Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
fabian

Crispy Doom 5.10.3 (Update: Aug 17, 2021)

Recommended Posts

18 minutes ago, dftf said:

Just to point out, as might be some confusion here: Zodomaniac reports only 2-3 in a file called "so-midiproc.exe"

 

I'm not familiar with this file. I obtain Crispy DOOM for Windows via the "releases" section here on GitHub:

https://github.com/fabiangreffrath/crispy-doom/releases

 

(expand "Assets" at the bottom to find a download called "crispy-doom-5.7.2-win32.zip")

 

There is no file in there called "so-midiproc.exe" but is one called "crispy-midiproc.exe"

 

The links I posted earlier for the three EXE files and how many AVs on VirusTotal are of flagging issues is based on this source

 

Zodomaniac was talking about his source port called So-Doom 1.7.4, which his based on the CrispyDoom source code. I originally thought it inherited CrispyDoom 1.7.2's issues because of that, but after his research and me re-testing his source port, it works fine, he probably only got some false positives.

 

"so-midiproc.exe" is the So-Doom equivalent of "crispy-midioproc.exe". If you want to see to download the So-Doom source port to check, it's here:

https://github.com/Zodomaniac/So-Doom/releases/download/so-doom-5.7.4/so-doom-5.7.4-win32.zip

 

Share this post


Link to post

Malwarebytes detects midiproc and the setup exe as threats. I scanned the 5.7.1 binaries and it was the same. Same with 5.7. In 5.6.4 only midiproc was detected.

 

I am thinking it may not be a change in Crispy, maybe some recent trojan signature (shared between AVs) triggers the smart-ass heuristics detection.

Share this post


Link to post

All of them though?

 

That's the questionable part. And according to a previous post, someone actually got infected...

Share this post


Link to post

Hi all. I made a Doomworld forum account just to reply to this thread after searching to see if anyone else was having this problem.

 

I can confirm that Crispy Doom 5.7.2 not only triggered a warning but Windows Security removed the following infections: Wacatac and Occamy.

Edited by Binarynova : typos

Share this post


Link to post

These must be false positives. Specifically, I don't see anything suspicious under a debugger/disassembler in that tiny 16kb midiproc executable. Where the fuck is the "trojan"?

 

Some shared signature between AV software started getting triggered, there is no infection on your systems or on my system or anyone's system who has run Crispy these past few months. I tried the last few releases and it is the same false positives for all, more or less.

 

EDIT:

 

Testing with Malwarebytes, everything is fine up until and including 5.6.3.

Then in 5.6.4 is detects only crispy-midiproc.exe as Generic.Malware. And then in newer releases it detects one or two more of the other executables, too.

Edited by VGA

Share this post


Link to post

Windows defender only detects crispy-midiproc as a threat in 5.7.2, until you take actions it keeps "detecting" it when you scan other files. So most likely another false positive.

Share this post


Link to post
12 hours ago, Zodomaniac said:

MinGW stands for Minimalist GCC for Windows, so how can it run on a non-Windows system?

no problems. this is how i am building windows version of k8vavoom without having windows installed, for example.

Share this post


Link to post
6 hours ago, seed said:

All of them though?

yeah. those snake oil providers are known to share "threat databases".

Share this post


Link to post

That's what I suspect as well. That some anti-virus genious considered a windows executable compiled with an ancient MinGW version that listens on non-std file descriptors *must* be a thread - and all the others followed suit.

Share this post


Link to post

Uh... but why an ancient version though, lol.

 

And if it is a false-positive, we should be able to report it somehow.

Share this post


Link to post

Are you sure? I compile with TDM-GCC 5.1 (comes with CodeBlocks IDE) and i had to fix compilation, Crispy and Choco don't compile with such an old gcc version.

Share this post


Link to post

I am not sure what distro @fraggle has running on his build server, but even Debian oldstable has gcc-6.3.0, which was released December 21, 2016.

 

What did you have to fix, btw?

Share this post


Link to post

imho, I think there's some way to report if there are false positives, atleast back in the days you could do it to Kaspersky

Share this post


Link to post

There should be, but I'm unaware of them.

 

Something easier must be in place than sending reports to each AV developer separately...

Share this post


Link to post

I'm almost done, the status bar updates and changes to and from correctly, but filling the buffer with the flat doesn't work for some reason, can anybody help?

