ضرررروووي المساعدة - نسخة قابلة للطباعة +- منتدى فيجوال بيسك لكل العرب | منتدى المبرمجين العرب (http://vb4arb.com/vb) +-- قسم : قسم لغة السي شارب C#.NET (http://vb4arb.com/vb/forumdisplay.php?fid=175) +--- قسم : قسم امثلة ومشاريع C#.NET (http://vb4arb.com/vb/forumdisplay.php?fid=179) +--- الموضوع : ضرررروووي المساعدة (/showthread.php?tid=18775)

ضرررروووي المساعدة - stu - 12-01-17 السلام عليكم ... عندي وصف لمشروع بدي توضيح لهادا الوصف ضروي  الرجاء المساعدة Computer Security Project (Registry Guard)   You’re assigned to create a simple Registry anti-malware product, shall be named Registry Guard and that scans the following registry key, which contains the startup programs: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run The Registry Guard shall read all the values in those Keys and do the following, -        If the path referenced by the registry values is not available, then the Registy Guard will delete that Value item completely, and then it  must log and display the performed action   -        If the path referenced by the registry value is available, then the Registry Guard will scan the actual File to determine if it is a malware or a potential malware.   The conditions upon which the Registry Guard should mark an application as malware are as follows: -        The file have a matching hash value of a known set of hashes. -        The file have signature content that is identical to a sample content from a known set of samples   The conditions upon which the Registry Guard should mark an application as potential malware are as follows: -        The file contains a string that correspond to URL or IP Address, whereas o  The URL is not a Microsoft URL o  The IP Address is not a local IP Address (From the current local network)   In case the Registry  Guard finds a malware, then it should: -        Delete the actual file -        Delete the corresponding Registry Value -        Log and display the performed action In case the Registry Guard finds a potential malware, then it should: -        Log and display the performed action only   The Log Entry should be a text that is similar to the following: Registry Value : Action : Reason   Action = Delete, Log Reason =  NotFound, Malware, Potential Malware     Signatures Sub-System The Registry Guard must contain a subsystem for accepting samples, where it generates two signatures: -        hash -        random bytes   The Registry Guard needn’t store the signatures, only save them during Runtime.     Good Luck! RE: ضرررروووي المساعدة - محمد كريّم - 12-01-17 موضوع طويل جدا ولكن ممكن خطوة خطوة // Registry Part Get keys in registry ------- (SOFTWARE\Microsoft\Windows\CurrentVersion\Run\) http://stackoverflow.com/questions/17386755/get-keys-in-registry How to get registry keys and values in listview http://stackoverflow.com/questions/26608203/how-to-get-registry-keys-and-values-in-listview Read, write and delete from registry with C# https://www.codeproject.com/Articles/3389/Read-write-and-delete-from-registry-with-C // Files Part How to find out if a file exists in C# / .NET? http://stackoverflow.com/questions/38960/how-to-find-out-if-a-file-exists-in-c-sharp-net Calculate MD5 checksum for a file http://stackoverflow.com/questions/10520048/calculate-md5-checksum-for-a-file https://github.com/Muraad/Mime-Detective https://filetypedetective.codeplex.com اتمنى يفيدك البحث