Antivirus hackers handbook

Chapter 2 ■ Reverse-Engineering the Core 51
__int64 a3, __int64 a4);
//----------------------------------------------------------------------
// Data declarations
char *optarg;
char *src;
char verbose;
__int64 g_base_component_0x20001;
__int64 g_user_callbacks;
CAEEngineDispatch *g_Engine;
CFrameWork *g_FrameworkInstance;
typedef int (__fastcall *FnCreateInstance_t)(_QWORD, _QWORD, _QWORD,
CFrameWork **);
int (__fastcall *FnCreateInstance)(
_QWORD, _QWORD, _QWORD, CFrameWork **);
void *hFrameworkSo;
vtable_403310_t *vtable_403310;
You are now done with the very basic version of the Comodo command-line
scanner. You can compile it with the following command in a Linux machine:
$ g++ cmdscan.c -o mycmdscan -fpermissive \
-Wno-unused-local-typedefs -ldl
In order to test it, you need to copy it to the /opt/COMODO directory, using the
following command:
$ sudo cp mycmdscan /opt/COMODO
You can now test this program to see whether it is working like the original
cmdscan from Comodo:
$ /opt/COMODO/mycmdscan /home/joxean/malware/eicar.com.txt
/home/joxean/malware/eicar.com.txt ---> Found Virus , \
Malware Name is Malware
Number of Scanned Files: 1
Number of Found Viruses: 1
It works! Now, it is time to print more information regarding the detected
or undetected file. If you look at the SCANRESULT structure, you will find some
interesting members:
struct SCANRESULT
{
char bFound;
int unSignID;
char szMalwareName[64];
int eFileType;
int eOwnerFlag;