flat assembler
Message board for the users of flat assembler.
Index
> Projects and Ideas > FASMLIB 0.8.0 - general purpose library Goto page Previous 1, 2, 3 Next |
Author |
|
Mac2004 07 Jul 2012, 13:51
vid: Avast Antivirus reports that there's virus detected on your site.
regards, Mac2004 |
|||
07 Jul 2012, 13:51 |
|
JohnFound 07 Oct 2012, 08:19
Hi, vid.
Recently I try to use FASMLIB's heap manager in FreshLib in order to serve the OSes where no heap management is provided by the system. Anyway, I found several bugs that need to be fixed: "heapmgr/alloc.asm" 1. mem.alloc pops esi and edi in wrong order, thus exchanging their values. 2. in case of error, mem.alloc does not pops register values at all. This particular mistake is common for several other procedures: mem.free, mem.realloc, mem.size. I didn't checked whole library, but only the procedures I need. Code: .rnc: clc .r: pop esi edi edx ecx ebx ret .rc: stc ret There is possibility of other bugs as well, because FreshLib tests does not work properly with FASMLIB heap manager, but it can be because of FreshLib bugs as well. If I found something I will report it again. Regards |
|||
07 Oct 2012, 08:19 |
|
logicx 20 Oct 2012, 21:24
Mac2004 wrote: vid: Avast Antivirus reports that there's virus detected on your site. I'm seeing that too; the file is symbols.exe from examples. Here is the virustotal report with a detection ratio of 23/43 https://www.virustotal.com/file/abb60294641513b3b7330e32fbb57db103fafc299574198a6a8fd03db2f4b28c/analysis/ |
|||
20 Oct 2012, 21:24 |
|
revolution 20 Oct 2012, 22:50
logicx wrote: I'm seeing that too; the file is symbols.exe from examples. |
|||
20 Oct 2012, 22:50 |
|
titeha 07 Aug 2013, 06:42
Hi, Vid!
Please look for this code (convert int32 to ascii) with using sse2 instruction: Code: IntToStr: push edi mov eax, [esp + 8] ; value mov edi, [esp + 0ch] ; buffer movq xmm0, [Divider] pxor xmm6, xmm6 xor ecx, ecx ; check for sign cdq xor eax, edx sub eax, edx and edx, '-' setnz cl cvtsi2sd xmm1, eax mov [edi], edx add edi, ecx ; main loop @@:mulsd xmm1, xmm0 cvttsd2si ecx, xmm1 pslldq xmm6, 1 add eax, 30h lea edx, [ecx + ecx * 4] sub eax, edx sub eax, edx movd xmm2, eax xor eax, eax por xmm6, xmm2 add eax, ecx jnz @b ; save result movdqu [edi], xmm6 ; leave function @@:pop edi ret 8 Divider dq 0.1 it fast function sorry for my english |
|||
07 Aug 2013, 06:42 |
|
spandexyfronts 21 Sep 2013, 14:46
Windows defender is reporting the library contains a virus and won't allow the dowload, any suggestions?
|
|||
21 Sep 2013, 14:46 |
|
revolution 21 Sep 2013, 14:55
spandexyfronts wrote: Windows defender is reporting the library contains a virus and won't allow the dowload, any suggestions? But seriously, there is nothing that can be done from this end. Talk to the authors of Windows Defender if you want this false alert to go away. |
|||
21 Sep 2013, 14:55 |
|
Sasha 12 Oct 2013, 23:11
|
|||
12 Oct 2013, 23:11 |
|
JohnFound 13 Oct 2013, 06:04
Sasha wrote: https://www.virustotal.com/en/file/542528531f124a4dfb1f1270d867ff1cf95053da86167ebeae6d477af3b252cd/analysis/ Read the VirusTotal FAQ: Quote: VirusTotal is detecting a legitimate software I have developed, please remove the detections _________________ Tox ID: 48C0321ADDB2FE5F644BB5E3D58B0D58C35E5BCBC81D7CD333633FEDF1047914A534256478D9 |
|||
13 Oct 2013, 06:04 |
|
revolution 13 Oct 2013, 06:44
Actually it is not VirusTotal's fault for the false detections. The ones to blame are the AV vendors. If there is a problem then talk to the AV vendor ... Or, my preferred option, delete any and all AV's and then use your own judgement about what is a virus and what is not.
