Member Avatar for Rahul47

This simple program of pointer generating THREAT Warning and identified as MALWARE. I dont see HOW ?

#include<stdio.h>
#include<conio.h>
#include<iostream.h>

int main()
{
    int num;
    int *ptr;
    ptr=&num;
    cout<<ptr;
    cout<<ptr++;
    cout<<ptr;
    cout<<sizeof(num);
    getch();
}

3283bd99afe1c651a274377d4deb3f45

Thanx.

  • 4 Contributors
  • 5 Replies
  • 332 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by Rahul47
Member Avatar for David W

Well ... best to avoid C code style and also avoid pointers in C++ unless REALLY needed ... (C++ has pass by reference)

//#include<stdio.h>
// #include <cstdio> // but use <iostream>
// #include<conio.h> // don't use to have portable code
// #include<iostream.h> // use as belowe ...
#include <iostream>
#include <string> // added ... //

// need this also in C++
// and ok for students simple code to place here
using namespace std;


int main()
{
    int num; // all this next stuff is valid code //
    int *ptr;
    ptr = &num;
    cout << ptr;
    //cout << ptr++; // except this !!! //
    // cout<<ptr; // ..... NO memory here KNOWN //
    cout << sizeof(num);
    // getch(); // don't use for portable code ... use
    cout << "\nPress 'Enter' to continue/exit ... " << flush;
    string dummy;
    getline( cin, dummy );
}
Member Avatar for Rahul47

@David W: Thanx for your input, also appreciate quality of your code.
But I was trying to understand why it was considered as a threat by AV ? What makes it a threat ?

Edited by Rahul47 because: Addition
Member Avatar for TheApex

It's a false positive - both Dev-C++ and Dev-Pascal produce these kind of "viruses" when working with pointers.

Probably the executable generated by the compiler is using some "suspicious" method in order to access the memory (a part of the machine code produced by the compiler is probably looking like the one that viruses use). This method makes the file look like a virus when it's caught by the heuristic scan (from the AV).

So most likely it's because of the compiler.

Edited by TheApex
Member Avatar for rubberman

After ptr is incremented, it is pointing past the end of the stack frame, so if someone had placed some bad data on the stack in the right location, it could execute malicious code when you access it for the next output statment.

Member Avatar for Rahul47

After ptr is incremented, it is pointing past the end of the stack frame, so if someone had placed some bad data on the stack in the right location, it could execute malicious code when you access it for the next output statment.

Following code executes well

#include<stdio.h>
#include<conio.h>
#include<iostream.h>

int main()
{
    int num;
    int *ptr;
    ptr=&num;
    cout<<ptr;
    cout<<ptr++;
    cout<<ptr;
    //cout<<sizeof(num);
    getch();
}

It is only after considering this ---> cout<<sizeof(num); statement, the Threat warning is generated.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.