Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: Magnum on December 06, 2011, 06:31:19 PM

Title: M.S. Security Client issue
Post by: Magnum on December 06, 2011, 06:31:19 PM
M.S. Security Client is flagging decomp.exe as a virus.

The program just creates an executable.

I put in a version control block to see if it would help, but then the program says

This app has failed to start because the application configuration is incorrrect.
Reinstall the app....

This is how I am building it.

jcalg1 c9  day.exe day.jc
\masm32\bin\porc.exe /v rsrc.rc
\masm32\bin\poasm /AIA32 Decomp.asm
\masm32\bin\polink /SUBSYSTEM:WINDOWS /LIBPATH:c:\masm32\lib Decomp.obj jcalg1_d_fast.obj rsrc.res

Code Select

.386
.model flat,stdcall
option casemap:none

CREATE_ALWAYS                        equ 2
GMEM_FIXED                           equ 0h
FILE_ATTRIBUTE_ARCHIVE               equ 20h
GENERIC_WRITE                        equ 40000000h

CloseHandle PROTO :DWORD
CreateFileA PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
CreateFile equ <CreateFileA>

ExitProcess PROTO :DWORD
GlobalAlloc PROTO :DWORD,:DWORD
GlobalFree PROTO :DWORD
WriteFile PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD

extractfile                                 PROTO :DWORD, :DWORD, :DWORD
JCALG1_Decompress_Fast                      PROTO :DWORD, :DWORD
JCALG1_GetUncompressedSizeOfCompressedBlock PROTO :DWORD


includelib  \masm32\lib\kernel32.lib

.data

pData:
INCBIN day.jc ; name of compressed file
file db 'day.exe',0

.data?

hMem dd ?
fSize dd ?
hFile dd ?
size1 dd ?

.code

start:

invoke JCALG1_GetUncompressedSizeOfCompressedBlock,ADDR pData
mov fSize,eax
invoke GlobalAlloc,GMEM_FIXED,eax
mov hMem,eax
invoke JCALG1_Decompress_Fast,ADDR pData,eax
invoke CreateFile,ADDR file,GENERIC_WRITE,\
0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_ARCHIVE,0
mov hFile,eax
invoke WriteFile,eax,hMem,fSize,ADDR size1,0
invoke CloseHandle,hFile
invoke GlobalFree,hMem
invoke ExitProcess,0

END start
Title: Re: M.S. Security Client issue
Post by: Vortex on December 06, 2011, 06:43:17 PM
Hi Magnum,

Try to move day.jc to the resource section.
Title: Re: M.S. Security Client issue
Post by: Magnum on December 06, 2011, 07:03:41 PM
I put this in rsrc.rc, is it right?

It assembled and ran O.K.

Code Select

IDS_PMF  RCDATA "day.jc"


It's still flagged as a virus.

Seems pretty stupid that I can't use the code.  :dazzled:

How do installers do it ?
Title: Re: M.S. Security Client issue
Post by: Vortex on December 06, 2011, 07:17:30 PM
Hi Magnum,

Your resource script is OK. I never tried the MS Security client. Does it provide a setting to bypass the executable flagged as malware?
Title: Re: M.S. Security Client issue
Post by: Magnum on December 06, 2011, 08:02:09 PM
Yes Vortex, the program can be excluded from searches.

I am only using it to test how it responds to some of the programs I make.

If I make a program to give or sell to someone, I don't want it flagged as a virus or malware
and than have it quarantined or deleted.

I am guessing that installation programs have separate compressed files that are expanded upon installation.

---------------------------------------------------------------------------------

I just had my program produce day.ex instead of .exe.

It's still flagged.

Should I encrypt my code section.  :boohoo:






Text only | Text with Images