A single blow to understand the complicated modern world!
Here we go! I decided to say something big. … Hmmm, isn’t it too early…?
@@@
If there is a suspicion that a computer virus has been planted inside a program and has been modified, then I have devised a method to detect it.
@@@
I will write the conclusion first. You prepare two files, a regular file and a non-regular file with suspected insertions you want to check. Then you compare the two files. You use that method to detect discrepancies on the two files. Then, you don't memorize the character string just behind the mismatch point on the regular file side by assigning about 20 characters, but you memorize the character string after 10000 characters by assigning about 20 characters. Then you search in the non-regular file just behind the point of non-match. If you do that, it will almost certainly be generated a match by you, right? Because, if it's 10000 characters away, it's unlikely that someone has rewritten it. With this way , you can roughly identify suspected injections on non-regular files.
@@
I'll put it in order and explain my thoughts. It is written the Conclusions at the end.
First of all, the original canonical files is accurate. Therefore, if there is a mismatch between it and the non-regular file, then the non-regular file may have been rewritten. Can it be find it by an amateur, as me..?
@@@
Okay,well then, let's turn it into a text file. And let's make sure there are discrepancies in it. You can understand just that.
@@@
However, with this method, if you are not an English-speaking person, then you will only be able to see the first one of the modified parts. Subsequent sentences, it can be garbled. If there are many modified parts, then many other modified parts cannot be confirmed by you even with this method using.
@@@
But if you can write a program, you can go one step further.
@@@
First, it will detect inconsistencies in text files.
Then, starting just behind the point where the discrepancy was found in the regular file, we put about 10 characters just behind that into the str variable and record.
@@@
We detect discrepancies in text files. Then we assign about 10 characters to the str variable and memorize it from right after the normal file mismatch. Then we search from the non-regular file mismatch until we find a match for that variable again. If a match is found, there is non-canonical inserted program code between immediately before it and from the previous mismatch.
@@
… Oh! Haven't you come to a conclusion yet? Please read to the end, okay?
@@@
Of course, in machine language, you can figure out all non-canonical code this way, right? I'm assuming...how do you feel?
…Ah! Oops! However, if it is modified, is this method impossible? If the code is deleted or the code is rewritten, the 10 characters just behind the regular file may have been rewritten in the first place and may not exist, so there may be no match. I'll think about it some more. you may not find to the finish on the file.…hmm…
@@@
And here, oh! Right!
You prepare two files, a regular file and a non-regular file with suspected insertions you want to check. Then you compare the two files. You use that method to detect discrepancies on the two files. Then, you don't memorize the character string just behind the mismatch point on the regular file side by assigning about 20 characters, but you memorize the character string after 10000 characters by assigning about 20 characters. Then you search in the non-regular file just behind the point of non-match. If you do that, it will almost certainly be generated a match by you, right? Because, if it's 10000 characters away, it's unlikely that someone has rewritten it. With this way , you can roughly identify suspected injections on non-regular files.It's rough, but it's much better than doing a lot of research.
@@
Doing it this way, it should match 10,000 characters earlier, but with a lot of code deletion, it should match at character 2752, or at character 47,589. Then, there is a suspicion that non-canonical code is inserted in the 2752 characters and 47,589 characters between the mismatched part and that part.
I wrote it as 10,000 characters ahead, but it could be 2,000 characters ahead or 13,000 characters ahead. Well, if there are 10,000, even if there is deletion or rewriting, it will probably come out, right?
@@
///now translating... powered by ggl
translation sign
@@@ green
@@ yellow
@ red . . .um...
0 件のコメント:
コメントを投稿