Clément

Just to end this thread, I finally got my digital certificate, and I'm signing my applications. I kept a false positive version of the product to test signing it. Well it did work. That version wasn't compiled with DEP or SEH, and signing solved the false positive too. Hopefully this thread will help others

Salut, I downloaded v8.67 from svn and it is complaining of a missing file ( under Delphi Alexandria ) [dcc32 Fatal Error] OverbyteIcsD110Run.dpk(169): F1026 File not found: '..\Source\OverbyteIcsLibeayEx.pas' Under Delphi Sydney it is compiling Ok. (That file is not in the project)

@Kas Ob. Great news!!! I try all your suggestions, either alone and combine in the 32 bit release only. Here are the results. 1) Including DEP directive. ( Did NOT trigger Windows defender ) I included {$DYNAMICBASE ON} in my DPR as follows: {$R *.res} {$R 'D:\Projetos2k10\Projects V\DHS\SQL explorer II\src\resource\cKwel_versioninfo.RES'} {$DYNAMICBASE ON} // Enable DEP, works also when using {$SetPEOptFlags $40} begin // try {$IFDEF DEBUG}ReportMemoryLeaksOnShutdown:= true;{$ENDIF} Application.Initialize; Application.MainFormOnTaskbar := True; Application.Title := 'cKwel - Query Tool'; Application.CreateForm(TdmSkinController, dmSkinController); Application.CreateForm(TdmImages, dmImages); Application.CreateForm(TdmLookAndFeel, dmLookAndFeel); Application.CreateForm(TdmEditRepository, dmEditRepository); Application.CreateForm(TfrmMain, frmMain); Application.Run; // except // end; end. 2) Changing /modifying icon TRIGGERS Windows defender 3) Encapsulate all the content of the main in dpr with try..except did NOT trigger Windows defender: {$R *.res} {$R 'D:\Projetos2k10\Projects V\DHS\SQL explorer II\src\resource\cKwel_versioninfo.RES'} {.DYNAMICBASE ON} begin // Enable SEH by setting all code between try..except. try {$IFDEF DEBUG}ReportMemoryLeaksOnShutdown:= true;{$ENDIF} Application.Initialize; Application.MainFormOnTaskbar := True; Application.Title := 'cKwel - Query Tool'; Application.CreateForm(TdmSkinController, dmSkinController); Application.CreateForm(TdmImages, dmImages); Application.CreateForm(TdmLookAndFeel, dmLookAndFeel); Application.CreateForm(TdmEditRepository, dmEditRepository); Application.CreateForm(TfrmMain, frmMain); Application.Run; except // No code is required here end; end. 4) Fill the EXE description, version name copyright TRIGGERS windows defender. I don't know if the combination should produce some valid results, but any combination that includes 1 or 3 works. For example 2 and 4 will TRIGGER windows defender while 1, 2 and 4 WON'T trigger it. Cool! Hope this thread will help others! This link is also usefull: https://security.stackexchange.com/questions/18556/how-do-aslr-and-dep-work It might be a good idea to set DEP and ASLR by default.

I uploaded several compilations to VirusTotal. All of them were clean, including the one that triggered windows defender. When copying the file to my friends computer, the moment I run the application windows popped up a notification windows stating it has detected a malware. The program didn't executed any file or port or protocol scanning. It's just a basic initialization of classes and starting threads. It closed "normally", without any runtime error. When restarting windows displays a "showmessage" like window stating the application wasn't safe and cannot run. Clicking OK close that windows a few seconds later the program disappeared. I copied the "32-bit release" version with all default settings to his computer. And all of the above happened. Then I compiled the 64-bit release it worked without triggering windows defender. That's what I meant when I said it ran as expected. Then I tried the "32-bit debug" version, the very same I used in my machine to debug the app. It also executed without triggering windows defender. It's only then that I experimented changing some release configuration option. After switching I/O checking to false, the 32 bit version ran without triggering windows defender. All the other Release options I toggled triggered windows defender. This application doesn't use Registry or directory scanning. It saves two configuration files: One with connection data for each and every database one can work with, and another with Data Definition Settings so files can be imported/exported according to some rules. For example, you can specify the output date format like YYYYMMDD or YYYY-MM-DD. To illustrate: At this point no actual connection is made to any server, at startup the configuration is read and loaded to the treeview. When the user expands a node, a connection is made to retrieve the database metadata: There's only one action done without user interaction which is checking for updates which is triggered 5 minutes after starting up. Windows Defender notification window is triggered way before that if compiled with IOChecking true in 32bit. I will comment out some initialization routines to see which one is triggering windows defender. I will try other tools to see if there's a silent access violation or any other error that I missed and maybe is triggering too... I can't sleep anyway

