The MASM Forum Archive 2004 to 2012

Can an exe be embedded and written out as a file?

Hi Magnum,

Here are some examples :

http://www.masm32.com/board/index.php?topic=3816.0

http://www.masm32.com/board/index.php?topic=576.0

Thanks Vortex.

Quote from: Vortex on December 04, 2011, 06:44:05 PM
Hi Magnum,

Here are some examples :

http://www.masm32.com/board/index.php?topic=3816.0

http://www.masm32.com/board/index.php?topic=576.0

Hi Vortex .... I get a virus error from the attachment you posted here......

http://www.masm32.com/board/index.php?topic=3816.0

here is the error: 

Is it a false positive?

Hi,

You should check the source code of the attachment before making such statements. That's a false-positive :

Jotti's report (http://virusscan.jotti.org/eng/scanresult/152af78e76dfcff98f05ea5a29d5fae6837b3cb8)

Get a decent AV program.

>Get a decent AV program
Hmm, that's the first false positive I have ever had with Security Essentials.

i can see how an AV program might be worried about an EXE that creates another EXE   :P

Well, a lot of sysinternals' programs start 32-bit then unpack a 64-bit exe to run.
Maybe it is the type of compression used, possibly combined with the second exe...who knows?

I told MSE to ignore it and then it downloaded OK, ran OK.

if you want to test it...
assemble the project and see if the EXE Erol provided is the same as the one you create   :P
i trust Erol - of course, that does not mean the EXE is safe - it means the source code is

Andy,

With the MASM32 installation I write an executable file to disk then run it to install the base files for MASM32. I use the utility FDA.EXE to convert the EXE to an object module then link it into the installer. Note that some AV scanners will squark at any EXE that writes another EXE, take Erol's advice if you have that problem, get a decent AV scanner.  :bg

I don't use an AV scanner or a malware scanner.

Magnum: It doesn't cost much to get an AV scanner. If it weren't for the tremendous intolerable level of false detections I would recommend Avira but I can't recommend it. After a year or two of usage I went tired, I am not overestimating it when I say that at least 50% of everything you see are false detections (I'm tempted to say 70%). After I switched to MSE I had zero false detections.

Some typical false positives are appearing when large portions of data is placed in the .data section. A workaround is to move the data block to the .code section.