你测试过编译运行32位mpclient吗?我用你的代码编译成32位的mpclient,调用的是Microsoft Security Essentials 32-bit:
测试样本:见附件,密码 kanxue666
测试环境:win7 32、win7 64 和win10 64
三个环境的测试结果都是:
__rsignal(RSIG_BOOTENGINE) returned failure, missing definitions?Make sure the VDM files and mpengine.dll are in the engine directoryScanning 2.vir...
__rsignal(RSIG_SCAN_STREAMBUFFER) returned failure, file unreadable?
开源工程情景:
我用github上编译出来的elf32类型的mpclient,三个样本的扫描结果都正常。
扫描结果:
embedos# ./mpclient 28.txt 2.vir u.exes
main(): Scanning 28.txt...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified.
main(): Scanning 2.vir...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat DDoS:Win32/Nitol identified.
main(): Scanning u.exes...
EngineScanCallback(): Scanning input
EngineScanCallback(): Threat Trojan:Win32/Emotet.AC!rfn identified.
我用你代码编译为64位的mpclient情景:
调用 Microsoft Security Essentials 64-bit
win7 64 扫描结果:程序崩了
异常代码: c000000d
Scanning 2.vir...
Scanning inputScanning 26.txt...
Scanning inputScanning u.exes...
Scanning input
win10 64 扫描结果: 2.vir的扫描结果不正常且程序崩了
异常代码: c000000d
Scanning 2.vir...
Scanning inputScanning 26.txt...
Scanning inputThreat Virus:DOS/EICAR_Test_File identified.Scanning u.exes...
Scanning inputThreat Trojan:Win32/Emotet.GL identified.
直接用你编译好的mpclient情景:
调用 Microsoft Security Essentials 64-bit
win7 64 扫描结果: 2.vir的扫描结果不正常且程序崩了
异常代码: c000000d
Scanning 2.vir...
Scanning inputScanning 26.txt...
Scanning inputThreat Virus:DOS/EICAR_Test_File identified.Scanning u.exes...
Scanning inputThreat Trojan:Win32/Emotet.GL identified.
win10 64 扫描结果: 2.vir的扫描结果不正常且程序崩了
异常代码: c000000d
Scanning 2.vir...
Scanning inputScanning 26.txt...
Scanning inputThreat Virus:DOS/EICAR_Test_File identified.Scanning u.exes...
Scanning inputThreat Trojan:Win32/Emotet.GL identified.
附件:
my_mpclient.zip:我自己编译的32位和64的mpclient.exe,无密码
test_sample.zip:三个测试样本,密码 kanxue666
最后于 2020-5-6 18:24
被genliese编辑
,原因: 修改字体