MASM32 Version 10 BETA.

[spummeler]

I have run into some installation issues with the beta10e release.  I'm running XP Pro SP2, Pentium D, 2GB memory, AVG Free 8.0, and all XP and AVG updates current. 

I downloaded beta10e.zip,
MD5:f70de3323b93c79808479d4e931efdb7 *beta10e.zip,

extracted install.exe,
MD5:b3fb871d3f87bcb26b0b19007165d83e *install.exe,

and run it.

Thereupon, AVG Free 8.0 decided the following seven files were virus or malware enabled.  Note that AVG Free 8.0 is their latest version that I just installed.

\masm32\ablockc.dll
\masm32\include\hcompact.exe
\masm32\indenta.dll
\masm32\l2def.exe
\masm32\macros\lst.exe
\masm32\mnutoasm.exe
\masm32\tproc.exe

Thinking "False Positives", I searched the Masm32 Forum and found some discussion on this issue where FPs were claimed to be based on various scanner's heuristics, etc. Not being completely satisfied, I tried to submit the seven files to online scanning services such as http://virusscan.jotti.org/.  I was not able to directly upload any of the seven files due to some access violation.  I was finally able to submit them by booting to XP safe mode, copying the files to a floppy, reading the floppy on a Win98SE machine, and submitting them to http://virusscan.jotti.org/ from Win98SE.

Although AVG 8.0 on my XP machine flags all seven as infected, nothing was found on the scanning service except for two files, l2def.exe and lst.exe (I have not listed all the scanners that found nothing).

l2def.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
MD5:    dc4c993c32e8793525c2b8b4fa4b55bb
VBA32 Found Trojan-PSW.Game.42 (paranoid heuristics) (probable variant)

lst.exe
Status: INFECTED/MALWARE
MD5:    046ad09cd503fec32c2b21802477bc02
F-Prot Antivirus  Found Possibly a new variant of W32/MalwareHiderPatched-based!Maximus
VBA32  Found Trojan-PSW.Game.42 (paranoid heuristics) (probable variant)

Based on the foregoing, it may well be an FP phenomenon.  However, there are other things at work I find puzzling.  I cannot access any of the seven files in the normal way. In my whole masm32 installation, I can access all files except these seven.  In trying to generate an md5sum digest for my masm32 installation, I get the following error messages:

md5sum: ablockc.dll: cannot read [Permission denied]
md5sum: hcompact.exe: cannot read [Permission denied]
md5sum: indenta.dll: cannot read [Permission denied]
md5sum: l2def.exe: cannot read [Permission denied]
md5sum: lst.exe: cannot read [Permission denied]
md5sum: mnutoasm.exe: cannot read [Permission denied]
md5sum: tproc.exe: cannot read [Permission denied]

Also, trying to access them by any other means, except direct execution which I did not do, I get similar results.  Running as Administrator and taking ownership of the files made no difference.

Has anyone experienced this problem, verify it, or give an explanation for it?


Thanks,

[hutch--]

spummeler,

The files listed are all produced by a particular compiler I use for some tools and it has been known in the past that an occasional heuristic scanner in some of the lesser AV products trigger on the valid executable format that these files have. The better end of AV scanners do not have this problem, Nod32 or Kaspersky for example as the simple fact is the files have no infections at all. The other consideration is that they run perfectly on some millions of computers that have downloaded the project over the last 10 years.

Its a bit hard to connect to AV product makers that they need to properly comform to the 32 bit PE file specifications provided by Microsoft and not try and reduce the specification to a subset that they may understand. The problem is with the AVG product you are using, they need to improve their heuristic scaning from simplistic asumptions to ones that conform to the Microroft specifications. All executable code in version 10 is DEP safe code as it was all rebuilt from source after Microsoft changed the PE specifications for ater OS versions.

[asmfan]

Hello, Steve.
I haven't used masm32 for a long time. Just wondering if thes package provides headers for driver developement?

[spummeler]

hutch,

Thanks for your reply and clarification.  I did some further digging and now better understand  my installation problem with beta10.
I offer the following in hopes it will help others who stumble onto this type of problem. Also, what follows is based on the assumption
that "masm32" is not infected with virus or malware.

My particular problem is related directly to AVG Free 8.0 so other's mileage may vary. When I installed beta10, AVG was running and
flagged the following files as infected:
 
\masm32\ablockc.dll
\masm32\include\hcompact.exe
\masm32\indenta.dll
\masm32\l2def.exe
\masm32\macros\lst.exe
\masm32\mnutoasm.exe
\masm32\tproc.exe

As explained previously (by you) these are false positives out of AVG.  However, since I had AVG's "Resident Shield" running, it would
not let me access these files.  This explains why I could not run the .exe files, generate an md5sum digest, nor otherwise access these
files. To fix this, what I had to do was:

Open AVG User Interface and go to Components . Resident Shield . Manage exceptions . Resident Shield Exceptions .
'check' Use excludes for the Resident Shield . Add Path

and enter c:\masm32\ (replace c: by appropriate drive letter).  Now I can access the files and AVG quits whining about infections.

Regards,

[Jimg]

I just run across this problem again-   conflicts in protos when including some files.  I don't know if there is a solution since someone is obviously using one or more of these and wouldn't appreciate the routine names being changed, but I thought I'd bring it to your attention:

"K:\beta10e\include\mswsock.inc"
9: EnumProtocolsA PROTO :DWORD,:DWORD,:DWORD
10: EnumProtocols equ <EnumProtocolsA>

"K:\beta10e\include\nmapi.inc"
59: EnumProtocols PROTO

"K:\beta10e\include\wsock32.inc"
9: EnumProtocolsA PROTO :DWORD,:DWORD,:DWORD
10: EnumProtocols equ <EnumProtocolsA>

-------------------------------

"K:\beta10e\include\mapi32.inc"
14: CreateTable PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD

"K:\beta10e\include\rtm.inc"
10: CreateTable PROTO :DWORD,:DWORD

-------------------------------

"K:\beta10e\include\trnsdt.inc"
9: WEP PROTO :DWORD

"K:\beta10e\include\ws2_32.inc"
8: WEP PROTO

"K:\beta10e\include\wsock32.inc"
37: WEP PROTO