Slashdot Mirror
Avast Launches Open-Source Decompiler For Machine Code (techspot.com)
Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.
Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.
Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.
PIC32 and MIPS!
It's like a PIC32 isn't actually a MIPS based MCU.... oh wait, it is.
Back in the late 70's I loaded TRS-80 games into my debugger, it also let me dump the results into a text file. Finding things like "jump to label_foo" helped, but was not the be-all end-all.
The killer was when I debugged my TRS-80 BASIC interpreter in ROM. You'd have some 3 byte instruction, "jump here", then somewhere else you'd have a 3 byte instruction "jump into the middle of this 3 byte instruction to do something completely different". My understanding is Bill did those, but for all the evil he did I have major respect for his coding abilities.
I beat a lot of games running my debugger on them. 90% sure it was called TRS-MON, but wouldn't bet my retirement on it.
Perhaps if you built a fingerprint based on the structure of calls across functions, you could map it back to source code from github. Not that malware is generally posted to github, but I'd be surprised if they didn't use a TON of third_party libraries, and factoring all of those out would make what's left easier to understand and also let you focus better.
i uploaded a file containing several c files into a lib. everything seems to work as i would expect. i selected the c file i wanted but then it failed saying file wasnt found.
Why wouldn't you just release it as open source? Is it because APK Hosts File Engine 10++ 32/64-bit contains MALWARE and VIRUSES?
One of the big issues with decompilers is that compilers do not generate the same output for the same input. In addition, multiple versions of a compiler and different flags yield different results as well. After some thought, I've come to the conclusion that the only viable solution is to build a neural network that can detect and compensate for all the idiosyncrasy using many different test cases (and their binaries) as training data. Ultimately be able to return not only the most likely version of the source code but also the compiler name, version and flags used to compile it.
We have the technology to solve this seemingly impossible problem.
Anons need not reply. Questions end with a question mark.
Probably also helpful when searching for vulnerabilities?
4wdloop
Reason AV companies don't like exe packing is it alters a WinPE program loader & "encrypts" (compresses) prog interior so they cannot just do an ASM dump via a debugger/disassembler & trace it to see how a program operates (they try say "but, but, but... VIRUSES use that" well, so do good programs).
* THAT is NOT as easy for them to do when an executable is a 'packed' one...
APK
P.S.=> Anyhow - there tis, rest of my post I couldn't fit into the parent of this one (us AC posters have short post lengths & it forces me to EDIT & RE-EDIT constantly, often omitting detail (& sometimes it makes me make mistakes doing so - I wish it wasn't thus but I suppose it stops MILES LONG troll posts etc.))... apk
AVR, MSP and L106 (Tensilica/ESP8266) missing...
Especially for MSP, there seem to be a lot of products using it (Honeywell thermostats, Ikea lighting)...
4wdloop
What would stop someone from creating a malicious software and naming it APK Hosts File Engine 10++ 32/64-bit? I mean, different malicious software, because I am assuming your version of APK Hosts File Engine 10++ 32/64-bit is MALWARE. So why not just open source it, so we can see what it does?
See subject: My program's false positive was overturned by "yours truly" & malwarebytes + here's proof https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ that it is SAFE & that 9 antiviruses made a HUGE mistake also (self checking vs. infection of it built-in as I said also WHICH WOULD BE BETTER if I could STILL PACK THE .EXE FILE!)
APK
P.S.=> Happy now? apk
I am assuming your version of APK Hosts File Engine 10++ 32/64-bit is MALWARE.
I'm guessing others have tested it in a sandbox for malicious behavior. Do you assume Intel and AMD CPUs contain malware? And if you do, do you use them despite said assumption?
So why not just open source it
If this post is to be believed, APK doesn't want people adding malware, building it, and distributing it, like eFast did with Chromium.
The other option is for some Slashdot user to make a free replacement. Does the functionality described in this specification appear useful?
See my subject + "I personally use a HOSTS file blocker produced from a genius called APK" by 110010001000 (697113) on Friday October 27, 2017 @09:35PM (#55448365) , hmmm?
(Additionally - if you don't KNOW who VirusTotal is? You don't know much ClamAV CLEARS ME THERE as SAFE & IF ClamAV said that? I'll have to 'rip them a new one' via attorney if need be, directly - no problem!)
APK
P.S.=> Stop being a pest - & I take NO PLEASURE in making you look like a LIAR either (you're doing it to yourself)... apk
unfortunately it de-compiles the machine code to perl.
