87owo/PYAS
GitHub: 87owo/PYAS
一款融合深度学习与行为监控的开源终端防护软件,具备用户态扫描引擎和内核态驱动双层防护能力。
Stars: 280 | Forks: 31
# PYAS
使用 Python 和 C++ 编写的防病毒软件,通过深度学习和行为监控阻断威胁!
## 系统要求
推荐使用 Python 3.10。其他 Python 版本可能需要不同的 pip 命令。
```
pip install requests==2.32.4
pip install PySide6==6.9.1
pip install yara-python==4.5.4
pip install Pillow==11.0.0
pip install numpy==1.26.4
pip install tensorflow==2.10.0
pip install tf2onnx==1.13.0
pip install lightgbm==4.6.0
pip install onnxruntime==1.18.1
```
## 文件信息
以下列出了所有相关代码和其他相关文档的存储位置。
```
PYAS/
├── Engine/
│ ├── Pattern/
│ │ ├── convert.py # Convert executable files or other files to images
│ │ ├── train.py # TensorFlow CNN model training complete code
│ │ └── ... # Other models folders and files
│ │
│ ├── Heuristic/
│ │ ├── rules.yar # Yara virus signature rule matching
│ │ └── ... # Other rules folders and files
│ └── ... # Other engine folders and files
│
├── Plugins/
│ └── Filter/
│ │ ├── DriverEntry.cpp # Main driver entry and initialization logic
│ │ ├── DriverCommon.h # Global driver definitions, constants, and functions
│ │ └── ... # Other driver folders and files
│ │
│ └── Rules/
│ └── rules.json # White, block list, and matching logic for files registry
|
├── PYAS.py # Main application entry point and UI to engine interface
├── PYAS_Config.py # Configuration loading, saving, and global parameters
├── PYAS_Engine.py # Core scanning engine: YARA, IP, ONNX model execution
├── PYAS_Interface.py # User interface components and event handling
├── PYAS_Resource.py # Static image and icon resource management
├── PYAS_Version.py # Version metadata for packaging and updates
└── ... # Other supplementary folders and files
```
## 架构图
PYAS Security 防病毒软件总体架构图。
```
graph TD
%% Global Styles
classDef userMode fill:#e3f2fd,stroke:#1565c0,stroke-width:2px,color:#0d47a1
classDef kernelMode fill:#fff3e0,stroke:#e65100,stroke-width:2px,color:#e65100
classDef storage fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px,color:#4a148c
classDef interaction fill:#e8f5e9,stroke:#2e7d32,stroke-width:2px,stroke-dasharray: 5 5,color:#1b5e20
subgraph UserSpace [User Mode Application - PYAS.exe]
direction TB
GUI[MainWindow_Controller / UI]:::userMode
ConfigMgr[Configuration & Rule Manager]:::userMode
subgraph DetectionEngine [Analysis Engine - PYAS_Engine.py]
direction TB
SignScanner[Digital Signature Scanner]:::userMode
PEScanner[PE Feature & Entropy Analysis]:::userMode
YaraScanner[Heuristic / YARA Scanner]:::userMode
CNNScanner[AI / CNN Model Scanner]:::userMode
CloudScanner[Cloud API / Hash Check]:::userMode
end
subgraph UserMonitors [User-Mode Protection Threads]
direction TB
ProcMon[Process Monitor - CreateToolhelp32Snapshot]:::userMode
FileMon[File Monitor - ReadDirectoryChangesW]:::userMode
NetMon[Network Monitor - GetExtendedTcpTable]:::userMode
SysRep[System Repair - MBR/Reg/Wallpaper]:::userMode
PopupBlock[Popup Blocker - EnumWindows]:::userMode
PipeClient[IPC Client Thread]:::userMode
end
GUI --> ConfigMgr
GUI --> DetectionEngine
GUI --> UserMonitors
UserMonitors --> DetectionEngine
end
subgraph StorageLayer [File System / Configuration]
direction LR
JSONRules[JSON Rules Files]:::storage
ConfigJSON[Config.json]:::storage
Quarantine[Quarantine Folder]:::storage
end
subgraph KernelSpace [Kernel Mode Driver - PYAS_Driver.sys]
direction TB
DriverEntry[DriverEntry / Initialization]:::kernelMode
GlobalData[Global Data & State]:::kernelMode
CommServer[Communication Port Server]:::kernelMode
subgraph KernelLogic [Core Protection Logic]
RuleLoader[Rule Loader & Parser]:::kernelMode
TrustCache[Trust Cache & Ransom Tracker]:::kernelMode
subgraph MiniFilter [File System MiniFilter]
PreCreate[PreCreate: HoneyToken / Access Control]:::kernelMode