Just submitted to Microsoft

I purchased my certificate and I'm waiting for the validation process to end. Hopefully next week I'll be up and running. Now I'm worried. I was hopping to solve this false positive issue. I don't know if this helps, but I'm able to duplicate this virus detection in my machine too. Just by setting the "I/O Checking" to true or false makes Windows defender act. I set my project file as an exclusion folder to avoid having conflicts between the AV and the IDE. Once I copied my application to another folder and ran it, windows defender quarantined it. The detail here is "ran it". There's nothing detected in the application upon copying it. When it is executed the I/O checking code triggers something that Windows Defender don't like. Would it do any good to send this application to Microsoft "as is" before I make some changes and Defender stops detecting it? (Or send it to Emb? They might be able to check the code generated by I/O Checking in this case, and who knows make some changes in RTL or the Compiler? (One can dream, right?) ) This application, cKwel - Query tool, is a SQL helper meant for developers and will be freeware. I'm just waiting to sign it before uploading and make it publicly available. (Although it would be really nice to let people download a program that's not detected as a malware )

Thanks.. I will see what I can do. Hopefully signing will help.

Hello, I would like to use the same project (cKwel.dproj) and I would like the output executable to be cKwel32.exe when compiling for 32 bits amd cKwel.exe when compiling for 64 bits. Is there any settings in the IDE or in code I can set? I'm using 10.4.2 TIA, Clément

I thought I was missing some parameter in a newer IDE. Anyway, I created a "Deploy" configuration where I would the code. Thanks!

I'm also using a custom solution. I found .DProj format very messy. Once I have my project version set I can't loose it. It messes my updates to sites and customer updates. My solution generates a .RC and compiles it to .RES with data I store in a .INI file. The .RES is included in the .DPR manually only once. My builds have the same information and the built number is incremented always correctly. I run the "versioninfo interface" from the Tools menu. Very handy

Hi! I'm using Synedit to built a small SQL editor, but I need to change some default behavior. 1) I need to trigger Auto-completion when a '.' is typed, but I don't want to display the Completion Form base on a timer interval. Since the data is obtained asynchronously, I want to fill and display the completion form after receiving a specific custom message (WM_GETCOMPLETIONDATA). When handling the message, I will fill the list and display the form. Is there a way to call the completion form on demand? (the filling and displaying follows...) 2) I need to fill the autocompletion list based on the previous token value. The user can type a SQL select as select c.| from categories c (The '|' is the current cursor position). As the user types the '.', I would like to fill the completion list with all the columns from categories table. As '.' is typed, I can get the previous token ( which is "c" in this case), and do some parsing to discover "c" is in fact an alias for "Categories", send a custom message (WM_GETCOMPLETIONDATA) and when receiving the data, I can fill the completion form with all fields from categories table. It seems to me that SynEditProposal.OnExecute is the correct event to handle all the parsing. Is there a better one? TIA, Clément

Thank your for the code. It will help

In my case the schema can change (user can add columns, change columns types, new index etc). Once the data is changed, the corresponding schema info is marked as obsolete and the a new query is done to retrieve data.

This is exactly what I would like to do. Very nice! Are you parsing the whole SQL text with each keypress? In my project the database schema is "loaded on demand" in a background thread. Queries/Scripts/Batchmove runs in that background thread. And I store the metadata also in that thread. That's why I need to get call the completion form when receiving the message. Here's a screen shot.

