Am I the only one getting a virus warning as soon as I try to unpack the ZIP file?

This one is found within the binary:
TR/Crypt.XPACK.Gen

Regards
 notna

On 18.02.2011 11:00, Dmitry Olshansky wrote:
> The fresh beta of universal linker UniLink has arrived, with exciting
> new features.
>
> Quoting the changelog:
> + Preliminary support of Digital Mars D language compiler.
>
> + The debug info processing in old CV format added (dmc, dmd, watcom,
> old ml).
>
> And it works! At least for the first part.
> I actually linked my port of DMDscript and run it through some stress
> tests, no problems so far.
> The nice thing is reduction in half of the resulting binary size.
>
> As to debug info I think it may need another round of polishing... but
> the devs are willing to support it ;)
> C:\ulink>ulink -v test.obj
> UniLink v1.07 [beta] (build 3.01)
> Error: Invalid debug information in 'test.obj'
>
> Nevertheless the grim rule of Optlink in windows lands is at end :)
>
> Some tips on how to get started.
>
> Grab the latest beta here (for now it's ulnb0301.zip):
> ftp://ftp.styx.cabel.net/pub/UniLink/
> Installation is extract + add to PATH
>
> Also to save you a bit of investigation, the relevant ulink.cfg config
> for dmd is along the lines:
> -zkernel32;advapi32;user32;wsock32;shell32;snn
> -LC:\dmd2\windows\lib
> -Go
>
>

On 18.02.2011 23:15, notna wrote:
> Am I the only one getting a virus warning as soon as I try to unpack the ZIP file?
>
> This one is found within the binary:
> TR/Crypt.XPACK.Gen
>

Ouch, that creepy. My McAfee doesn't detect anything. Being suspicious  by nature I run it through http://www.virustotal.com <http://www.virustotal.com/>
1/42 positives which makes my think you have Avira AntiVir.
Well, I'm aware that UniLink uses some weird protection techs to prevent revers engineering, and digging through Avira database reveals it's heuristic entry in nature:

*TR/Crypt.XPACK.Gen*

*Description:*
A generic detection routine designed to detect common family characteristics shared in several variants.

This special detection routine was developed in order to detect unknown variants and will be enhanced continuously.

IMHO it's misfire, but it might be a good idea to send them the file for analysis.

-- 
Dmitry Olshansky

On Fri, 18 Feb 2011 15:35:17 -0500, Dmitry Olshansky <dmitry.olsh@gmail.com> wrote:

> On 18.02.2011 23:15, notna wrote:
>> Am I the only one getting a virus warning as soon as I try to unpack the ZIP file?
>>
>> This one is found within the binary:
>> TR/Crypt.XPACK.Gen
>>
>
> Ouch, that creepy. My McAfee doesn't detect anything. Being suspicious  by nature I run it through http://www.virustotal.com <http://www.virustotal.com/>
> 1/42 positives which makes my think you have Avira AntiVir.
> Well, I'm aware that UniLink uses some weird protection techs to prevent revers engineering, and digging through Avira database reveals it's heuristic entry in nature:
>
> *TR/Crypt.XPACK.Gen*
>
> *Description:*
> A generic detection routine designed to detect common family characteristics shared in several variants.
>
> This special detection routine was developed in order to detect unknown variants and will be enhanced continuously.
>
> IMHO it's misfire, but it might be a good idea to send them the file for analysis.
>

Yeah, I dropped Avira in favor of Avast because they have some big problems, kind of like this.

-Steve

Yes, I've Avira AntiVir. I'm quite happy with it since years and it's kind od common here in Germany...

Thanks a lot for your help, I'll send them the file and the log...

Btw, also thanks for the tool. It really sounds great!