Nullius in verba
I ran some of my own ARM code through this. While I did build with -Os, I did not strip the .elf. The source it produced was a reasonable approximation of what I wrote, but it was far from legible. Little things like using hexadecimal for memory addresses are a minor nitpick, but I found it had trouble even with basic interrupt handlers. I would have expected something aimed at targeting embedded systems would do a better job of of this, but still... very interesting (and very fast)!
If it does PIC32 specific functionality like decode that chip's MMIOs, that's a nice feature of simply decoding MIPS object files.
“Common sense is not so common.” — Voltaire
Every unsigned binary from APK is a potential threat. The guy is a loose cannon and will substitute so-called "audited" code with malicious files on a per host basis.
Don't let this smarmy fool trick you.
ZIP
Reason AV companies don't like exe packing is it alters a WinPE program loader & "encrypts" (compresses) prog interior so they can't just do an ASM dump via a debugger/disassembler & trace it to see how a program operates (they try say "but, but, but... VIRUSES use that" well, so do good programs).
* THAT is NOT as easy for them to do when an executable is a 'packed' one...
APK
P.S.=> Anyhow - there tis, rest of my post I couldn't fit into the parent of this one (us AC posters have short post lengths & it forces me to EDIT & RE-EDIT constantly, often omitting detail (& sometimes it makes me make mistakes doing so - I wish it wasn't thus but I suppose it stops MILES LONG troll posts etc.))... apk
60 antiviruses say differently so EAT YOUR WORDS https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self check vs. infection of it built-into it too no less)
APK
P.S.=> Trolls - you never learn (I've been thru all this before & came out victorious via concrete, undeniable + verifiable facts I use vs. your "ilogic-forums-logic" - & I would take credit for the win but it's really you TROLLS defeating YOURSELVES, lol, so I can't fully @ least - RoTfLmAo!)... apk
no mention in the article of what the decompiler actually decompiles to ..
* Packing exes protect vs. hexedit & viruses attaching to .exe tail & altering function jmp tables
Any exe malware can attach to a binary whether packed or unpacked. You can pack any binary all you want, even pack it multiple times, any malware like CIH can still attach to your packed binary. You are talking rubbish.
No I'm not (it helps hide how I detect it) by obfuscation hiding functions/methods where I summon an .exe size for even 1 BYTE in sizecheck (no virus is that small) & CRC32 check (multiple times from creation to hWnd Destroy) on the program itself on disk (for permanency by malware on reuse + to spread/multiply - I detect for it & tell users to reinstall from fresh copy & shutdown disallowing run - reinstall, instant clean again).
APK
P.S. => This is why malware makers etc. use it too (it works as a protectant but I make it work for me beyond it detecting changes in my .exe itself - it works great & compacting helps hide it's done to an extent)... apk
"I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised" - by mmell on Thursday February 16, 2017
"I've never tried to belittle (APK's work), I've flat out said it's good" - by BronsCon on Thursday February 11, 2016
"his hosts program is actually pretty good" - by xenotransplant on Monday August 10, 2015
"his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources" by alexgieg on Friday September 25, 2015
"I like your host file system." - by Karmashock on Wednesday September 09, 2015 (#50489401)
"I do use APK's host file on all my systems at home" by OrangeTide on Friday December 01, 2017
"I personally use a HOSTS file blocker produced from a genius called APK." by 110010001000 on Friday October 27, 2017
* Want more? Ask
APK
P.S.=> Sort's fast on THREAD of its own + dedups & fp filters too... apk
UltraEdit (Text editor) will show all text in a file, one can fairly call a files function with just that.
Long ago there was a program called "Peek" that showed all text in a file none of the hex/high Ascii that UltraEdit also shows; W2K broke it and I've missed it every since.
I'll be giving this program a try.
This is probably a waste of time, but ... When you're typing a message and say "see the p.s. below", it means you _know_ at that point that you will be having a p.s. But in that case you could just place the text where you are, and not _need_ a p.s.
a decompiler won't care whether you compiled a C++, assembler, C or whatever language the program being reversed was compiled on.
It will care, because some language (e.g.: C++) have specific data structures and ways (vtables) to handle some language specific features (object virtual member inheritance) which could be detected by the specific plugin (i.e.: instead of spewing a weird mess of nested "struct" and pointer-to-pointers, it can recognize that his is just a call to a virtual method)
(for the few hipsters outthere : think the difference between vala and the corresponding GObject pure-C code).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
x86 is hard to decompile. It doesn't have fixed length instructions, so it is difficult to figure out where opcodes begin and end. It is even possible to write code that can execute two different sequences of instructions by offsetting the instruction pointer by a byte. I don't think any decompiler could deobfusticate that.
