تقييم الموضوع :
  • 0 أصوات - بمعدل 0
  • 1
  • 2
  • 3
  • 4
  • 5
ضرررروووي المساعدة
#1
السلام عليكم ...
عندي وصف لمشروع بدي توضيح لهادا الوصف ضروي  الرجاء المساعدة
Computer Security Project (Registry Guard)
 
You’re assigned to create a simple Registry anti-malware product, shall be named Registry Guard and that scans the following registry key, which contains the startup programs:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
The Registry Guard shall read all the values in those Keys and do the following,
-        If the path referenced by the registry values is not available, then the Registy Guard will delete that Value item completely, and then it  must log and display the performed action
 
-        If the path referenced by the registry value is available, then the Registry Guard will scan the actual File to determine if it is a malware or a potential malware.
 
The conditions upon which the Registry Guard should mark an application as malware are as follows:
-        The file have a matching hash value of a known set of hashes.
-        The file have signature content that is identical to a sample content from a known set of samples
 
The conditions upon which the Registry Guard should mark an application as potential malware are as follows:
-        The file contains a string that correspond to URL or IP Address, whereas
o  The URL is not a Microsoft URL
o  The IP Address is not a local IP Address (From the current local network)
 
In case the Registry  Guard finds a malware, then it should:
-        Delete the actual file
-        Delete the corresponding Registry Value
-        Log and display the performed action
In case the Registry Guard finds a potential malware, then it should:
-        Log and display the performed action only
 
The Log Entry should be a text that is similar to the following:
Registry Value : Action : Reason
 
Action = Delete, Log
Reason =  NotFound, Malware, Potential Malware
 
 
Signatures Sub-System
The Registry Guard must contain a subsystem for accepting samples, where it generates two signatures:
-        hash
-        random bytes
 
The Registry Guard needn’t store the signatures, only save them during Runtime.
 
 
Good Luck!


الملفات المرفقة
.docx   Registry Guard.docx (الحجم : 16.37 ك ب / التحميلات : 5)
الرد }}}}
تم الشكر بواسطة:
#2
موضوع طويل جدا ولكن ممكن خطوة خطوة

// Registry Part

Get keys in registry -------
(SOFTWARE\Microsoft\Windows\CurrentVersion\Run\)
http://stackoverflow.com/questions/17386...n-registry

How to get registry keys and values in listview
http://stackoverflow.com/questions/26608...n-listview

Read, write and delete from registry with C#
https://www.codeproject.com/Articles/338...try-with-C

// Files Part

How to find out if a file exists in C# / .NET?
http://stackoverflow.com/questions/38960...-sharp-net

Calculate MD5 checksum for a file
http://stackoverflow.com/questions/10520...for-a-file

https://github.com/Muraad/Mime-Detective
https://filetypedetective.codeplex.com

اتمنى يفيدك البحث
الرد }}}}
تم الشكر بواسطة: sendbad100 , sendbad100


المواضيع المحتمل أن تكون متشابهة .
الموضوع : الكاتب الردود : المشاهدات : آخر رد
Lightbulb المساعدة في قاعدة بيا نات للموظفين تحمل صورة الموظف maxima20052002@yahoo.fr 6 2,174 24-07-15, 02:05 AM
آخر رد: alzieny

التنقل السريع :


يقوم بقرائة الموضوع: بالاضافة الى ( 1 ) ضيف كريم