Which file is NOD32's scan engine?

Discussion in 'NOD32 version 2 Forum' started by leojiang, Apr 5, 2007.

Thread Status:
Not open for further replies.
  1. leojiang

    leojiang Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    2
    Location:
    Nantong China
    I'am very interesting in NOD32. And I found NOD32.EXE scan files not using Win32 API (such as: CreateFile, ReadFile, WriteFile...), but using ZwDeviceIoControlFile. It seems that nod32.exe access file in kernel mode.

    Most strange thing is that, I cannot found the module of it's scan engine.

    I attached to the nod32.exe's process using windbg, list the call stacks of all threads, it looks very strange.

    And why it's CPU using is so low while scanning?

    Who can explain these doubt?
    *puppy*
     
    leojiang, Apr 5, 2007
    #1
  2. ASpace

    ASpace Guest

    This is NOD's on-demand scanner.


    because it is NOD32 . Fast , light , efficent ;)
     
    Last edited by a moderator: Apr 5, 2007
    ASpace, Apr 5, 2007
    #2
  3. leojiang

    leojiang Registered Member

    Joined:
    Apr 5, 2007
    Posts:
    2
    Location:
    Nantong China
    I'am a programmer. I want to know the detail of every module and relation of them.
    To learn the design blueprint of it is my purpose.
    :rolleyes:
     
    leojiang, Apr 5, 2007
    #3
  4. ASpace

    ASpace Guest

    If an ESET employee decides , they can share more information with you . I cannot .
     
    ASpace, Apr 5, 2007
    #4
  5. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    I do not think that discussing software design related stuff is purpose of this support forum. Thread is hereby closed.
     
    mrtwolman, Apr 5, 2007
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...