The simple code dumper that comes with garden variety debugger won't easily deobfuscate that. (You need to manually ask the debugger to start dumping from the 2 overlapping point).
That why, the best decompilers available in the 90s used some sort of virtual machine to follow through the execution flow, and be able to distinguish such kind of "frame shifts" (that's actually a biology term, I've forgotten what the proper CS term is), and also be able to understand a bit of self-modifying code.
(Basically, the decompiler will notice that various part of the code make calls into the same region but at an odd offset, and will automatically try dumping with from each overlapping point)
Makes it also possible to put actually-useful label/names into variable. (call something "sound_frequency" instead of "var184" because by following the data flow, the decompiler release that this is the parameter the is output to the PC-Speaker tone generator).
Sourcer by V-Com was one such good decompiler.
(I managed to learn quite a ton of tricks like PCM play on the PC Speaker, tweaked graphical modes, etc. simply by using sr to inspect interesting executables.
I even manage to desinfect a cracked game that was saddly being distributed infected with some virus)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
the structure of calls across functions
Recognizing some code flow was a staple of the best decompiler back in the 90s :
e.g. being able to recognize a certain code pattern (a sequence of ports smashing) as a high-level abstraction (initializing sound hardware).
Your idea would certainly be the 2010s-era equivalent. (= This portion looks like code reuse from "Zstd" decompressor)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Of course, this only helps the 5 of us left who still code in ASM. "Kids these days" seem to think that ASM "sucks" because "it's old". If the language doesn't have trait based generics, zero cost abstractions, and a partridge in a pear tree then again it's "old" and it "sucks". It's entertaining to watch your average 20-something java/python/PHP coder try to take on ASM. Their efforts generally don't last more than about five minutes when they find out they have to build their own control structures, and mama's not gonna wipe their butts with Visual Studio tooltip hints. If this wizzbang tool decompiled code into Rust, then maybe the cool kids would want it. As it is, they will do what they always do with ASM based tools: hand-wave like they know exactly how it works and then promptly ignore it. Anyhow, back to my ASM-One environment on my 68k Amiga. If anyone needs me I'll be here squatting on this temporal nexus to the 1990s. :-)
See subject. Now see p.s. below.
P.S. => I really don't know why I'm doing this.
What would stop someone from creating a malicious software and naming it APK Hosts File Engine 10++ 32/64-bit?
The fact that its hash wouldn't match that of the existing APK Hosts File Engine 10++ 32/64-bit posted all over forums.
Now if you replace "10" with "11" in your question, you have a more interesting problem: how to distinguish subsequent versions of the same publisher's application from an impostor's malware. The publisher of the authentic application could generate a self-signed code signing certificate and sign each version of all of its programs. Then each user would configure his devices to "Trust other programs from publisher APK". In my opinion, Microsoft screwed up Authenticode for hobbyist programmers by requiring paid organizational validation of all certificates from a commercial certificate authority rather than allowing reputation to accumulate on self-signed publisher certificates.
How does this project compare to the existing machine code compilers, namely Valgrind's VEX library and Qemu's tiny code generator (https://wiki.qemu.org/Documentation/TCG)?
No I'm not (it helps hide how I detect it) by obfuscation hiding functions/methods where I summon an .exe size for even 1 BYTE in sizecheck (no virus is that small)
You don't know much about writing viruses; that much is clear, because checking the size is a waste.
One popular approach for viruses is to put the original file elsewhere (where elsewhere can either be elsewhere on a file system, or for file systems that support it, in a resource fork or attribute list of the same file), and then pad the virus to the desired file length.
For weak CRCs, even change the padding to return the same CRC.
But worse, you also then prevent the binary from running on systems where the binaries are always modified before being run, for example by rebase/prelink, or by adding library paths to the executable, or systems which depend on setting contexts on files, or requires nx bit set, or ...
Making assumptions about the runtime environment is so 1990s.
Security through obscurity is what you're attempting here, and you require people to lower their security if it's too high.
Good programs use exe packers too as I said
Name one that's from this decade.
CA antivirus went under & before that my works were proven clean/no threat in the end as CA admitted & so also did Thor "ScMuCk"!
(LMAO, like that? I do, makes me LAUGH!!!)
