[ Curiosity,Experimentation ]

Random stuff from the parallel universe of Ones and Zeroes

Archive for March, 2010

A Case of Regular Expression [Python]

Posted by appusajeev on March 30, 2010

Regular expressions can be so cool at times,when there a is need to search and find certain text patterns.Today there was this situation where it was needed to extract the Microprocessor Based Design(ironically,theres absolutely no design involved :D) external marks of 66 students from different 66 web pages(as the result is obtained for each student separately  from the university site).
Python was of course the obvious choice. 🙂
First i thought of using  file operations and string matching to do the job but later decided use regular expressions. I tried to find all occurrences of the string between  “<td>MICROPROCESSOR BASED DESIGN</td>” and the first following “</td>” section in the html code(that was the pattern to be matched in this case if you observe the html code) of each page.
This would produce the section containing the external mark but also would contain certain html tags in between which needs to be removed,the mark has to be extracted from the result and for this,usual string matching would suffice. The mark extracted is saved into a file.

The regular expresion for this would be “<td>MICROPROCESOR BASED DESIGN</td>[a-zA-Z0-9=<>\s\n\t/]*<\td>“. Or better still,you could also try “BASED DESIGN</td>[a-zA-Z0-9=<>\s\n\t/]*<\td>
The expression cannot start with “DESIGN” cuz it would match COMPUTER ORGANIZATION AND DESIGN,another subject !
Symbols <>,\n,\t,/ need to be be included because the section to be extracted contains html tags.

Heres the complete code. As obvious,regular expressions make things a lot easier as opposed to the usual approach.

Regular expression put to use

Regular expression put to use

Posted in Python | Tagged: | 6 Comments »

Developing an Anti-Worm tool [VB 6]

Posted by appusajeev on March 1, 2010

I am pretty sure that you must have certainly come across this malware which copies itself in each directory with the name same as the directory name and icon same as the default win xp folder icon to trick the user into executing the malware which he apparently thinks as a folder(see the post below for an implementation of the same).So even if you somehow kill it,the chances of it bouncing back to action are pretty high.

Anyway this post is about creating a anti-worm tool in VB – a behaviour based detection tool that  searches for and removes such malware .

First, you gotta give it a sample of the malware to search for. The directory structure of each drive is traversed and each directory is searched for the presence of an exe with the name same as the directory name, if such an exe is found, its size is compared with the size of the exe given as sample. If there is match,it is reported(MD5 signature based comparison would have been an anytime better alternative but i dunno if theres is an md5 implementation for vb yet). This second level of checking is needed cuz an exe with name same as the directory name need not always be a malware.

Download Source

Download Tool

Heres the tool in action

Ant-worm tool in action

Ant-worm tool in action

Given below is the souce, download source

Anti-worm source in VB6

Anti-worm source in VB6

Posted in Visual Basic, Worm | Tagged: , | 4 Comments »