PreWrite[PreWrite: Ransomware / Entropy Check]:::kernelMode
PreSetInfo[PreSetInfo: Anti-Rename / Extension]:::kernelMode
PreDevCtrl[PreDeviceControl: Boot / Disk Wipe Protect]:::kernelMode
end
subgraph ObjectCallbacks [Object Manager Callbacks]
ProcProtect[ObRegisterCallbacks: Handle Stripping]:::kernelMode
ImageLoad[PsSetLoadImageNotifyRoutine: Image Blocking]:::kernelMode
end
subgraph RegistryCallbacks [Configuration Manager Callbacks]
RegFilter[CmRegisterCallbackEx: Registry Guard]:::kernelMode
end
end
DriverEntry --> GlobalData
DriverEntry --> CommServer
DriverEntry --> MiniFilter
DriverEntry --> ProcProtect
DriverEntry --> ImageLoad
DriverEntry --> RegFilter
MiniFilter --> RuleLoader
ProcProtect --> RuleLoader
RegFilter --> RuleLoader
PreWrite --> TrustCache
PreCreate --> TrustCache
end
%% Cross-Boundary Interactions
ConfigMgr -- Writes --> JSONRules
ConfigMgr -- Writes --> ConfigJSON
RuleLoader -- Reads --> JSONRules
GUI -- Service Control (SCM) --> DriverEntry
PipeClient -- FltSendMessage (IPC) --> CommServer
CommServer -- Notifications --> PipeClient
FileMon -- Moves Malicious Files --> Quarantine
%% Logic Flow Details
ProcProtect -- Protects --> UserSpace
RegFilter -- Protects --> StorageLayer
PreDevCtrl -- Protects --> StorageLayer
```
## 支持系统
| 配置 | 权限 | 系统版本 | 处理器 | 内存 | 存储 |
|----------|------------|----------------------|---------|--------|--------|
| 最低配置 | 管理员 | >= Windows 10 (20H1) | 1 GHz | 200MB | 100MB |
| 推荐配置 | 管理员 | >= Windows 10 (21H2) | 3 GHz | 500MB | 200MB |
## 打包发布
下载安装程序。如果与您的系统不兼容,您可以自行重新打包。
打包下载:https://github.com/87owo/PYAS/releases
## 官方网站
如果您对本项目感兴趣,可以访问网站查看其他相关内容。
源码可用:https://github.com/87owo/PYAS
官方网站:https://pyas-security.com/antivirus
在线分析:https://pyas-security.com/analyze
## 项目许可
如有任何问题、需求或 Bug 反馈,请通过以下网站联系我们。
源码问题:https://github.com/87owo/PYAS/issues
官方邮箱:mailto:service.pyas@gmail.com
## 系统要求
推荐使用 Python 3.10。其他 Python 版本可能需要不同的 pip 命令。
```
pip install requests==2.32.4
pip install PySide6==6.9.1
pip install yara-python==4.5.4
pip install Pillow==11.0.0
pip install numpy==1.26.4
pip install tensorflow==2.10.0
pip install tf2onnx==1.13.0
pip install lightgbm==4.6.0
pip install onnxruntime==1.18.1
```
## 文件信息
以下列出了所有相关代码和其他相关文档的存储位置。
```
PYAS/
├── Engine/
│ ├── Pattern/
│ │ ├── convert.py # Convert executable files or other files to images
│ │ ├── train.py # TensorFlow CNN model training complete code
│ │ └── ... # Other models folders and files
│ │
│ ├── Heuristic/
│ │ ├── rules.yar # Yara virus signature rule matching
│ │ └── ... # Other rules folders and files
│ └── ... # Other engine folders and files
│
├── Plugins/
│ └── Filter/
│ │ ├── DriverEntry.cpp # Main driver entry and initialization logic
│ │ ├── DriverCommon.h # Global driver definitions, constants, and functions
│ │ └── ... # Other driver folders and files
│ │
│ └── Rules/
│ └── rules.json # White, block list, and matching logic for files registry
|
├── PYAS.py # Main application entry point and UI to engine interface
├── PYAS_Config.py # Configuration loading, saving, and global parameters
├── PYAS_Engine.py # Core scanning engine: YARA, IP, ONNX model execution
├── PYAS_Interface.py # User interface components and event handling
├── PYAS_Resource.py # Static image and icon resource management
├── PYAS_Version.py # Version metadata for packaging and updates
└── ... # Other supplementary folders and files
```
## 架构图
PYAS Security 防病毒软件总体架构图。
```
graph TD
%% Global Styles
classDef userMode fill:#e3f2fd,stroke:#1565c0,stroke-width:2px,color:#0d47a1
classDef kernelMode fill:#fff3e0,stroke:#e65100,stroke-width:2px,color:#e65100
classDef storage fill:#f3e5f5,stroke:#7b1fa2,stroke-width:2px,color:#4a148c
classDef interaction fill:#e8f5e9,stroke:#2e7d32,stroke-width:2px,stroke-dasharray: 5 5,color:#1b5e20
