QuoteSomething important to do is use a manifest AND a version control block. If the donkey end of AV scanners cannot find these they often flag a file as risky or infected.
This assertion Need tests,this one http://masm32.com/board/index.php?topic=9071.msg99618#msg99618 (http://masm32.com/board/index.php?topic=9071.msg99618#msg99618) had no rc file (no manifest,no version control)
but isn't confuse with a virus.Using the crt with his proper call seems very important.
If it was that easy to do, the virus/trojan guys would do it.
Another statement who don't replace tests.
If you want to make a pest of yourself, go to #twitter, keep it up here and you will be set free.
Rule 5 of the forum.
Quote
This forum will not allow argument or extended discussion on the suitability of answers as it is of no assistance to the person asking the question. This forum will not allow talking heads, script kiddies or any other form of influence peddling.
First and last warning.
I just find useful to have some tests to solve the problem.
I have not see VC forum with numerous virus at download (?..).
Pest is on those continuous virus alert .
Any other ideas than make tests to solve it ?
I don't know if you read English all that well but the point was that the "Campus" is not for debate or influence peddling, the last thing a new member needs is a confusing argument over answers. If you have a technical point that is useful, post it in the Workshop. I will enforce the Campus being for new members, not influence peddling.
As far as your include files, you have been provided with a sub forum of your own so you can post whatever technical data you want and I did suggest that the people who need your include files are the UASM guys where with 64 bit MASM you are wasting both your time and mine as 64 bit MASM does not use your format of include files.
One more thing, I am not a free kick simply because I run this forum. You have been a member here for a long time and I have no desire to kick you out but be warned that the endless antagonism will end up with that result. If you want that type of garbage, do it on #twitter, not here.
Hi Yves!
Quote from: TouEnMasm on February 03, 2021, 01:46:34 AM
I have not see VC forum with numerous virus at download (?..).
AV recognize little things. For example what is placed in unused bytes for alignment. VC have very well defined that. Nidud noted that, and AsmC copied that. Very smart!!
Also VC use a couple of specific functions. If you are using your own, AV suspect.
Regards, HSE.
Quote from: hutch-- on February 02, 2021, 07:28:09 PM
If it was that easy to do, the virus/trojan guys would do it.
Exactly. If I was a virus writer, I would add a manifest AND a version control block, always :thumbsup:
QuoteAV recognize little things. For example what is placed in unused bytes for alignment
useful information.
I will tested this one.
Quote from: HSE on February 03, 2021, 02:48:48 AMAV recognize little things. For example what is placed in unused bytes for alignment.
Interesting :cool:
include \masm32\include\masm32rt.inc
.code
start:
nops 3
align 16
.Repeat
inc ecx
.Until !Zero?
exit
end startML 6.14
90 nop
90 nop
90 nop
8DA424 00000000 lea esp, [esp]
8D9B 00000000 lea ebx, [ebx]
ML 6.15
8DA424 00000000 lea esp, [esp]
8D9B 00000000 lea ebx, [ebx]
ML 14.0
8DA424 00000000 lea esp, [esp]
8D9B 00000000 lea ebx, [ebx]
AsmC
8DA424 00000000 lea esp, [esp]
8D80 00000000 lea eax, [eax]
UAsm64
8DA424 00000000 lea esp, [esp]
8D80 00000000 lea eax, [eax]align 8
ML 6.14
nop
add eax, 0 ; **** trashes flags ****
Úinc ecx
Àjz short 00401008
ML 14.0
CPU Disasm
Address Hex dump Command Comments
00401000 $� FF25 30204000 jmp near [<&kernel32.ExitProcess>]
00401006 CC int3
00401007 CC int3
00401008 CC int3
00401009 CC int3
0040100A CC int3
0040100B CC int3
0040100C CC int3
0040100D CC int3
0040100E CC int3
0040100F CC int3
<ModuleEntryPo Ú$ 90 nop
00401011 ³. 90 nop
00401012 ³. 90 nop
00401013 ³.� EB 03 jmp short 00401018
00401015 ³ CC int3
00401016 ³ CC int3
00401017 ³ CC int3
00401018 ³> 41 Úinc ecx
00401019 ³.� 74 FD Àjz short 00401018
0040101B ³. 6A 00 push 0 ; ÚExitCode = 0
0040101D À. E8 DEFFFFFF call <jmp.&kernel32.ExitProcess> ; ÀKERNEL32.ExitProcess
AsmC+UAsm64
90 nop
2E:8D4420 00 lea eax, cs:[eax]
41 Úinc ecx
74 FD Àjz short 00401008Later versions of MASM insert the jump table before the module entry point.
Hi JJ!
Quote from: HSE on February 03, 2021, 02:48:48 AM
VC have very well defined that.
Pay attention :biggrin: VC not ML, it's the compiler who make that.
Quote from: HSE on February 03, 2021, 02:48:48 AM
Nidud noted that, and AsmC copied that. Very smart!!
You must ask Nidud how is that because I don't remember. Perhaps are macros, for sure is in the forum.