[Ohrrpgce] [ohrrpgce/ohrrpgce] Virus scanners raise false alarm on game.exe when a game icon is embedded (#38)

Ralph Versteegen notifications at github.com
Sun Sep 5 09:15:06 PDT 2021


This is almost solved!

Firstly, rescanning the previous file, the number of detections dropped to just 7/66 (including Microsoft and McAfee). But they're detecting it based on learning from the previous false positive I think. Embedding an icon in a fresh nightly copy of game.exe produces just 2/66 detections, from only obscure scanners.

Looking at the rcedit issue tracker I discovered that this problem is caused by rcedit not updating the .exe checksum, so I fixed rcedit to do so, solving the problem! 0/66 detections.

However I compiled rcedit using Visual Studio 2019 using the "v141_xp" toolchain which supposedly targets Windows XP. Unfortunately, [it doesn't actually](https://developercommunity.visualstudio.com/t/visual-studio-1692-breaks-windows-xp-targeting/1383023), the compiled rcedit.exe doesn't run on Win XP, even when statically linking the C runtime. It looks like I would have to install a copy of VS 2015 together with another toolchain and Windows SDK, what a nightmare.
Maybe I'll just write a 10-line FB function to compute and set the checksum (which is far simpler than doing it using the winapi checksum function!) I might need such a utility anyway for embedding data files in game/custom.exe.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ohrrpgce/ohrrpgce/issues/38#issuecomment-913183531
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.motherhamster.org/pipermail/ohrrpgce-motherhamster.org/attachments/20210905/2fac3571/attachment.html>


More information about the Ohrrpgce mailing list