Both had to EAT THEIR WORDS too on their false accusation/false postive on a ware of mine no less!
ALMOST same as I noted on my latest creation's being falsely accused by 9 antivirus companies for the WRONG REASONS & then exhonorated/cleared on facts I listed here, undeniable/concrete/verifiable ones too.
I never needed an attorney vs. those 2 (they did themselves in).
* All antivirus are the ones showing their ass now (full of bugs/exploits & SLOWING YOU DOWN - I give users warp drive & a deflector shield too that does more for less vs. any other "so-called 'solution'" bar-none natively for free)
APK
P.S.=> You never answered my question of WHY you still use my ware... apk
It's an honest one quoting him using my work (& many downmod hidings of it when I ask such as) https://news.slashdot.org/comments.pl?sid=11478805&cid=55736143/ but no straight answer from him...
* FUNNY he SHUT UP QUICKLY afterwards & ran too (not).
APK
P.S.=> It's fun using others' words against them & very easy to shoot them down when THEY SUPPLY THE AMMO FOR ME TO DO SO, lol... apk
It's known protectionvs. reverse engineering: PROOF: "Packing an executable file is a way of compressing executable code firstly to minimize filesizes, but often it is also used to complicate the reverse engineering process" from http://yaisb.blogspot.com/2006/07/packed-executables.html/
(WHICH AGAIN IS WHY I USED IT (& to speed up loads of its from disk or across a LAN due to smaller filesize for pickup from disk)).
As far as sizecheck?
You change 1 byte in my work it won't run telling you to reinstall it to CLEAN it stupid. It detects infection that way!
APK
P.S.=> Exe Compression obfuscates strings & even dll exported function call names when you .exe pack so they can't be seen easily! Reverse engineering is aided by KNOWING those (I had to use it in the early days of cross platform programming to the AS/400's OS/400 with IBM ClientAccess to use its functions & see their names to use them in fact)... apk
See subject & answer: It doesn't - Others prove you wrong https://news.slashdot.org/comments.pl?sid=11478805&cid=55739687/ exepacking helps secure programs vs. disassembly as I always stated (w/ myself doing it easily to you beforehand)!
* You fail as always (you obviously don't have anything to show YOU'VE done that's any good but I can, even our /. peers saying so quoted).
APK
P.S.=> Lastly - "big talk" from you - you produce nothing that others like & use as I have provably https://news.slashdot.org/comments.pl?sid=11478805&cid=55736689/ talker - PROVE OTHERWISE & prove me wrong "arth1"... apk
See my subject + "I personally use a HOSTS file blocker produced from a genius called APK" by 110010001000 (697113) on Friday October 27, 2017 @09:35PM (#55448365) , hmmm?
(Additionally - if you don't KNOW who VirusTotal is? You don't know much ClamAV CLEARS ME THERE as SAFE https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking vs. infection of my program's also built-into it)) ... & IF ClamAV says otherwise on their websites? I'll have to 'rip them a new one' via attorney if need be, directly - no problem!
APK
P.S.=> Stop being a pest - & I take NO PLEASURE in making you look like a LIAR either (you're doing it to yourself ESPECIALLY YOU DOWNMOD HIDING MY REPLIES https://news.slashdot.org/comments.pl?sid=11478805&cid=55736143/ & YOU RUNNING FROM ANSWERING A SIMPLE QUESTION)... apk
See my subject + "I personally use a HOSTS file blocker produced from a genius called APK" by 110010001000 (697113) on Friday October 27, 2017 @09:35PM (#55448365) , hmmm?
(Additionally - if you don't KNOW who VirusTotal is? You don't know much ClamAV CLEARS ME THERE as SAFE https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ ) ... & IF ClamAV says otherwise on their websites? I'll have to 'rip them a new one' via attorney if need be, directly - no problem!
Additionally (in THIS post @ least, not my other one saying the same thing to you asking the same question):
WHY SHOULD I GIVE AWAY MY RELATIVELY HARD WORK?
(Least of all to have it duplicated for malicious purposes are YOU are SAYING too & that I've told you I was threatened idiots would use the code to create a malicious Google EFAST Chrome out of it too!)
APK
P.S.=> Stop being a pest - & I take NO PLEASURE in making you look like a LIAR either (you're doing it to yourself ESPECIALLY DOWNMOD HIDING IT & REFUSING TO ANSWER A SIMPLE QUESTION https://news.slashdot.org/comments.pl?sid=11478805&cid=55735917/ )... apk
See my subject + "I personally use a HOSTS file blocker produced from a genius called APK" by 110010001000 (697113) on Friday October 27, 2017 @09:35PM (#55448365) , hmmm?
