I want to make a basic antivirus for my free time. Basically I learned about the basic structure of the EXE(windows) file. How do I extract the ASM code from the file and the PE header?
Asked
Active
Viewed 1.9k times
7
-
Why do you think, you need disassembler in antivirus?? – zxcat Oct 27 '09 at 15:12
-
So how will I detect the virus part? @zxcat how would you make it? – Athiwat Chunlakhan Oct 28 '09 at 12:06
2 Answers
6
You can install Cygwin and use objdump to decompile an exe into asm. Be sure you select the binutils when installing cygwin. After installing cygwin, you can run the following from a bash shell:
objdump -Slx yourpgm.exe
Todd Stout
- 3,687
- 3
- 24
- 29
-
2Yes, or run Linux on Virtual Machine and use objdump there. Sounds like a black humor ;) – zxcat Oct 27 '09 at 15:11
1
You can use some free distrubuted disassembler.for example: ollydbg diassembler.
note: there is only some MS-DOS stub executeable code in the PE header.
Jichao
- 40,341
- 47
- 125
- 198
-
"there is only some MS-DOS stub executeable code in the PE header." And what if there isn't? You never know where virus will choose to hide, and headers are also loaded to memory, right? – j_kubik May 13 '13 at 22:19