Import from msvcrt.dll to reduce false positives in anti-virus software

virustotal false positives before the change: smlrcc.exe 9/67 smlrpp.exe 11/67 smlrc.exe 22/68 smlrl.exe 18/66 n2f.exe 17/67 virustotal false positives after the change: smlrcc.exe 8/67 smlrpp.exe 5/67 smlrc.exe 20/68 smlrl.exe 14/67 n2f.exe 5/66
alexfru · Sep 7, 2021 · 88d1ca8 · 88d1ca8
1 parent b2ab504
commit 88d1ca8
Show file tree

Hide file tree

Showing 10 changed files with 62 additions and 0 deletions.
diff --git a/v0100/binw/n2f.dat b/v0100/binw/n2f.dat
diff --git a/v0100/binw/smlrc.dat b/v0100/binw/smlrc.dat
diff --git a/v0100/binw/smlrcc.dat b/v0100/binw/smlrcc.dat
diff --git a/v0100/binw/smlrl.dat b/v0100/binw/smlrl.dat
diff --git a/v0100/binw/smlrpp.dat b/v0100/binw/smlrpp.dat
diff --git a/v0100/lib/lcw.a b/v0100/lib/lcw.a
diff --git a/v0100/srclib/c0.c b/v0100/srclib/c0.c
@@ -488,6 +488,10 @@ void _start(unsigned long exitAddr, void* psp, void* env, char* argv0,
 
 static char emptyarg[] = "", *emptyargv[2] = { emptyarg, NULL };
 
+// Import something from msvcrt.dll to reduce false positives in anti-virus software.
+extern int __msvcrt_abs(int);
+static int (*pabs)(int) = &__msvcrt_abs;
+
 static
 int setargs(int* pargc, char*** pargv)
 {

diff --git a/v0100/srclib/fakmvcrt/abs.c b/v0100/srclib/fakmvcrt/abs.c
@@ -0,0 +1,20 @@
+/*
+  Copyright (c) 2021, Alexey Frunze
+  2-clause BSD license.
+*/
+#ifdef _WINDOWS
+
+#define DLL "msvcrt"
+#define FXN "abs"
+#include "../dimports.h"
+
+int __msvcrt_abs(int x)
+{
+  asm(
+    "push dword [ebp+8]\n"
+    "call dword [__imp__abs]\n"
+    "add  esp, 4"
+  );
+}
+
+#endif // _WINDOWS
diff --git a/v0100/srclib/fakmvcrt/msvcrt.c b/v0100/srclib/fakmvcrt/msvcrt.c
@@ -0,0 +1,35 @@
+/*
+  Copyright (c) 2021, Alexey Frunze
+  2-clause BSD license.
+*/
+#ifdef _WINDOWS
+
+asm(
+" section .dll_import0_msvcrt write align=4\n"
+"     extern __start__dll_import2_msvcrt\n"
+"     extern __start__dll_iat2_msvcrt\n"
+"     dd __start__dll_import2_msvcrt, 0, 0, __msvcrt_dll__, __start__dll_iat2_msvcrt\n"
+
+// .dll_import2_msvcrt section follows.
+
+" section .dll_import2_msvcrt_trailer write align=4\n"
+"     dd 0\n"
+
+// .dll_import3_msvcrt section follows.
+
+" section .dll_import4_msvcrt write align=1\n"
+"     global __msvcrt_dll__\n"
+" __msvcrt_dll__:\n" // win32 functions will pull this file by this symbol
+"     db \"msvcrt.dll\", 0\n"
+
+// .dll_iat2_msvcrt section follows.
+
+" section .dll_iat2_msvcrt_trailer write align=4\n"
+"     dd 0\n"
+
+" section .data\n"
+"     extern __dll_imports\n"
+"     dd __dll_imports\n" // pull ../dimports.c
+);
+
+#endif // _WINDOWS
diff --git a/v0100/srclib/lcw.txt b/v0100/srclib/lcw.txt
@@ -63,6 +63,9 @@ kernel32/wait4sob.c
 kernel32/writefi_.c
 kernel32/writefil.c
 
+fakmvcrt/msvcrt.c
+fakmvcrt/abs.c
+
 c0w.asm
 c0.c
 x87.c