Mail Archives: djgpp/1995/08/26/14:16:15
> well, this is what TBAV says on all djgpp2 programs:
> ! Invalid opcode (non-8088 instructions) or out-of-range branch.
> i Additional data found at end of file. Probably internal overlay.
These are a requirement and can't be changed; should also be seen in V1.x
programs.
> ? Inconsistent exe-header. Might be a virus but can also be a bug.
I don't think this is correct. DJASM uses the unused 512 bytes for
copyright information instead of all zeros, but this isn't inconsistent.
> Z EXE/COM determination. The program tries to check whether a file
> is a COM or EXE file. Viruses need to do this to infect a program.
This is clearly wrong (a bug in TBAV). The stub does add .EXE to file
names and does check for the MZ or COFF signature in files to handle
sym-links. This is a requirement, unless you want to drop support for
sym-links (and that would be unpopular for those using this feature).
> K Unusual stack. The program has a suspicious stack or an odd stack.
> @ Encountered instructions which are not likely to be generated by
> an assembler, but by some code generator like a polymorphic virus.
These seem to be "style" issues - unless the code was generated by
tasm or masm it doesn't like it. Since one of the goals of V2 was to
generate a system which could be completely built and supported with free
tools, it's not going to be built with these. So, does someone spend a
lot of time and effort to modify djasm to make generated code to look
like tasm just to make TBAV happy?
- Raw text -