(Additionally - if you don't KNOW who VirusTotal is? ClamAV CLEARS ME THERE as SAFE https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/ (self checking vs. infection of my program's also built-into it) ... & IF ClamAV says otherwise on their websites? I'll have to 'rip them a new one' via attorney if need be, directly - no problem!
APK
P.S.=> Stop being a pest - & I take NO PLEASURE in making you look like a LIAR either (you're doing it to yourself as YOU TRY "DOWNMOD HIDE" LAST TIME I ASKED YOU A SIMPLE QUESTION YOU RUN FROM https://news.slashdot.org/comments.pl?sid=11478805&cid=55735965/ )... apk
See subject: I was actually threatened a few times by trolls here that IF I did? They'd create an EFast Google Chrome malicious one of it.
* Not even a 'nice try' in 'downmod hiding' last time I posted to you on this https://news.slashdot.org/comments.pl?sid=11478805&cid=55735735/ & even tepples told you my VERY VALID REASONS for not doing so.
Above ALL else though?
1.) I don't owe my HARD WORK IN CODE @ all to have it possibly stolen & misused
2.) my program is proven safe by every antivirus @ VirusTotal https://www.virustotal.com/en/file/e01211ca36aa02e923f20adee0a3c4f5d5187dc65bdf1c997b3da3c2b0745425/analysis/1433430542/
3.) The fact that Malwarebytes' S. Burn code audited its code for safety & passed it w/ FLYING COLORS both hosting & RECOMMENDING it @ malwarebytes' hpHosts too!
(.. & WHY DO YOU USE MY WARE THEN CALLING ME A GENIUS FOR ALSO https://news.slashdot.org/comments.pl?sid=11478805&cid=55740655/ ?
APK
P.S.=> There you go & THAT DID HAPPEN TO GOOGLE doing "OpenSORES" by the way (look it up)... apk
See subject: That exepacking helps secure programs vs. disassembly https://news.slashdot.org/comments.pl?sid=11478805&cid=55739687/ as I always stated myself before THAT proof!
* You fail as always!
Plus you obviously don't have anything to show YOU'VE done that's any good YOURSELF!
(YET I can, even our /. peers saying so quoted)
Thanks for YOU defeating yourself FOR ME, lol!
APK
P.S.=> Lastly - "big talk" from you - you produce nothing that others like & use as I have provably https://news.slashdot.org/comments.pl?sid=11478805&cid=55736689/ talker - PROVE OTHERWISE & prove me wrong "arth1"... apk
See subject: Good programs use exe packers too as I said & so did tepples in his replies as it protects vs. hexedit alters, viral infestation & disassembly.
* All this is in my replies to you but YOU SEEM TO BE UNABLE TO READ & COMPREHEND ENGLISH!
(What my program DOES is NATIVELY (using what you already have) stop viruses for less resources consumption with less complexity & vulnerablities AV programs HAVE RAMPANTLY & it speeds you up - AV's slow you down!)
See subject: WHAT I AM DEFINITELY SAYING NOW ALSO, however, IS THAT YOU NEED "HOOKED ON PHONICS" (no, you don't - you're just being a useless troll imo!).
Above ALL else? WHY TRY "downmod hide" this then IF I am wrong https://news.slashdot.org/comments.pl?sid=11478805&cid=55735829/ hmmm ?
(You do it because YOU FAIL & you KNOW it!)
APK
P.S.=> More proof of that from you here also https://news.slashdot.org/comments.pl?sid=11478805&cid=55735775/ where I PROVE MY WORK IS SAFE & PROVEN BY NEARLY 60++ ANTIVIRUS PROGRAMS @ GOOGLE'S VIRUSTOTAL...apk
See subject: Animating progressbars in that stage SLOWS IT DOWN (your dumb way). D slow the slower longer parts of a program - instead CONCENTRATE ON SPEEDING THOSE UP (it's called optimizing dumbo) + PUTTING VCL ON THREADS != guaranteed threadsafe!
The cursor changing to an hourglass & panels on the page say "please wait, processing" type messages (this is enough & DOES NOT SLOW IT UP LIKE PROGRESSBAR ADVANCES CAN).
* You are ONE STUPID FOOL...
