Author Topic: Strange AV shenanigans in win 10  (Read 12279 times)

Offline ShaiHulud

  • Jr. Member
  • *
  • Posts: 3
Strange AV shenanigans in win 10
« on: July 07, 2020, 12:05:55 PM »
ok. found a really interesting bug (or feature?) in windows 10...and this 'trigger' is a weird one.

using NASM 2.15.03rc1 (32 bit), and GoLink v1.0.3.0

Code: [Select]
global _main
extern _ExitProcess@4
extern _GetStdHandle@4
extern _WriteFile@20

section .text
_main:
mov ebp, esp
sub esp, 4

push -11
call _GetStdHandle@4
mov ebx, eax

push 0
lea eax, [ebp-4]
push eax
push (message_end - message)
push message
push ebx
call _WriteFile@20

push 0
call _ExitProcess@4

hlt
message:
db 'Hello, world.', 10
message_end:

standard intro asm code. i know. Ive been out of the asm game for a long time, looking to get back into it.  this compiles, and works perfectly from a normal command line.

now the fun part: change message to:   db  'NASM Rocks!',10

exe will NOT execute, i get 'The system cannot execute the specified program.' error, and the exe itself is deleted automatically.

But, it works fine if I put it back to Hello, world.

I are seriously confussed. did the text 'NASM Rocks' get flagged as a nasty virus thing?