Share this post


Link to post

Windows defender flipped out for me too, even when I bypassed it to download the zip, trying to run the EXE once by itself was fine but upon trying to load or re-add it to ZDL defender flipped out again and deleted the crispy-doom.exe from my computer. So is there an infection or not? It'd be nice if the zip would be updated to fix this if it's a false positive. Otherwise guess I'm not using Crispy Doom in the meantime.

Share this post


Link to post

I downloaded the "dangerous" binaries from the autobuilds, which are on an unsecured page. Some shenanigans may have taken place here.

Sadly, your binaries probably aren't signed, since I can't seem to find your public GPG signature anywhere.

Maybe if you signed them and made your public key public, we could know if some ill intended intermission is the cause of this.

Edited by Spowmtom

Share this post


Link to post

They aren't, and no malicious intent is hiding behind this, but likely a technical error.

 

As for signing the files, that's easier said than done, since signing them is not free (or cheap, for that matter).

Share this post


Link to post

I still think it's a false positive but after updating the definitions it's even worse as now i get a positive with setup as well and defender reports a different trojan.

IMO @fabian should recompile a release himself manually until this is solved, or @Zodomaniac

Personally i use CodeBlocks and TDM-GCC instead of MSYS2 with RUDE.

Share this post


Link to post

I agree with that too, at least for the time being.

 

Curious what exactly triggers antiviruses though...

Share this post


Link to post
4 hours ago, seed said:

As for signing the files, that's easier said than done, since signing them is not free (or cheap, for that matter).

GPG is entirely free, you might be confusing it with PGP.

There are also checksums, like SHA1 MD5 or SHA256, and those hashes can even be signed.

Share this post


Link to post

One way to help with the false positive is to go to the virustotal reports for the files

 

crispy-setup https://www.virustotal.com/gui/file/0d04ea528114e9b0349b2acaff497c3fd95855562b401eecce4dba42c1f89bdc/detection

crispy-doom https://www.virustotal.com/gui/file/c6fdc7d5fdc4f20cdc0057815872cf5e045da2c7d7ab286567f382fe74726573/detection

 

sign up and vote them harmless by clicking the checkmark in the top left. I think the more responsible antivirus vendors do use VT voting to improve their engines. You might check other crispy files (I don't have midiproc) by uploading them.

 

Share this post


Link to post
20 hours ago, drfrag said:

I still think it's a false positive but after updating the definitions it's even worse as now i get a positive with setup as well and defender reports a different trojan.

IMO @fabian should recompile a release himself manually until this is solved, or @Zodomaniac

Personally i use CodeBlocks and TDM-GCC instead of MSYS2 with RUDE.

I compiled the fresh git version of Crispy with MSYS2 and it shows 9 detections.

So Doom 5.7.4 built with MSYS2 as well shows ony one, surprisingly.

crispy selfmade.png

Share this post


Link to post

As long as they are not flagged by defender it's fine i think. BTW now i can't post from Firefox aka Mozillo.

Share this post


Link to post
7 hours ago, drfrag said:

As long as they are not flagged by defender it's fine i think. BTW now i can't post from Firefox aka Mozillo.

Then I'm uploading my homebrew Crispy Doom 5.7.2 with some post-release improvements:

  • SPECHITS limit, the last persisting static limit, has been removed.
  • Fix for segmentation fault when running on rgb565 screen has been pulled from Chocolate Doom, contributed by Wells Lu.

 

crispy-doom-5.7.2-win32.zip

Edited by Zodomaniac : Updated download

Share this post


Link to post

You may also replace the official release Zip on the project page if you like. 

Share this post


Link to post
4 hours ago, fabian said:

You may also replace the official release Zip on the project page if you like. 

Done :)

 

Many more changes have been made recently to Crispy Heretic which I'm also posting here. The Heretic EXEs can be used with the same DLLs as Crispy Doom.

  • Crispy settings have been prevented from resetting in setup by Ryan Krafnick.
  • Secret message has been implemented by Jeff Green.
  • Always Run toggle key and Always Run + Run = Walk behavior has been introduced by Ryan Krafnick.
  • Mouse inventory buttons have been added by Ryan Krafnick to Chocolate Heretic and then merged from there.
  • The INTERCEPTS and SPECHITS limits have been removed entirely.
  • Vertical mouse movement (novert) toggle has been added by Ryan Krafnick.

crispy-heretic.zip

Edited by Zodomaniac : Minor correction

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×