-
Jun 15th, 2018, 06:00 AM
#1
Thread Starter
Member
Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
I have an Anti-Virus in VB.Net, which has a real-time protection engine. Here's how it works.
1. Any process that is opened, it gets scanned.
2. That process that gets scanned, gets its MD5 hash taken from it, then compared to a string of MD5 hashes.
3. If the hash from the process is the same, a MessageBox comes up saying and the program is SUPPOED TO automatically end the process when the MessageBox comes up, but, when I try to end it with code, it gives me an "'Access denied to path 'xxx'" error message.
This is my code for the function to end the program.
Code:
Private Function GetMD5String(ByVal strFilename As String) As String
Dim cMD5 = System.Security.Cryptography.MD5.Create
Dim bytHash As Byte()
Dim sb As New System.Text.StringBuilder
Dim scanbox As New TextBox
scanbox.Text = My.Computer.FileSystem.ReadAllText("viruslist.txt").ToString
Using cStream As New IO.FileStream(strFilename, IO.FileMode.Open, IO.FileAccess.Read, IO.FileShare.Read)
bytHash = cMD5.ComputeHash(cStream)
End Using
For Each c In bytHash
sb.Append(c.ToString("X2"))
Next
If scanbox.Text.Contains(sb.ToString) Then
Detect.Show()
Detect.BringToFront()
Me.SendToBack()
Kill(strFilename)
End If
Return sb.ToString
End Function
If I insert
Code:
Process.Kill(strFilename)
I get the error:
Too many arguments to 'Public Overloads Sub Kill()
I've run this program as administrator, but it still hasn't done anything.
Any help would be greatly appreciated! Thanks.
Last edited by Modulus; Jun 15th, 2018 at 06:12 AM.
Reason: not mentioning important information in question.
-
Jun 15th, 2018, 06:08 AM
#2
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
This is a perfect example of why you should read the documentation. That Kill method you're calling is for deleting files, not ending a process. You should be calling Process.Kill.
-
Jun 15th, 2018, 06:11 AM
#3
Thread Starter
Member
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
I've already tried this method, and have read the documentation.
If I insert
Code:
Process.Kill(strFilename)
I get the error:
Too many arguments to 'Public Overloads Sub Kill()
I'll insert this into my question.
-
Jun 15th, 2018, 06:19 AM
#4
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
Originally Posted by Modulus
I've already tried this method, and have read the documentation.
If I insert
Code:
Process.Kill(strFilename)
I get the error:
I'll insert this into my question.
If you had read the documentation you would know why that wouldn't work. You get an instance of the process first, then call it's Kill() function (hint there's no arguments passed in there either).
-
Jun 15th, 2018, 06:51 AM
#5
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
Also this is hardly a anti virus system.
Any well respected virus will create copies and will not just and with closing the process.
It may also mutate so the hash will not get it.
But that is enough info now...
ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·
-
Jun 15th, 2018, 07:34 AM
#6
Thread Starter
Member
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
Originally Posted by sapator
Also this is hardly a anti virus system.
Any well respected virus will create copies and will not just and with closing the process.
It may also mutate so the hash will not get it.
But that is enough info now...
It's only Alpha, these are just some of the functions. I'm going to add file-encryption, hash tracking, and much more.
-
Jun 15th, 2018, 09:38 AM
#7
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
I hope you're doing this just for fun rather than as something meant for production.
-
Jun 15th, 2018, 11:29 AM
#8
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
It IS an interesting exercise, to be sure, but anti-viruses are a moving target because viruses keep on changing. If you stop A, B, and C, there will surely be created a D, E, and F. Catch those, and new ones will be created. So, it's a large and perpetual problem. It's certainly well worth studying, and this seems like a good start, you just have to realize that for each of you there are hundreds of others figuring out how to get around whatever barriers you throw in their path. Ultimately, it takes teams of people like you, working together, to keep up with the teams of people trying to circumvent anything you do. Not a bad race to be in, but a race that you can never win.
My usual boring signature: Nothing
-
Jun 15th, 2018, 06:16 PM
#9
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
If you really want to fight Malware sign up to my old school geekstogo.com, learn how malware works first. I was programming many years before I would even consider writing such a tool. I gained access to hidden documentation for tools such as combofix, JRT and countless anti-rootkit tools. You would be surprised how some of these tools are coded. Learn before you try to attempt such a project. No disrespect but you don't even no a simple class such as something simple as a process class that could easily be found on MSDN.
There is a reason why combofixs documentation is hidden. It was a powerful tool. Can't say amazingly structured but did what it said. Text found inside.
:: It's okay if you want to take a peek at the script but ......
:: please bear in mind that if you have to copy, that means you can't script it on your own.
:: Copying means you don't understand enough. Also means you're not ready to make tools.
:: Do yourself & everybody else a favor. Don't release anything that you dont fully understand.
:: Chances of trashing a machine is high. Bide your time. If you work hard, your time shall come.
You are struggling to terminate a simple process. Great project to be working on but do not start sending to your friends.
With the data I have I can currently kill 4000k + items of Malware and flag around 100 known rootkits. I am no where near complete.
Bide your time and remember. Stop calling It vb.net
-
Jun 16th, 2018, 08:26 AM
#10
Thread Starter
Member
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
I've signed up. Do you have any sample projects that are open source or the link for the combofix documentation?
-
Jun 17th, 2018, 03:32 AM
#11
Re: Error: "Access to path 'xxx' is denied" when trying to end process from VB.Net
The documentation is not public. I don't mean sign up for the site. Sign up to the Malware school. Completion of the course can take between One/Three years realistically. As you advanced you will gain access to more information. Upper graduate is where you will get the private documentation for combofix. The tool, however, is abandoned.
The world of Malware will be opened up to you after graduation. You can also apply to become a united agasint malware member and gain access to thousands of private documents. With this you will have a better understanding of how to write your tools.
I would suggest start learning FRST. It's our main diagnostic tool http://www.geekstogo.com/forum/topic...ery-scan-tool/
That said don't think it will be a walk in the park. Most teachers are retired security ops and have nothing better to do then pick on you & jump on every mistake you make. They mean well.
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|