8 Years
Discussion Span
Last Post by SimonJarvis

Unless you are extremely experience I think you should leave this to the experts an use an existing virus scanning software.



Yes u r right, i am extremly experianced person but
i can not leave it because i have to be a expert and i will do it.

Edited by gameon: n/a


You need to know Kernel mode filters (DDK) in order to filter file contents from memory and disk on pre-opening of the file or loading into memory.

The latest DDK SDK has a sample on miniFilters which are what Virus checkers do. You also need a DB or virus data updated regularly to compare contents with. Also be aware all files opened or pretty much everything loaded into memory are parsed through the miniFilter so this will slow down the loading of application or files if you dont code correctly. If you havent performed Kernel mode applications before I recommend you get lots of experience prior to releasing anything into production as you will get a lot of BSOD's if you dont do it right.

DDK development is not like C++ development. Its like comparing C to C#. They are similar in structure but work totally differently.

Votes + Comments
Useful comment,
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.