subgraph UserSpace [User Mode Application - PYAS.exe]
direction TB
GUI[MainWindow_Controller / UI]:::userMode
ConfigMgr[Configuration & Rule Manager]:::userMode
subgraph DetectionEngine [Analysis Engine - PYAS_Engine.py]
direction TB
SignScanner[Digital Signature Scanner]:::userMode
PEScanner[PE Feature & Entropy Analysis]:::userMode
YaraScanner[Heuristic / YARA Scanner]:::userMode
CNNScanner[AI / CNN Model Scanner]:::userMode
CloudScanner[Cloud API / Hash Check]:::userMode
end
subgraph UserMonitors [User-Mode Protection Threads]
direction TB
ProcMon[Process Monitor - CreateToolhelp32Snapshot]:::userMode
FileMon[File Monitor - ReadDirectoryChangesW]:::userMode
NetMon[Network Monitor - GetExtendedTcpTable]:::userMode
SysRep[System Repair - MBR/Reg/Wallpaper]:::userMode
PopupBlock[Popup Blocker - EnumWindows]:::userMode
PipeClient[IPC Client Thread]:::userMode
end
GUI --> ConfigMgr
GUI --> DetectionEngine
GUI --> UserMonitors
UserMonitors --> DetectionEngine
end
subgraph StorageLayer [File System / Configuration]
direction LR
JSONRules[JSON Rules Files]:::storage
ConfigJSON[Config.json]:::storage
Quarantine[Quarantine Folder]:::storage
end
subgraph KernelSpace [Kernel Mode Driver - PYAS_Driver.sys]
direction TB
DriverEntry[DriverEntry / Initialization]:::kernelMode
GlobalData[Global Data & State]:::kernelMode
CommServer[Communication Port Server]:::kernelMode
subgraph KernelLogic [Core Protection Logic]
RuleLoader[Rule Loader & Parser]:::kernelMode
TrustCache[Trust Cache & Ransom Tracker]:::kernelMode
subgraph MiniFilter [File System MiniFilter]
PreCreate[PreCreate: HoneyToken / Access Control]:::kernelMode
PreWrite[PreWrite: Ransomware / Entropy Check]:::kernelMode
PreSetInfo[PreSetInfo: Anti-Rename / Extension]:::kernelMode
PreDevCtrl[PreDeviceControl: Boot / Disk Wipe Protect]:::kernelMode
end
subgraph ObjectCallbacks [Object Manager Callbacks]
ProcProtect[ObRegisterCallbacks: Handle Stripping]:::kernelMode
ImageLoad[PsSetLoadImageNotifyRoutine: Image Blocking]:::kernelMode
end
subgraph RegistryCallbacks [Configuration Manager Callbacks]
RegFilter[CmRegisterCallbackEx: Registry Guard]:::kernelMode
end
end
DriverEntry --> GlobalData
DriverEntry --> CommServer
DriverEntry --> MiniFilter
DriverEntry --> ProcProtect
DriverEntry --> ImageLoad
DriverEntry --> RegFilter
MiniFilter --> RuleLoader
ProcProtect --> RuleLoader
RegFilter --> RuleLoader
PreWrite --> TrustCache
PreCreate --> TrustCache
end
%% Cross-Boundary Interactions
ConfigMgr -- Writes --> JSONRules
ConfigMgr -- Writes --> ConfigJSON
RuleLoader -- Reads --> JSONRules
GUI -- Service Control (SCM) --> DriverEntry
PipeClient -- FltSendMessage (IPC) --> CommServer
CommServer -- Notifications --> PipeClient
FileMon -- Moves Malicious Files --> Quarantine
%% Logic Flow Details
ProcProtect -- Protects --> UserSpace
RegFilter -- Protects --> StorageLayer
PreDevCtrl -- Protects --> StorageLayer
```
## 支持系统
| 配置 | 权限 | 系统版本 | 处理器 | 内存 | 存储 |
|----------|------------|----------------------|---------|--------|--------|
| 最低配置 | 管理员 | >= Windows 10 (20H1) | 1 GHz | 200MB | 100MB |
| 推荐配置 | 管理员 | >= Windows 10 (21H2) | 3 GHz | 500MB | 200MB |
## 打包发布
下载安装程序。如果与您的系统不兼容,您可以自行重新打包。
打包下载:https://github.com/87owo/PYAS/releases
## 官方网站
如果您对本项目感兴趣,可以访问网站查看其他相关内容。
源码可用:https://github.com/87owo/PYAS
官方网站:https://pyas-security.com/antivirus
在线分析:https://pyas-security.com/analyze
## 项目许可
如有任何问题、需求或 Bug 反馈,请通过以下网站联系我们。
源码问题:https://github.com/87owo/PYAS/issues
官方邮箱:mailto:service.pyas@gmail.com标签:AMSI绕过, Apex, C++, EDR, LightGBM, ONNX, PySide6, Python, TensorFlow, YARA, 云安全监控, 云资产可视化, 内核驱动, 动态防护, 反病毒, 启发式扫描, 威胁检测, 开源杀毒, 数据擦除, 无后门, 机器学习, 深度学习, 病毒查杀, 终端安全, 网络协议, 网络安全, 脆弱性评估, 行为监控, 逆向工具, 隐私保护, 静态分析