Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
You are asking people on internet to run a unknown program which could
be a trojan?
On 7/28/2024 8:07 AM, Carlos E.R. wrote:
You are asking people on internet to run a unknown program which could be a trojan?
 That was my first thought. A file on Google Drive that someone
wants people to open and execute. Nothing about the post
makes sense...
   Well, except the possibility that someone might
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.
numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen. System.Collections.Immutable.dll
System.Collections.dll
System.Console.dll
System.Diagnostics.StackTrace.dll
System.IO.Compression.dll
System.IO.MemoryMappedFiles.dll
System.Private.CoreLib.dll
System.Reflection.Metadata.dll
numbers.deps.json
and this detection in it:
Virtualization/Sandbox Evasion::System Checks [T1497.001]
System Checks T1497.001
reference anti-VM strings targeting Xen
reference anti-VM strings targeting VirtualBox
reference anti-VM strings targeting VMWare
( https://github.com/mandiant/capa-rules/blob/master/anti-analysis/anti-vm/vm-detection/reference-anti-vm-strings-targeting-virtualbox.yml )
A table-of-numbers program would not need that kind of checking in it.
What could it be ?
A Surprise Cake ??? A 12MB POC Surprise Cake ?
Well, except the possibility that someone mightHow about the choo choo train that runs across the terminal screen.
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)
I've seen dumber Linux programs.
(The eyes that follow the mouse animation.
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
On Sun, 7/28/2024 8:34 AM, Newyana2 wrote:
I've seen dumber Linux programs.
(The eyes that follow the mouse animation.
That never happens :-)
[Picture]
https://i.postimg.cc/s2sSnJS9/xeyes-are-watching.gif
Give that a couple more years, and you won't be able
to do that any more. Enjoy it while you can.
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
On 7/28/2024 1:20 PM, Paul wrote:
On Sun, 7/28/2024 8:34 AM, Newyana2 wrote:
I've seen dumber Linux programs.
(The eyes that follow the mouse animation.
That never happens :-)
[Picture]
https://i.postimg.cc/s2sSnJS9/xeyes-are-watching.gif
Give that a couple more years, and you won't be able
to do that any more. Enjoy it while you can.
Yeah... well... It's not for me to judge how you get
your kicks. :)
On Sun, 7/28/2024 1:45 AM, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.
Strawman checks. Plausible premise.
It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.
numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen.
On 2024-07-28 15:01, Paul wrote:
On Sun, 7/28/2024 1:45 AM, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.
Strawman checks. Plausible premise.
It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.
numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen.
You can write Linux native programs that use the wine libraries. This allows you to program thinking of Windows, but actually writing Linux native code.
It is not the same as running a program.exe in wine. That's a windows native program running under an emulator in Linux.
On Mon, 7/29/2024 10:10 PM, Carlos E.R. wrote:
On 2024-07-28 15:01, Paul wrote:
On Sun, 7/28/2024 1:45 AM, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/view?usp=sharing>
All get is a bunch of numbers without anything else such as sum,
product etc etc.
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
printf("Sum 2+2=5\n");
printf("Product 3*3=42\n");
12MB more lines... Etc Etc.
Would be a decent sized table.
Strawman checks. Plausible premise.
It's a Linux program with strings like this. Almost
like I'm looking at a Windows App manifest for something
being injected.
numbers.runtime
config.json
numbers.dll <=== Yes, in a Linux program. Seems "plausible". Could happen.
You can write Linux native programs that use the wine libraries. This allows you to program thinking of Windows, but actually writing Linux native code.
It is not the same as running a program.exe in wine. That's a windows native program running under an emulator in Linux.
How would this look in the output of "ldd" ?
Are the WINE libraries statically linked, or dynamically linked ?
The dynamic libraries for the ELF (as listed by ldd) are
pretty spartan. Consistent with a simple program that prints
out numbers. But there is way way too much junk-in-the-trunk.
ldd ./numbers
libpthread.so.0 <==== I just copied the list from Virustotal for now libdl.so.2
libz.so.1
libm.so.6
librt.so.1
libgcc_s.so.1
libstdc++.so.6
libc.so.6
ld-linux-x86-64.so.2
Name: numbers
Size: 13,425,417 bytes (12 MiB)
SHA256: 1D8295C889E87AB90356239C06DE59F6A4B3F0961E386408866904A52E2662FA
https://www.virustotal.com/gui/file/1d8295c889e87ab90356239c06de59f6a4b3f0961e386408866904a52e2662fa/details
For some reason, these can be seen, even though the program is stripped.
<Main>$ <<Main>$>g__print_odd|0_0 <<Main>$>g__print_even|0_1
This is a double byte string, with every second byte removed.