APK
P.S.=> ... & you're ALL TALK, no action (nothing to show you've done better weasel)... apk
1.) When you troll by unidentifiable ac 2.) When you downmod & run 3.) When you reply out of downmodpoints 4.) When you attempt to impersonate me.
* GROW UP!
APK
P.S.=> Poor job of impersonating me
See subject: Especially after all that utter total bullshit "OS were not designed to deal w/ them well" - HORSESHIT lie. Paging has nothing to do w/ packing (all programs do it under Virtual Memory using OS stupid). I see you read on the multiple instances things ONLY SOME PACKERS HAVE AN ISSUE WITH (funny you don't note that, eh? NOT). Yes programs that use Packers can run under ASLR! I do it myself easily. I wonder if YOU EVEN UNDERSTAND WHAT YOU WROTE (after YOU COPIED IT ONLINE, lol).
APK
P.S.=> "By Rote" copy & paste TROLLS have no ability of their own & you PROVE it... apk
"OMG, this should be the Slashdot irony footer quote of the week..." by UNIDENTIFIABLE anonymous worm on Friday December 15, 2017 @10:10PM (#55749741)
See subject, that quote & "... said the unidentifiable anonymous troll worm"
* What else can I say?
APK
P.S.=> It's just "too, Too, TOO EASY vs. UNIDENTIFIABLE anonymous trolling worms ... apk
See subject: Try SECURITY vs. DISASSEMBLY (you fail) via PROOF THEREOF https://news.slashdot.org/comments.pl?sid=11478805&cid=55739687/ as I always stated myself before THAT proof + that proof's SO RIGHT you had to try "downmod hide it" https://news.slashdot.org/comments.pl?sid=11478805&cid=55741281/ last time I posted this!
* You fail!
Plus you don't have a thing to show YOU'VE done that's any good YOURSELF!
(YET I can, even our /. peers saying so quoted https://news.slashdot.org/comments.pl?sid=11478805&cid=55736689/ & YOU DEFINITELY CAN'T, troll!
APK
P.S.=> Lastly - Thanks for YOU defeating yourself FOR ME "arth1"... apk
See subject & my CODING FOR DEFCON packed exe + sizecheck http://it.slashdot.org/comments.pl?sid=158231&cid=13257227/ from 12++ yrs. ago per our peers vs. your bs!
* See subject - you can't & you FAIL!
APK
P.S.=> Proof of your utter fail is your PUNY attempt to EFFETELY 'downmod hide' this last time I posted this proof https://news.slashdot.org/comments.pl?sid=11478805&cid=55742391/ ... apk
I used ExePacking to protect vs. tools like this in APK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/
9 AV companies accused it of being a 'malware' (overturned w/ Malwarebytes' code audit & me proving a PACKED .EXE != MALICIOUS).
* Packed exes protect vs. hexedit & viruses attaching to .exe tail & altering function jmp tables (inserting malcode + adding the callname to jmp table) after a sizecheck if they attempt to UNPACK it & it makes .exe files load faster into RAM + across LAN (smaller .exe file loadsize).
Packing removal stops me from protecting my code as well as I know how vs. attack OR doppleganger creation (doesn't matter - my prog checks itself vs. it).
APK
P.S.=> AV companies = INFLEXIBLE - I had to remove packing OR be falsely accused (yet I protect & speedup users - a BETTER NGAV (Next-Gen AntiVirus))
Reason AV companies don't like exe packing is it alters a WinPE program loader & "encrypts" (compresses) prog interior so they can't just do an ASM dump via a debugger/disassembler & trace it to see how a program operates (they try say "but, but, but... VIRUSES use that" well, so do good programs)
* THAT is NOT as easy for them to do when an executable is a 'packed' one...
APK
P.S.=>Making you faster, safer, more reliably connected & more anonymous for less doing FAR more AAPK Hosts File Engine 10++ 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/ instead of slowing you down & being full of bugs like traditional AV are... apk
See subject: 1 of many FAKE NAMES you have for a FAKE LIFE & you're proven wrong https://news.slashdot.org/comments.pl?sid=11478805&cid=55750983/ by me + OTHERS that ExePacking = a protectant vs. disassembly - period!
* NOT "Security By Obscurity" (as YOU said) but SECURITY vs. DISASSEMBLY as I & others said!
(Coming in days later thinking I wouldn't see you trying to "get the last word" = weak too on your part)
APK
P.S.=> I don't give a shit about anything you say now other than me SHOWING YOU ARE WRONG as wrong gets (& that's along w/ others in that link doing so with & FOR me)... apk