Click here to Skip to main content
15,917,538 members
Search within:


How to edit my code to make it do what I want (explained below)
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
VB
So ive got some code ill put at the end. basically my program scans files and and if any of the md5 hashes match a list of md5 hashes from a text file. It works but basically what i want to do is inside the text file with md5 hashes, under earch md5 hash i want to put for example (win 32 genic) and then if my tool finds a virus i want in a label it to show the line below (so if in the database is the hash 1234 and underneath the 1234 hash is win32genic and nothing else. so if a file with the same hash is found it will show in a label win32genic. Below is the existing code without the label win 32 genic thing does anyone know how i can add the feature i was talking about?



Private Sub TimerStart()

       Dim LimitReached As Boolean = Me.InvokeIfRequired(Function() ProgressBar1.Value = ProgressBar1.Maximum)

       'Keep looping until limit is reached.
       While Not LimitReached

           'InvokeIfRequired() can take multiple lines.
           Me.InvokeIfRequired(
           Sub()
               ProgressBar1.Maximum = ListBox1.Items.Count.ToString() 'Calling ToString() is much better than Conversions.ToString().
               total.Text = ListBox1.Items.Count.ToString()
           End Sub) 'End of InvokeIfRequired().

           'Check if the limit is reached.
           LimitReached = Me.InvokeIfRequired(Function() ProgressBar1.Value = ProgressBar1.Maximum)

           If Not LimitReached Then

               Me.InvokeIfRequired(
               Sub()
                   Try
                       ListBox1.SelectedIndex = ListBox1.SelectedIndex + 1
                       Label1.Text = ListBox1.SelectedItem.ToString
                   Catch ex As Exception
                   End Try
               End Sub)

               Try

                   Dim scanbox As String 'This should be a String, NOT a TextBox.
                   Dim read As String = My.Computer.FileSystem.ReadAllText(Application.StartupPath & "\Database\VirusList.dat")

                   Me.InvokeIfRequired(
               Sub()
                   ProgressBar1.Increment(1)
                   detected.Text = Quarantine.ListBox2.Items.Count.ToString() 'Again, use .ToString(), not Conversions.ToString().
                   Label5.Text = String.Format("{0:F2}%", ((ProgressBar1.Value / ProgressBar1.Maximum) * 100))
                   files.Text = ProgressBar1.Value.ToString()
               End Sub)

                   scanbox = read.ToString
                   Dim md5 As New MD5CryptoServiceProvider 'Shortened to "As New" instead of "As ... = New ..."

                   'IMPORTANT: Wrap all streams in "Using .../End Using". This will ensure that the stream is closed and the file handle is released.
                   Using f As New FileStream(ListBox1.SelectedItem, FileMode.Open, FileAccess.Read, FileShare.Read, 8192) 'Again, shortened to "As New".

                       'REMOVED: You were setting "f = New FileStream..." two times. Not a good thing to do.
                       md5.ComputeHash(f)
                       Dim hash As Byte() = md5.Hash
                       Dim buff As New StringBuilder '"As New".
                       'This line is irrelevant: "Dim hashByte As Byte".
                       For Each hashByte As Byte In hash
                           buff.Append(String.Format("{0:X2}", hashByte))
                       Next

                       If scanbox.Contains(buff.ToString) Then

                           Me.InvokeIfRequired(Sub() f.Dispose())
                           Me.InvokeIfRequired(Sub() EncryptFile())
                           Me.InvokeIfRequired(Sub() Quarantine.ListBox2.Items.Add(ListBox1.SelectedItem()))
                           Me.InvokeIfRequired(Sub() WriteToLog("File Quarantined:" + ListBox1.SelectedItem))
                       End If
                   End Using 'Close the FileStream.

               Catch ex As Exception
               End Try
           Else
               'REMOVED: "Timer1.Stop()" is no longer needed.

