MorphostLab

Tempat nongkrongnya Morphic dan kawan-kawan

Ilmu Compress untuk Virus Dan Antivirus

Posted by Morphic pada Oktober 4, 2009


ini sebenarnya source code lama dan banyak yang belum memperhatikan source ini.
jadi daripada source ini mati, lebih baik di publish ulang aja.

source ini pertama kali dipublish oleh Rudin Harianto.

begini sourcenya:
Private Sub Decompress(FileName As String)
Dim Result As String
Dim Posisi As Double
Dim prevByte As Byte
Dim currByte As Byte
Dim AmbilBit As Byte
Dim andPrev, andCurr As Byte
Dim i, j As Double
Dim TempResult As Byte
Open FileName For Binary As #1
If Dir(Left(FileName, Len(FileName) – 3) + “tmp”) “” Then _
Kill Left(FileName, Len(FileName) – 3) + “tmp”
Open Left(FileName, Len(FileName) – 3) & “tmp” For Binary As #2
AmbilBit = 0
andPrev = &H1
andCurr = &HFC
For i = 1 To FileLen(FileName)
If AmbilBit = 0 Then
Get #1, i, currByte
currByte = currByte And &HFE
TempResult = currByte / 2
Else
Get #1, i – 1, prevByte
Get #1, i, currByte
prevByte = prevByte And andPrev
prevByte = prevByte * (2 ^ (8 – AmbilBit – 1))
currByte = currByte And andCurr
currByte = currByte / (2 ^ (AmbilBit + 1))
TempResult = prevByte Or currByte
End If
If AmbilBit = 7 Then
AmbilBit = 0
i = i – 1
andPrev = &H1
andCurr = &HFC
Else
AmbilBit = AmbilBit + 1
If AmbilBit > 1 Then
andPrev = andPrev + (2 ^ (AmbilBit – 1))
andCurr = &HFF – andPrev – (2 ^ AmbilBit)
End If
End If

TempResult = TempResult + &H20
Put #2, , TempResult
Next i
Close #1
Close #2

Open Left(FileName, Len(FileName) – 3) & “tmp” For Input As #3
Result = Input(FileLen(Left(FileName, _
Len(FileName) – 3) & “tmp”), #3)
Result = Replace(Result, Chr(&H7F), Chr(10), , , vbBinaryCompare)
Result = Replace(Result, Chr(&H80), Chr(13), , , vbBinaryCompare)
For i = 97 To 122
Result = Replace(Result, Chr(&H80 – 96 + i), _
Chr(i) + ” “, , , vbBinaryCompare)
Next i

Close #3

Kill Left(FileName, Len(FileName) – 3) & “tmp”
If Dir(Left(FileName, Len(FileName) – 3) + “txt”) “” Then _
Kill Left(FileName, Len(FileName) – 3) + “txt”

Open Left(FileName, Len(FileName) – 3) & “txt” For Binary As #4
Put #4, , Result
Close #4
End Sub

Private Sub Compress(FileName As String)
Dim i As Byte
Dim IsiText As String
Dim Posisi As Double
Dim String8 As String
Dim Temp1 As Byte
Dim Temp2 As Byte
Dim currTemp As Integer
Posisi = 1
Open FileName For Input As #1
IsiText = Input(FileLen(FileName), #1)
Close #1

If Dir(Left(FileName, Len(FileName) – 3) + “ZZZ”) “” Then _
Kill Left(FileName, Len(FileName) – 3) + “ZZZ”
Open Left(FileName, Len(FileName) – 3) + “ZZZ” For Binary As #2
IsiText = Replace(IsiText, Chr(10), Chr(&H7F), _
, , vbBinaryCompare)
IsiText = Replace(IsiText, Chr(13), Chr(&H80), _
, , vbBinaryCompare)

For i = 97 To 122
IsiText = Replace(IsiText, Chr(i) + ” “, _
Chr(&H80 – 96 + i), , , vbBinaryCompare)
Next i
Do While Posisi < Len(IsiText)
String8 = Mid(IsiText, Posisi, 8)
Posisi = Posisi + 8
ReDim ByteTemp8(Len(String8) – 1) As Byte
ReDim ByteResult7(Round((Len(String8) * 7) / 8 + _
0.4) – 1) As Byte

