flat assembler
Message board for the users of flat assembler.

Index > Heap > MSN control;??

Author
Thread Post new topic Reply to topic
mrblobles



Joined: 05 Apr 2007
Posts: 41
mrblobles
ok so I'v seen these *.com programs that like send messages in msn and stuff, does anyone knwo where i can learn how to do this?

_________________
pokemon on my iPod = awesome
Post 12 Apr 2007, 21:23
View user's profile Send private message MSN Messenger Reply with quote
bttr



Joined: 21 Oct 2003
Posts: 16
Location: Berlin, Germany
bttr
What language are you talking? I don't understand your posting.
Post 13 Apr 2007, 10:48
View user's profile Send private message Visit poster's website Reply with quote
Matrix



Joined: 04 Sep 2004
Posts: 1171
Location: Overflow
Matrix
very interesting problem, i have not seen things like that yet
Post 15 Apr 2007, 18:06
View user's profile Send private message Visit poster's website Reply with quote
Pinecone_



Joined: 28 Apr 2008
Posts: 180
Pinecone_
I've seen one.. I thought it was weird so i looked into it, it turned out to be a regular PE file. Under XP (not sure about other windows versions) any .exe can be renamed to .com or .scr and still function perfectly

i also found it funny that my virus scanner (avast) did not detect the file as a virus unless it was had an executable-type file name (.exe, .com, .scr)
i had the file saved as ".DO NOT OPEN", when i read this thread i had a look at it again and renamed it, right away avast pops up

edit: sorry to bring up an old thread lol
Post 20 Jul 2008, 07:04
View user's profile Send private message Reply with quote
edfed



Joined: 20 Feb 2006
Posts: 4237
Location: 2018
edfed
if you look better , you'll see it is not real .com programs as it is more than 64k in size.

i meat one like this named nokia"something".com

it was simply a worm, using msn as launch base


Last edited by edfed on 22 Jul 2008, 15:32; edited 1 time in total
Post 21 Jul 2008, 19:02
View user's profile Send private message Visit poster's website Reply with quote
System86



Joined: 15 Aug 2007
Posts: 77
System86
Quote:

I've seen one.. I thought it was weird so i looked into it, it turned out to be a regular PE file. Under XP (not sure about other windows versions) any .exe can be renamed to .com or .scr and still function perfectly


Windows looks at the MZ signature (if present) and then the PE signature (if present) to detect the type of executable file. AFAIK, it does not look at the file extension (except to know if the file is directly executable from the shell at all). I know this was the case since MS-DOS, since command.com is often > 64 KB in size and so is not a real .com file, but an exe called a .com for backwards compatibility. In this case the worm was just a Win32 program that was called a .com. It could have been a .exe, .scr, or other executable file extension.
Post 22 Jul 2008, 00:50
View user's profile Send private message Reply with quote
comrade



Joined: 16 Jun 2003
Posts: 1137
Location: Russian Federation
comrade
The CreateProcess API doesn't care the file extension if you put the executable name in lpApplicationName (the first argument to CreateProcess).
Post 22 Jul 2008, 01:18
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
comrade wrote:
The CreateProcess API doesn't care the file extension if you put the executable name in lpApplicationName (the first argument to CreateProcess).
It does handle .bat and .cmd extensions specially, though... but apart from that, it looks at file content rather than extension.

_________________
Image - carpe noctem
Post 22 Jul 2008, 12:43
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.