|
|||
13 Oct 2013, 06:44 |
|
Sasha 13 Oct 2013, 09:48
revolution wrote: Actually it is not VirusTotal's fault for the false detections. It's not a VirusTotal's fault, of course. It just helps me to check the program in 47 AV's at a time. revolution wrote: If there is a problem then talk to the AV vendor To 30 AV vendors... revolution wrote: Or, my preferred option, delete any and all AV's and then use your own judgement about what is a virus and what is not. I don't have an AV installed now. Once I had it, but I had to turn it of, when compiling. Interesting, while the .exe file was not detected as a virus, it was still alerted on compilation process itself. And the main problem is that other users will think, that my program is a virus. |
|||
13 Oct 2013, 09:48 |
|
HaHaAnonymous 13 Oct 2013, 15:41
[ Post removed by author. ]
Last edited by HaHaAnonymous on 28 Feb 2015, 19:44; edited 1 time in total |
|||
13 Oct 2013, 15:41 |
|
Frank 13 Oct 2013, 21:55
Sasha wrote:
Or hunt down vid (the author of the library), and convince him to remove all binaries from the ZIP file. That's a single point of contact for you => easier to do. It is also a future-proof solution: no precompiled binaries => no false positives any more. Sasha wrote: And the main problem is that other users will think, that my program is a virus. That is the risk that you accept when working with non-mainstream tools (such as fasm). However: vid's binaries are from 2007, and fasm has changed a lot in the meantime. If you recompile vid's stuff with a modern fasm, do you then still get a massive number of false positives? If yes, then I guess Tomasz (the author of fasm) may be interested to learn about the fact. |
|||
13 Oct 2013, 21:55 |
|
revolution 13 Oct 2013, 23:15
Frank wrote: However: vid's binaries are from 2007, and fasm has changed a lot in the meantime. If you recompile vid's stuff with a modern fasm, do you then still get a massive number of false positives? If yes, then I guess Tomasz (the author of fasm) may be interested to learn about the fact. |
|||
13 Oct 2013, 23:15 |
|
Frank 13 Oct 2013, 23:23
@revolution: That is mostly correct, but not fully. Sasha wrote about an AV program on his computer: "Once I had it, but I had to turn it of, when compiling. Interesting, while the .exe file was not detected as a virus, it was still alerted on compilation process itself." I had a similar problem, circa 2-3 years ago, and a fasm upgrade solved it. The problem was not in my own code, but something in the PE part that fasm contributes to the executable.
EDIT: Yes, I know that the above sounds rather wishi-washi. I don't have the time to reconstruct the exact fasm versions that caused it. Anyway, it's an empirical question -- Sasha can simply recompile vid's source code, produce a new ZIP file, re-upload that to VirusTotal, and then compare the number of false positives. |
|||
13 Oct 2013, 23:23 |
|
revolution 14 Oct 2013, 01:52
I tried to recompile the DLL file and do a binary compare but I can't figure out how to do it. Has vid posted instructions somewhere on how to make a new DLL? There is no file in the zip file that I could find that has 'format pe dll' so perhaps vid has some Secret Recipe©®™ to generate the DLL?
|
|||
14 Oct 2013, 01:52 |
|
MazeGen 15 Oct 2013, 07:39
Frank wrote: Or hunt down vid (the author of the library), and convince him to remove all binaries from the ZIP file. That's a single point of contact for you => easier to do. It is also a future-proof solution: no precompiled binaries => no false positives any more. That's exactly what I told him just few weeks ago but he's such a lazy lout! :P |
|||
15 Oct 2013, 07:39 |
|
vid 15 Oct 2013, 13:20
Hello again!
So, I removed compiled examples from fasmlib-0.8.0.zip. Now it comes out clean on virustotal.com. Fortunately, none of library binaries was flagged as virus: https://www.virustotal.com/en/file/2162c95f8e4aedb9daf9666aac7658af79a666684a43ce4c4e8d883f61135958/analysis/1381842511/ I still do like the project as an idea, but I have different interests now and do not plan to spend time on it anymore. Whoever wishes to do whatever with the library is free and welcome to do so. I can give advice / explain things about its working as far as I remember, but I won't go hunt down bugs or anything. Quote: I tried to recompile the DLL file and do a binary compare but I can't figure out how to do it. Has vid posted instructions somewhere on how to make a new DLL? There is no file in the zip file that I could find that has 'format pe dll' so perhaps vid has some Secret Recipe©®™ to generate the DLL? Because I was building library for number of compilers under two OSes, and with documentation generated from sources in various formats, I used a rather complicated build process. It was a big ugly batch file that used quite many 3rd party tools. One of those tools is not preserved (AsmDoc, custom tool I wrote to parse documentation from comments in source file to DocBook format). So it won't be possible to replicate entire build process, particulary to generate up-to-date documentation from sources. I also do have development version of unreleased fasmlib-0.9 laying around, if anyone wants it. It added tiny layer to access command line options and a text -> floating point conversion. I have sent it to few people who asked for it over the years. |
|||
15 Oct 2013, 13:20 |
|
revolution 15 Oct 2013, 15:04
Hi vid. Thanks for the response. I am sure if you offer v0.9 people will ask for it, so perhaps you can simply post it here and satisfy all those that may wish to take advantage of it.
|
|||
15 Oct 2013, 15:04 |
|
Goto page Previous 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.