For i = 1 To Len(String8)
ByteTemp8(i – 1) = (Asc(Mid(String8, i, 1)) – &H20)
Next i
currTemp = 128
Temp2 = 0

ByteResult7(0) = ByteTemp8(0) * 2
For i = 1 To UBound(ByteResult7)
ByteTemp8(i) = ByteTemp8(i) * 2
Temp2 = Temp2 + currTemp
currTemp = currTemp / 2
Temp1 = ByteTemp8(i) And Temp2
Temp1 = Temp1 / (2 ^ (8 – i))
ByteResult7(i – 1) = ByteResult7(i – 1) Or Temp1
ByteTemp8(i) = ByteTemp8(i) And (&HFF – Temp2)
ByteTemp8(i) = ByteTemp8(i) * (2 ^ i)
ByteResult7(i) = ByteTemp8(i)
Next i
If Len(String8) = 8 Then _
ByteResult7(6) = ByteResult7(6) Or ByteTemp8(7)
Put #2, , ByteResult7
Loop
Close #2
End Sub

Private Sub cmdCompress_Click()
Compress "c:\test.txt"
End Sub

Private Sub cmdDeCompress_Click()
Decompress "c:\test.txt"
End Sub

Source itu fungsinya untuk mengcompress sebuah file "text" dengan tingkat compress hingga 20%.
Ingat! File Exe tidak bisa dieksekusi setelah dicompress dengan teknik ini!

Trik ini hanya untuk memperkecil ukuran saja.
Fungsi untuk antivirus:
-berfungsi untuk mengkarantinakan virus!
-untuk encrypt database internal!

Fungsi untuk Virus:
-bisa anda pikirkan sendiri

dipublish ulang oleh :Morphic

37 Tanggapan to “Ilmu Compress untuk Virus Dan Antivirus”

  1. shafry said

    If Dir(Left(FileName, Len(FileName) – 3) + “tmp”) “” Then _
    Kill Left(FileName, Len(FileName) – 3) + “tmp”

    error

  2. Goest said

    Mau tanya Source Code VB 6.0 nch.
    Bagaimana caranya mempercepat scan virus dengan antivirus yang kita buat dengan VB 6.0.

    • Morphic said

      memprcpatnya yah,,, kita harus melakukan seleksi pada file dan jangan memperberat pemeriksaan pada file….

      morphost kompilasi 4 udah makin cpat skrg..

      • maksudnya jangan memperberat itu bagaimana bang morphic…????

        • Morphic said

          salah satu contoh yg paling sederhana adalah,
          usahakan jangan pakai dua checksum.

        • 2 checksum…???? kalau AV.q pakai 2 checksum,, hasilnya akan Ngeblank….

          apakah Heuristic-heuristic yang memakai fungsi instr itu juga memperberat..??

          kalau ia,, berikan solusinya…???

        • Morphic said

          heuristik string maksudmu kan?

          kalo mengakses/memeriksa file besar tentunya akan lambat.

          nah, untuk itu kita bisa mengecek beberapa kb saja dari setiap file

        • caranya bagaimana agar AV kita bisa mengecek sebagian saja…???? apakah pakai fungsi len(addres)…???

          kalau boleh,,… di share ya….!!🙂

        • Morphic said

          hmm.
          pakai filelen ntar.
          agak ribet juga tkniknya

        • Boleh G di share di sini…???

        • Morphic said

          kalo gak salah itu sudah pernah dibahas..

          coba lihat source code deteksi RUNONCE di blog ini.