On 18.02.2011 21:35, Dmitry Olshansky wrote:
> On 18.02.2011 23:15, notna wrote:
>> Am I the only one getting a virus warning as soon as I try to unpack
>> the ZIP file?
>>
>> This one is found within the binary:
>> TR/Crypt.XPACK.Gen
>>
>
> Ouch, that creepy. My McAfee doesn't detect anything. Being suspicious
> by nature I run it through http://www.virustotal.com
> <http://www.virustotal.com/>
> 1/42 positives which makes my think you have Avira AntiVir.
> Well, I'm aware that UniLink uses some weird protection techs to prevent
> revers engineering, and digging through Avira database reveals it's
> heuristic entry in nature:
>
> *TR/Crypt.XPACK.Gen*
>
> *Description:*
> A generic detection routine designed to detect common family
> characteristics shared in several variants.
>
> This special detection routine was developed in order to detect unknown
> variants and will be enhanced continuously.
>
> IMHO it's misfire, but it might be a good idea to send them the file for
> analysis.
>

> Am I the only one getting a virus warning as soon as I try to unpack the ZIP file?
>
> This one is found within the binary:
> TR/Crypt.XPACK.Gen

Yep, Antivir is pretty paranoid and fires up even if an exe is only compressed.

On 2/18/2011 2:28 PM, Andrej Mitrovic wrote:
> Is there even such a thing as Win64 OMF?

Ok, maybe there isn't.  I just assumed there was.  The bottom line is that it makes sense to get DMD to generate the 64-bit object files first so that people with alternative linkers can use it in 64 mode, and then and only then worry about the linker.

On 18.02.2011 11:00, Dmitry Olshansky wrote:

> The nice thing is reduction in half of the resulting binary size.

That's indeed nice! The unnecessarily huge size of binaries created with D / Optlink was in fact something hindering me to use D at all!

-- 
Sebastian Schuberth

Sebastian Schuberth wrote:
> On 18.02.2011 11:00, Dmitry Olshansky wrote:
> 
>> The nice thing is reduction in half of the resulting binary size.
> 
> That's indeed nice! The unnecessarily huge size of binaries created with D / Optlink was in fact something hindering me to use D at all!

I'm sure that linker is doing it by writing compressed exe's. This means that it has the same memory footprint, and it loads slower because it must be decompressed. Also, if you store it in a zip file, the zip file won't be any smaller because recompressing compressed data doesn't make it smaller.

On 24.02.2011 21:41, Walter Bright wrote:
> Sebastian Schuberth wrote:
>> On 18.02.2011 11:00, Dmitry Olshansky wrote:
>>
>>> The nice thing is reduction in half of the resulting binary size.
>>
>> That's indeed nice! The unnecessarily huge size of binaries created with D / Optlink was in fact something hindering me to use D at all!
>
> I'm sure that linker is doing it by writing compressed exe's. This means that it has the same memory footprint, and it loads slower because it must be decompressed. Also, if you store it in a zip file, the zip file won't be any smaller because recompressing compressed data doesn't make it smaller.

Tried that, it's still compresses to roughly 50% of it's size. Well, I no expert but a glance at disassembly shows that at least strings  / imports are intact.
For what it's worth the IDA control flow analysis shows a bulk of unreferenced procedures in optlink's one.
So maybe the case is that they also included a decent stripper.

-- 
Dmitry Olshansky

Dmitry Olshansky wrote:
> On 24.02.2011 21:41, Walter Bright wrote:
>> Sebastian Schuberth wrote:
>>> On 18.02.2011 11:00, Dmitry Olshansky wrote:
>>>
>>>> The nice thing is reduction in half of the resulting binary size.
>>>
>>> That's indeed nice! The unnecessarily huge size of binaries created with D / Optlink was in fact something hindering me to use D at all!
>>
>> I'm sure that linker is doing it by writing compressed exe's. This means that it has the same memory footprint, and it loads slower because it must be decompressed. Also, if you store it in a zip file, the zip file won't be any smaller because recompressing compressed data doesn't make it smaller.
> 
> Tried that, it's still compresses to roughly 50% of it's size. Well, I no expert but a glance at disassembly shows that at least strings  / imports are intact.
> For what it's worth the IDA control flow analysis shows a bulk of unreferenced procedures in optlink's one.
> So maybe the case is that they also included a decent stripper.

If that's so, that's good!