               Me.InvokeIfRequired(
               Sub()
                   If CheckBox1.Checked = True Then
                       System.Diagnostics.Process.Start("shutdown", "-s -t 00")
                   Else
                       ProgressBar1.Value = 0
                       If ListBox1.Items.Count = 0 Then
                           If Form1.CheckBox1.Checked = True Then
                               full.CancelAsync()
                               quick.CancelAsync()
                               Critical.CancelAsync()
                               cust.CancelAsync()
                           End If
                       Else
                           Form1.CheckBox1.Checked = False
                           Form1.CheckBox2.Checked = False
                           Form1.CheckBox3.Checked = False
                           Form1.CheckBox4.Checked = False
                           Quarantine.Label3.ForeColor = Color.DarkRed
                           Quarantine.Label2.ForeColor = Color.DarkRed
                           full.CancelAsync()
                           quick.CancelAsync()
                           Critical.CancelAsync()
                           cust.CancelAsync()

                       End If
                   End If
               End Sub) 'End of InvokeIfRequired().
           End If
           'Do some more background stuff...
       End While


   End Sub


What I have tried:

i havent tried anything as im really not sure where to start from. Ive google but i can seem to find anything that i need. (btw i need it in vb.net)
Posted
Updated 29-Oct-17 5:55am
Add a Solution
Comments
Richard MacCutchan 29-Oct-17 12:53pm    
You keep reposting this question but you are not really making progress, due to your misunderstanding of what a virus actually does. Using any form of hash comparison is not going to give you the answer.

1 solution

You do realize that if a virus changes a file, the MD5 hash for the resulting file will not match the "signature" for any specific virus?
When you hash a file, you generate a value which is dependant on the the total contents of the file. When a virus changes a file, the new MD5 value is dependant on the total content of the changed file, not "just the changed bit".

For example, if the hash algorithm is (for the sake of simplicity) "add up the bytes and throw away any carry out of a single byte value" then if a two files start out like this (hex values for simplicity)
File 1: 01 02 03 04    Hash == 0A hex.
    File 2: 21 22 23 24    Hash == 8A hex.
Suppose the virus always changes the second byte to hex 14:
File 1: 01 14 03 04    Hash == 1C hex.
File 2: 21 14 23 24    Hash == 7C hex.
The hash values have changed, and you can detect that, but you can't say "it was #2Is14 virus" just by looking at the new hashes.
In fact it could be "#3Is15 virus":
File 1: 01 02 15 04    Hash == 1C hex.
File 2: 21 22 15 24    Hash == 7C hex.
Which generates the same hash values!

You cannot use hash values to identify a virus infected file: you can only use it to detect a file that has been changed since the last scan, and that change may be as a result of virus activity.
 
Share this answer
 
Posted
Comments
CodingIsDreamy 29-Oct-17 12:02pm    
hey Original Giff i understand what you mean. What about SHA1 how can i change the code i have abouve to work with a list of sha1 hashes. Or how can i use the code abouve to use a list of virus signitures (sha1) what can i do? how do i make my code useful lol :-)
OriginalGriff 29-Oct-17 12:09pm    
You can't do it.
Any hash - like the trivial example I gave - right up to SHA3-1024 does the same thing: the hash value is for the whole content of the file, and cannot, under any circumstances tell you what part or parts where changes, or what changes were made. You cannot use a hash to identify directly what changes were made (because that would require "reversing" the hash value and you can't do that), so you can;t use the current hash as any indication of what virus made the changes.

Sorry to rain on your parade, but that is the absolute truth. What you are trying to do cannot be done; it will not work.
CodingIsDreamy 29-Oct-17 12:29pm    
ok i understand. Do you know how i can turn my code to make it able to scan a list of sha1 hashes instead of md5 (without the names)
OriginalGriff 29-Oct-17 12:38pm    
You wrote it: it's pretty obvious!
Are you telling me that you can;t work out how to stop using
https://msdn.microsoft.com/en-us/library/system.security.cryptography.md5cryptoserviceprovider(v=vs.110).aspx
and start using
https://msdn.microsoft.com/en-us/library/system.security.cryptography.sha1cryptoserviceprovider(v=vs.110).aspx
instead? Because if so, you are so far out of your league that you are probably playing a different game altogether. :laugh:
CodingIsDreamy 29-Oct-17 12:44pm    
look ive tried that but it's not working like that i get no error just doesnt work
/ detect the file
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Please explain below codes
How do I solve below problem write a C++ code for
I am trying to make a java application run in eclipse with the following criteria below.
Can you explain this code below?
I want below code to convert in C.
Want to know the explaination of code
Why this code is wrong and do I want to create dasabase
Can anyone explain the below code, which is from a gridview_rowdatabound method
I want explain how the code works? .
How do I use a column to fill out another edited version of the first column

Advertise
Privacy
Cookies
Terms of Use
Last Updated 29 Oct 2017
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-06-13:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900