#Hello Newsgroups!#The time now is: G#The numbers are: -The even Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short exercise . . . **/##### Bye for now #####
Do you know whether WINE can run Metro.Apps ? Or Universal Windows Programs ? Even Windows can't always run the latter ones :-)
#Hello Newsgroups!#The time now is: G#The numbers are: -The even Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short exercise . . . **/##### Bye for now #####
Do you know whether WINE can run Metro.Apps ? Or Universal Windows Programs ? Even Windows can't always run the latter ones :-)
I have an editor with a system richedit window and the richedit
just doesn't show up. On Windows there's also notable difference
between versions of richedit, with various little things. So you can
imagine how WINE would do it. They'd give you a Linux equivalent
and map some or most of the richedit messages to the Linux window,
with a shoehorn if necessary.
Although I have one Linux box I tend to live in Windows, specifically in Visual Studio and C#. I have my own RTF editor and asked in a Windows
forum if anybody could tell me what key functions were standard in a RichTextBox and the only answer I got was "it differs between versions".
Did you ever find any definitive documentation for the differences
between versions?
That's a tough one. And the versions are all over the place.
At one time there were 3 completely different richedits, all with
the same version, that could be distinguished only by file size!
Many thanks, that's more than I've ever found anywhere else :-)
NET is only a wrapper round the API and some of the controls are garbage
- the ListView being worst because it paints itself every time anybody
looks at it so flickers like mad.
On 7/30/2024 2:41 PM, Jeff Gaines wrote:
Many thanks, that's more than I've ever found anywhere else :-)
NET is only a wrapper round the API and some of the controls are garbage
- the ListView being worst because it paints itself every time anybody >>looks at it so flickers like mad.
I'm glad if it helps. A few more tidbits that might save you some hair and >time:
Somewhat confusing, probably, but it should make sense if
you read it through.
On 7/28/2024 8:41 AM, Big Al wrote:
    Well, except the possibility that someone mightHow about the choo choo train that runs across the terminal screen.
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)
Made out of punctuation marks, I suppose? How did I miss
something like that? Sometimes I feel my life has been wasted
on boring trivia when I could have been really living.
On 7/28/2024 8:41 AM, Big Al wrote:
Well, except the possibility that someone mightHow about the choo choo train that runs across the terminal screen.
write a Linux program where you enter a number and it shows you
a bunch of other numbers. I've seen dumber Linux programs.
(The eyes that follow the mouse animation. The program for
drawing curves for no reason. Console windows... :)
Made out of punctuation marks, I suppose? How did I miss
something like that? Sometimes I feel my life has been wasted
on boring trivia when I could have been really living.
On Mon, 29 Jul 2024 01:20:44 +0100, MR <MR@invalid.invalid> wrote in <v86npc$5hb7$1@dont-email.me>:
I didn't find any tables on my machine!view?usp=sharing>
<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>
I just ran the program without entering any parameters. Are there any
parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a
malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.
If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.
On 28/07/2024 06:45, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
I hope you're kidding. If not:
Tiger-team your installation, then read the newsgroup
thread about how this is someone trying to get you
to run malicious software.
Never, ever run software from untrusted sources, unless
you know precisely what you're doing: sandbox it and
isolate it for starters. Better yet: don't run it,
but use a disassembler (objdump will do it) to see what
it's trying to do.
Heck, I don't even know if drive.google.com gives file owners
statistics on who is downloading their files...so I won't even
download it.
Be more paranoid!
I didn't find any tables on my machine!
<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>
I just ran the program without entering any parameters. Are there any parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.
If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.
On 28/07/2024 06:45, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/ view?usp=sharing>
I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
On Mon, 29 Jul 2024 01:20:44 +0100, MR <MR@invalid.invalid> wrote in <v86npc$5hb7$1@dont-email.me>:Linux is the most secure Operating system around. Top 500 Super
I didn't find any tables on my machine!view?usp=sharing>
<https://i.postimg.cc/QMQyrWkb/2024-07-29-01-01-09.png>
I just ran the program without entering any parameters. Are there any
parameters required? There is no help file in the zip and the zip file
was not encrypted. Google must have inspected the file to see if it is a
malware. It downloaded for me and Windows didn't complain either about
it before I uploaded the file on to my virtual box.
If you tell me what are you trying to do then I can write a program for
you in C, C++, Python (by Anaconda) or C#. You need to post your
question on some programming newsgroups. I find "free.c" or
"alt.comp.lang.c" good places to post questions but they are very quiet.
You don't get insults for asking simple questions.
