beginners/[^]
http://blog.emsisoft.com/2011/05/24/how-many-viruses-are-made-by-anti-virus-companies/[^]

Posted 8-Feb-14 6:47am

Abhinav S

Solution 5

You're not making a driver in C#. It would be easier to learn C/C++ and use the Driver SDK than it would to rewrite sections of the SDK in C# so you can make a driver in C#.

An application like this is not just a simple C# app and hoping that you can use a couple of events to trigger your code.

FAR, FAR from it.

The FileSystemWatcher watches the FILE SYSTEM, not the files in it. Since reading a file does not change the file system, there's nothing for the FileSystemWatcher to notify you of.

In order to write this, you need an in-depth knowledge of Windows internals and NTFS. I suggest start reading these:

Windows Internals - Part 1[^]
Windows Internals - Part 2[^]
Inside Windows Debugging[^] - because you're not going to be able to get away from using WinDbg.
Advanced Windows Debugging[^] - you ARE going to be doing kernel-level debugging for a project like this.

Posted 8-Feb-14 3:59am

Dave Kreskowiak

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kim Togo · Accepted Answer · 2011-05-24T22:22:00

Solution 1

If you do not have the knowledge to program in C++ or C# and the understanding on how to scan for patterns in files and analyzes how a program behave. Then do not try :-)

Posted 24-May-11 22:22pm

Kim Togo

Comments

Sergey Alexandrovich Kryukov 25-May-11 10:13am

Good idea. I would advice to give up, too. My 5.
--SA