Re: Why RosAsm Breaks on a large number of symbols

From: f0dder (f0dder_spicedham_at_flork.dk)
Date: 07/08/04 

Date: Thu, 8 Jul 2004 14:19:43 +0200

> Now with f0dder's persistent whinging about not closing the two
> handles, what he has missed is that it crashes some versions of Win95
> and win98 and while it works fine on my win2k sp4, a large proportion
> of the world does not have late enough hardware to run such a pig of
> an OS so they are stuck with older versions.
>
9x is pretty fragile, and you don't have any error checking in the
shell routine. If you've had crashes, it's probably because you're
looping GetExitCodeProcess after you've closed the handles, or it
could be because CreateProcess failed and you're closing invalid
handle values. In any case, there's lots of code out there doing
handle-closing and WaitForSingleObject (since it's the proper way
to do this), and none of these apps have broken on any windows version.

> I can reproduce the crash on one box here any time I like
>
...and I can reproduce the sluggishness of the GetExitCodeProcess
polling shell routine any time I like. Would you care posting the
handle-closing version you can reproduce crash with?

> When it comes to the benchmarking of the two different ways to run an
> external process, WaitForSingleObject() is no faster and uses no less
> system based resource so for all of the methods lauded advantages, it
> does not show up where it matters, in the timings and processor usage.
>
Aha - "I don't see any problem, so there isn't any problem". The same
arguing Betov uses against Randall wrt. crashes in RosAsm. It does seem,
though, that the RosAsm crashes are a lot less likely to happen "in the
real world" than sluggish behaviour from your polling loop. Constant
user<>kernel mode switches are a _lot_ more expensive than being removed
from the ready-list until the process terminates...

> To make the point, the polling loop method is no slower than a direct
> call to WinExec() so much of what has been said here is nonsense.
>
WinExec doesn't do much more than a call to CreateProcessInternal (apart
from closing the thread and process handles, of course), and it certainly
doesn't poll until the application terminates.

> I have made it clear that the Gospel according to f0dder does not sit
> on my bookshelf with Knuth and the like as I have also made it clear
> over time that I don't respect virus coding or people who support it.
>
I don't do virus programming, I do not support it, and I never have.

> While f0dder may try and sell the position that he is a born again
> virgin,
>
Sorry, I'm not born-again in any way. I don't support virus programming,
I never have, and I never will.

> literally thousands of people read the threads where he put
> his friends at risk by supporting virus coding for years on end.
>
Sorry, but you're the only one that has ever called me a virus writer.
You might want to contact Hiroshimator and ask him if he thinks I support,
or have supported, virus writing - after all, it's him who runs the board
and not you.

It is true that I've defended malware analysis, and I certainly still do.
Without it, there would be no antiviral software, and security holes would
take longer to fix - if they were reported at all. Before you say some
nonsense along the lines of "it's the BIG companies that do this", you
should perhaps have a look at bugtraq, or the number of small targetted
trojan/virus removers written by independent people. Also, where do you
think the AV and security companies hire their people? There's at least
"a few" of the old #win32asm (and "that other channel") regulars who
work in the security industry now. One of them does malware analysis for
a security company, another works on one of the major shareware protectors.

So I suggest you stop spreading your libel, or at least provide some link
to a place where I promote/defend viral programming, or to any source or
information I might have released that is used for viral programming. And
while you're at it, you might want to remove mob/drdcma's "noimport" sample
from your MASM32 distribution, as he _has_ demonstratably written trojans,
and that piece of code certainly can be (and is) used for viral techniques.
"i'm over that virus *** so don't waste your time..." - direct quote from
the source, in case anybody wonders what mob's background is.