        • owwhhh…. ia..ia….
          aku baru nyadar…. hehehe…

          bang morphic… mohon di cek source ini…

          Private Function Cek_Icon(Ceksum_Icon As String, Path As String) As Boolean
          Dim InterIco(50) As String
          Dim NumZ As Integer
          Dim W As ListItem
          InterIco(0) = “2243E99”: InterIco(1) = “2524D73”: InterIco(2) = “4D2EED”
          InterIco(3) = “26BAE23”: InterIco(4) = “240EC93”: InterIco(5) = “26BFC63”
          InterIco(6) = “20CA66F”: InterIco(7) = “2075E08”: InterIco(8) = “26BAE23”
          InterIco(9) = “24C13F4”: InterIco(10) = “2527B4A”: InterIco(11) = “2654406”
          InterIco(12) = “2527B4A”: InterIco(13) = “2658E0D”: InterIco(14) = “2791EAA”
          InterIco(15) = “183C72C”: InterIco(16) = “22BD9B0”: InterIco(17) = “2021287”
          InterIco(18) = “2A66CD6”: InterIco(19) = “2A06904”: InterIco(20) = “2925691”
          InterIco(21) = “28D6958”: InterIco(22) = “2B47B54”: InterIco(23) = “2144AB6”
          InterIco(24) = “20F9635”: InterIco(25) = “24E8B59”: ‘InterIco(26) = “2144AB6”

          For NumZ = 0 To 25
          If InterIco(NumZ) = Ceksum_Icon Then
          Cek_Icon = True
          Set W = frAntiVirus.ListView1.ListItems.Add(, , Path)
          W.SubItems(1) = “Strange Icon”
          W.SubItems(2) = “Heuristic Icon”
          Exit For
          End If
          Next
          End Function
          ‘ ———————————————- CEK ICON ————————————-

          Public Function Draw_ico(PathToDraw As String, PicBox As PictureBox) As Boolean
          Dim hIcon As Long
          Dim IconExist As Long
          Dim HashIco As String
          Dim SaveTmp As String
          Draw_ico = False ‘ Kembalikan nilainya ke False
          PicBox.Cls
          SaveTmp = App.Path & “\ico.tmp”
          IconExist = ExtractIconEx(PathToDraw, 0, ByVal 0&, hIcon, 1)
          If IconExist <= 0 Then
          IconExist = ExtractIconEx(PathToDraw, 0, hIcon, ByVal 0&, 1)
          If IconExist Lihat KET
          ‘ KETERANGAN
          ‘ &H1 = Mask ‘
          ‘ &H2 = Image ‘
          ‘ &H3 = Normal ‘
          ‘ &H4 = Compact ‘
          SavePicture PicBox.Image, SaveTmp ‘ Simpan Dulu Gambarnya
          HashIco = Calc_Byte_Icon(SaveTmp) ‘ Calculasikan Byte Simpanan
          If Cek_Icon(HashIco, PathToDraw) = True Then
          Draw_ico = True ‘ Cek Hasil Hash Icon nya – OK
          End If
          End Function
          ‘ ———————————————- Suspect From ICON ————————————-
          Private Function Calc_Byte_Icon(Path As String) As String ‘ Kalkulasikan Byte Icon
          Dim Bin() As Byte
          Dim Tempx As String
          Dim Count, LongHash As Double

          ReDim Bin(FileLen(Path)) As Byte
          Open Path For Binary As 1
          Get #1, , Bin
          Close #1

          For Count = 1 To UBound(Bin)
          LongHash = LongHash + Bin(Count) ^ 2
          Next
          Calc_Byte_Icon = Hex(LongHash)
          End Function

          nah dengan code seperti itu… AV saya kq tetep g mendeteksi targetnya ya…?? apa ada yang salah ato kurang…???

        • Morphic said

          letak kesalahannya ada pada picturebox-nya.

          kalo kamu dapat code di atas dengan copy paste, maka kamu harus mengcopy picturebox-nya juga..
          jangan buat picturebox sendiri.

          begitu..

        • sebener.e code itu dah lama banget ada di AV.q…. tpi g aku pake…

          picturebox yang ada di form AV.q itu namanya “picTmpIcon”

          kalau g salah,, aku dapat kode itu saat beli bukunya mas hirin…

        • Morphic said

          oo, ya. pictmpicon

          itu copy paste aja..

        • jadi cuma itu aja yang salah bang….???

        • Morphic said

          coba aja lah dulu…

  3. help said

    mau tanya neh: cara ngilangin worm/confidker.Z.33 gimana neh…..

  4. Ok deh sip sip….

  5. muamarkudo said

    haha…jiah ntar pasiennya malah dikasih nya minum morphost bkn minum obat tu bang…

  6. Ooh…
    Ini ya phic compress yg ampe 20% tu.

    Belajar dulu la..
    Bsk UTS

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

 
%d blogger menyukai ini: