[_dave_]

[ QUOTE ]

The sad thing is that it's almost impossible to be 100% sure for any reasonable size application. In theory it's possible to pack something away deep inside a segment and then have some code that unpacks and/or drops it based on a semi-random condition being met.


[/ QUOTE ]

Thus the need for source + exact compiler version, flags etc - if one can read, understand the source thoroughly (probably can't, but after many reads I kinda get FPHG 0.x) - then one can compile in identical environment which should produce an executable with matching MD5, SHA or whatever sums... Note I probably don't know what I'm on about much here [img]/images/graemlins/smile.gif[/img]

Of course it may not be a worry at all - If this does no injecting / hooking and simply parses HHF files, it can be effectively quarantined as you say with ProcessGuard, snoopfree, and a app level firewall.

My concern (Not really a concern given this is MikeChops, posting under real account - multiply paranoia by * 1000 if new reged user on 1st posting [img]/images/graemlins/smile.gif[/img] ) Is similar to your not wanting to release FPHG source - if it injects to FTP for whatever reason, theres almost no way to tell what it be doing, without source comprehension.


Mike, I will try this, and it looks most impressive. Do not think I am doubting your generous contribution, I certainly am not.

I just wish it was open source [img]/images/graemlins/smile.gif[/img] How times have changed post RBCalc.exe [img]/images/graemlins/frown.gif[/img]

dave.