Not a fancy solution, but have you considered using a List? You can load all your types ( or only the required ones) with a simple loop. lPrjList := TList<TProjectType>.Create; lPrjList.AddRange([ ptMain, ptExternal, ptDivision, ptBranch ]); You can set the "list" with the types you need and pass it as required. Anyway, you no longer would require to check your code for "case" or keep track of "projecttype" changes. Just let the "process" add the required project type in the list and a routine would deal with what's inside. If you need some extra boost, you could link each projectType to a specific method to get called ( or a Class, or an interface ) by using a dictionary (or another more suitable data structure). Anyway, my $0.02

What makes sense to me is to let hardware deal with hardware attack. Blocking hardware attack with software will almost always slow thing down a lot. But, once you get non-updatable hardware attacked the last solution would be to add new non-updatable hardware to avoid that attack. Now you have two problems. Windows 11 would be a lot of fun to hack. Can MS deliver Windows 11 all over the world before TPM v2.0 is completelly hacked? And then what? Tell everybody to get a new hardware with v2.1?. IMHO TPM should be optional, if you require more safety, you can buy a secure mobo with an updatable TPM support module. This update should be done offline with a special software.

Hi, I using D10.4.2 and ICS 8.65. I need to write a small UDP windows service. I'm using 2 x TWSocket . One is created at the very begining and set to listening. The other is created at runtime when required and the data is sent and destroyed. When I start the service: Netstat reports UDP 0.0.0.0 9000 listening. Wireshark reports data is sent and received. When data is received some processing is done and a file must be created. The device is returning data, as reported by wireshark too.. but DataAvailable event is not fired. If i build the very same project in a form it all just works. But it must run as a service. This is the Thread.Execute code: procedure TdhsDiscoverThread.Execute; var lMsg : TMsg; begin fdhsDiscover := TdhsDiscover.Create(nil); try fdhsDiscover.MultiThreaded := True; fdhsDiscover.SetConnectionSettings(fPort,fIdentification,fIsServer); fdhsDiscover.SetNotificationType(fNotificationType,fBaseMessage,fNotificationHandle); fdhsDiscover.ListenStart; while GetMessage(lMsg,0,0,0) do begin if lMsg.message = _UM_Discover+fBaseMessage then begin case lMsg.lParam of _UP_DISCOVER_PARAM_ServerSettings : fdhsDiscover.FindServer; end; end; end; fdhsDiscover.ListenStop; finally fdhsDiscover.Free; end; end; netstat is reporting: UDP 0.0.0.0:9000 *:* Any ideas?

Thanks Remy! That was it!

No coffee addict option? This survey made me feel alone.

IsInRangeEx is using Cardinals as parameters. The ideia is to use the unsigned type. In the example Cardinal( 5 - 10 ) = 4294967291 as expected. IsInRangeEx will not accept negative numbers... Using in extreme cases like: IsInRangeEx(cardinal(-2),Cardinal(-3),Cardinal(-1)) will also work. IsInRangeEx2 will work with negative numbers. I cannot see the overflows 😞

I love these topics. Under 64 bits: Math.InRange: 859 IsInRange: 858 If: 860 IsInRangeEx: 858 IsInRangeEx2: 858 Under 32bits: Math.InRange: 1288 IsInRange: 906 If: 906 IsInRangeEx: 858 IsInRangeEx2: 858 The code for IsInRangeEx and isInRangeEx2: function IsInRangeEx(const AValue, AMin, AMax: Cardinal): Boolean; inline; begin Result := (AValue - AMin) <= (aMax - aMin); end; function IsInRangeEx2(const AValue, AMin, AMax: Integer): Boolean; inline; begin Result := ((AValue-AMax)*(aValue-AMin) <= 0); end;

DxPivotGrid should give you the expected results. It's a matter of setting accordingly the rows , columns and values. The trick is to transform the "Operational data" to "Pivotable data". Having "true" in pivot table is not meaningfull.. but display 75% Oil Ok will indicate something is wrong and your user will figure out what's ( or where it's) wrong by drilling down.

I'm glad you're back! Still no vaccine for me. I'm too young . I hope by Aug or Sept I'll get my double dose.

Hi , I'm using 10.4.2 and it works as expected Althought it's not selecting the first option, apparently it selects the closest match, in this case, the cursor remains over "Load" til I type "e" then it moves to "loaded" Are you using some IDE plugin? (I'm using Delphi as it came in the world! ) Clément

deleted