Back to home page

DOS ain't dead

Forum index page

Log in | Register

Back to the forum
Board view  Mix view

Smaller C compiler (Announce)

posted by alexfru(R), USA, 22.11.2017, 07:58

> > On this machine, I don't have that installed, only Avast, and even it
> > whines, even after updating. So I just now reported your .ZIP as false
> > positive, hoping they'll fix their error (and maybe it will propagate to
> > other databases).
>
> (I hate to pollute your thread with this, it's almost off-topic.)
>
> <rant>
>
> Sadly, they still haven't fixed their false detection. At least,
> "Reanalyze" on VirusTotal still shows Avast as saying "Win32:Malware-gen"
> (where presumably "gen" means "generic", aka heuristic/guess). 12 days
> later, sigh.
>
...
> </rant>
> ...

I've spent a few hours playing with:
- MZ header (used the ones from mingw and OW)
- PE header meta info (versions from mingw and OW, different time stamp)
- PE header size (set to more common 1024 instead of 4096 and saving 3KB in total size)
and nothing helped.

For a good measure I also uploaded to virustotal a few tiny windows apps that come with FASM and, oh horrors, even those tiny "hello world"-style apps were flagged as malicious by a few engines.

I don't know exactly what's so suspicious about my compiler's output.
One thing I thought was simply poor, unoptimized code with too many memory accesses. Like something that could be automatically generated (duh, that's what compilers do!). But then the same problem would exist in the Linux and MacOS executables. Do those engines not check those other formats at all? Or are there too few viruses for Linux and MacOS?

I have yet to make a few more experiments. Like, compile with gcc but link with smlrl. I should also try Belard's TinyCC as well since it's about as crappy as my compiler in terms of optimization.

I also didn't rule out lack of imports from msvcrt.dll. It must not matter. But it may.

 

Complete thread:

Back to the forum
Board view  Mix view
15191 Postings in 1365 Threads, 250 registered users, 17 users online (0 registered, 17 guests)
DOS ain't dead | Admin contact
RSS Feed
powered by my little forum