94,6 → 94,30 |
BOOL activationContextUsed; |
#endif |
|
#ifdef WIN_ENV |
// The first 64KB of address space is always invalid |
if ((intptr_t)result <= 0xffff) { |
// When the 8BF file is analyzed with VirusTotal.com, it will invoke each |
// exported function by calling |
// C:\Windows\System32\rundll32.exe rundll32.exe FilterFoundry.8bf,PluginMain |
// But RunDLL32 requires following signature: |
// void CALLBACK EntryPoint(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow); |
// Obviously, this will cause an Exception. (It crashes at *result=e because result is 0xA) |
// Here is the problem: The crash will be handled by WerFault.exe inside the |
// VirusTotal virtual machine. WerFault connects to various servers (9 DNS resolutions!) and does |
// a lot of weird things, but VirusTotal thinks that our plugin does all that stuff, |
// and so they mark our plugin as "malware"! |
// This is a problem with VirusTotal! It shall not assume that WerFault.exe actions are our actions! |
// Even processes like "MicrosoftEdgeUpdate.exe" and "SpeechRuntime.exe" are reported to be our |
// actions, although they have nothing to do with us! |
// See https://www.virustotal.com/gui/file/1f1012c567208186be455b81afc1ee407ae6476c197d633c70cc70929113223a/behavior |
// |
// TODO: Not 100% sure if the calling convention is correct... |
// are we corrupting the stack? At least WER isn't triggered... |
return; |
} |
#endif |
|
EnterCodeResource(); |
|
#ifdef SHOW_HOST_DEBUG |