News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

M.S. Security Client issue

Started by Magnum, December 06, 2011, 06:31:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Magnum

December 06, 2011, 06:31:19 PM
M.S. Security Client is flagging decomp.exe as a virus.

The program just creates an executable.

I put in a version control block to see if it would help, but then the program says

This app has failed to start because the application configuration is incorrrect.
Reinstall the app....

This is how I am building it.

jcalg1 c9  day.exe day.jc
\masm32\bin\porc.exe /v rsrc.rc
\masm32\bin\poasm /AIA32 Decomp.asm
\masm32\bin\polink /SUBSYSTEM:WINDOWS /LIBPATH:c:\masm32\lib Decomp.obj jcalg1_d_fast.obj rsrc.res

Code Select

.386
.model flat,stdcall
option casemap:none

CREATE_ALWAYS                        equ 2
GMEM_FIXED                           equ 0h
FILE_ATTRIBUTE_ARCHIVE               equ 20h
GENERIC_WRITE                        equ 40000000h

CloseHandle PROTO :DWORD
CreateFileA PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD,:DWORD
CreateFile equ <CreateFileA>

ExitProcess PROTO :DWORD
GlobalAlloc PROTO :DWORD,:DWORD
GlobalFree PROTO :DWORD
WriteFile PROTO :DWORD,:DWORD,:DWORD,:DWORD,:DWORD

extractfile                                 PROTO :DWORD, :DWORD, :DWORD
JCALG1_Decompress_Fast                      PROTO :DWORD, :DWORD
JCALG1_GetUncompressedSizeOfCompressedBlock PROTO :DWORD


includelib  \masm32\lib\kernel32.lib

.data

pData:
INCBIN day.jc ; name of compressed file
file db 'day.exe',0

.data?

hMem dd ?
fSize dd ?
hFile dd ?
size1 dd ?

.code

start:

invoke JCALG1_GetUncompressedSizeOfCompressedBlock,ADDR pData
mov fSize,eax
invoke GlobalAlloc,GMEM_FIXED,eax
mov hMem,eax
invoke JCALG1_Decompress_Fast,ADDR pData,eax
invoke CreateFile,ADDR file,GENERIC_WRITE,\
0,0,CREATE_ALWAYS,FILE_ATTRIBUTE_ARCHIVE,0
mov hFile,eax
invoke WriteFile,eax,hMem,fSize,ADDR size1,0
invoke CloseHandle,hFile
invoke GlobalFree,hMem
invoke ExitProcess,0

END start
Have a great day,
                         Andy

Vortex

#1
December 06, 2011, 06:43:17 PM
Hi Magnum,

Try to move day.jc to the resource section.

Magnum

#2
December 06, 2011, 07:03:41 PM
I put this in rsrc.rc, is it right?

It assembled and ran O.K.

Code Select

IDS_PMF  RCDATA "day.jc"


It's still flagged as a virus.

Seems pretty stupid that I can't use the code.  :dazzled:

How do installers do it ?
Have a great day,
                         Andy

Vortex

#3
December 06, 2011, 07:17:30 PM
Hi Magnum,

Your resource script is OK. I never tried the MS Security client. Does it provide a setting to bypass the executable flagged as malware?

Magnum

#4
December 06, 2011, 08:02:09 PM
Yes Vortex, the program can be excluded from searches.

I am only using it to test how it responds to some of the programs I make.

If I make a program to give or sell to someone, I don't want it flagged as a virus or malware
and than have it quarantined or deleted.

I am guessing that installation programs have separate compressed files that are expanded upon installation.

---------------------------------------------------------------------------------

I just had my program produce day.ex instead of .exe.

It's still flagged.

Should I encrypt my code section.  :boohoo:






Have a great day,
                         Andy
Print
Go Up Pages1
User actions