On 28/07/2024 06:45, Murray wrote:
Does anybody know what could be wrong with this Linux Program?
<https://drive.google.com/file/d/1ynbGxad-7In-OpYEg09dnwZMdlMvcH2b/
I hope you're kidding. If not:I have unzipped the program and in terminal I type:
./numbers
The author says it should provide a table of sums.
Tiger-team your installation, then read the newsgroup
thread about how this is someone trying to get you
to run malicious software.
Never, ever run software from untrusted sources, unless
you know precisely what you're doing: sandbox it and
isolate it for starters. Better yet: don't run it,
but use a disassembler (objdump will do it) to see what
it's trying to do.
Heck, I don't even know if drive.google.com gives file owners
statistics on who is downloading their files...so I won't even
download it.
Be more paranoid!
On 7/30/2024 12:21 AM, Paul wrote:
#Hello Newsgroups!#The time now is: G#The numbers are: -The even
Numbers are: +The Odd Numbers are: a** Hope you enjoyed this short
exercise . . . **/##### Bye for now #####
This is a shame. I could have used some extra numbers.
Do you know whether WINE can run Metro.Apps ? Or Universal Windows  I worked with the WINE people very briefly, looking into adapting Windows VB6 software to WINE. The redirect Windows calls (Shim?
Programs ?
Even Windows can't always run the latter ones :-)
 Some kind of shepherding? I don't understand that part.) Over the
years the WINOs have adapted specific Win32 API calls to coorelate
WINE libraries. Unfortunately, it's not a 1-to-1 correlation. One user32 function might be in one library while the next one is in another
library. And of course, no docs to speak of. Real coders don't speak
English.
 I didn't last long with the WINE people because they had no interest
in sharing information about how I could code to accommodate WINE.
They only wanted me to test my software and report bugs. Then I was
to be in charge of that bug until it was resolved by WINO lackeys -- temporary college student coders. (I had no idea that geeks were so
often paramilitary in their social structures.)
 An example: I had used a quick hack in the ChooseColor function.
I'd never had any use for the color pallette that could be saved at
the bottom left of the colorpicker window. The lpCustomColors member
of the CHOOSECOLOR structure is supposed to take an array of long
integers to represent 24-bit colors for the grid. For whatever reason,
VBers were using an array of string pointers, which worked fine on
Windows if the custom colors were never used. In WINE those
details got lost in translation and the string array cause a crash.
The WINOs were adamant that I shouldn't code such things better.
They didn't want me to strain my little brain. They actually didn't want
me to unsderstand.They just wanted me to keep track of bugs until
a coder fixed them on the Linux side.
 I don't claim to be able to program anywhetre near the level of
low-level detail that those people can, but they could have cooperated.
 WINE is mostly geared toward running Photoshop and video games.
The WINOs wanted Microsoft games. Which is an important point. It
was never about bringing Windows software to Linux. The primary
motivation was to bring video games and maybe MSOffice to Linux geeks.
  They'll take up the
challenge of whatever interests them. Then they have a chart showing
not how well the WinAPI is supported but rather the quality of support
for specific software. Put Cortana in a tight, transistor-festooned
bodysuit and hose her down, then put her in a Metro app,
and you can bet you'll get more WINE Metro support. Or at least
more WINE Cortana-all-wet-in-a-bodysuit support.
 When I tried WINE maybe 15 years ago it was very spotty. For
example, Irfan View worked OK but had gaps in the GUI. Just
missing window areas. Odd glitches. Years later it seemed more polished, though I tried my own software and WINE couldn't see subclassed windows
at all. I have an editor with a system richedit window and the richedit
just doesn't show up. On Windows there's also notable difference
between versions of richedit, with various little things. So you can
imagine how WINE would do it. They'd give you a Linux equivalent
and map some or most of the richedit messages to the Linux window,
with a shoehorn if necessary.
 So the Windows version needs to be thoroughly orthodox, the
specific APIs used must be supported, and a Linux equivalent must
be adequate as a substitute for the Windows function. Thus, WINE might support all sorts of things, such as .Net and Metro, but will likely
never support any of them fully.
 I imagine you probably know all this, but it's an interesting topic
and probably most people haven't looked into how WINE works.
I ended up deciding that any idea of moving to Linux without leaving
behind favorite software was not realistic and never would be realistic. (Lately I've had enough trouble just adapting richedit50 to what I
expect from richedit20. So how could I expect WINE to match the
expected behavior in the Linux equivalent?)
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 361 |
Nodes: | 16 (2 / 14) |
Uptime: | 123:32:58 |
Calls: | 7,716 |
Files: | 12,861 |
Messages: | 5,727,956 |