Hashes of system processes?

S

Sl0w1302020-04-07 16:16:05

Malware

Sl0w130, 2020-04-07 16:16:05

The task arose to write a program that checks system processes (Task Manager -> Processes) by hash for possible modification.

For example, if a virus disguises itself as explorer.exe, then the program compares the "correct hash" (of the original explorer.exe) and the current hash (of the infected explorer.exe), after which, if the hashes do not match, it informs the user about it. Thus, the program should scan all running system processes.

Now the question itself is - is there a list of original hashes of system processes, such as explorer.exe, on the Internet?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

Keffer, 2020-04-07
@Keffer

What prevents to take the original from a distra? This is the first. Secondly, in order to constantly monitor hashes for changes, rather strong computing power is needed. There will be brakes like from a wretched Casper in due time.

K

Karpion, 2020-04-07
@Karpion

Since new updates are constantly arriving in Windows, system files (including executable ones) change regularly.
PS: Your idea was implemented back in the days of DOS.