Jump to content

250 types of profiles

MUTHUKUMAR1983

By MUTHUKUMAR1983
in AutoLISP, Visual LISP & DCL

 Share

Recommended Posts

ReMark Grand Master

ReMark

Posted
Posted (edited)

Very generous of you.

 

Looks interesting right up to the part where you advise apploading of a .vlx file.

 

Are you a participant in another forum by any chance? Maybe the AutoDesk Discussion Groups? AUGI? The Swamp?

 

Looks like he joined the AutoDesk Discussion Groups on the 15th of this month and has posted custom routines on the 22nd and the 23rd. Interesting.

 

You're not the 30 year old, male, programming developer from Chennai, India are you?

Edited by ReMark
Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

VLX is a compiled AutoCAD lisp file. It is compiled mainly to protect the source code from being altered I believe.

 

Use the APPLOAD command to load the program.

 

I'm pretty sure Lee Mac and a couple other lisp gurus have warned users not to be so quick to load a .fas or .vlx file unless you know who is behind it. Better safe than sorry. If I am wrong about this I will remove this statement.

Link to comment
Share on other sites
Tharwat Grand Master

Tharwat

Posted
Posted

 

I'm pretty sure Lee Mac and a couple other lisp gurus have warned users not to be so quick to load a .fas or .vlx file unless you know who is behind it. Better safe than sorry. If I am wrong about this I will remove this statement.

 

Up to my modest knowledge , I do agree with that and upon that , when a damages take a place - precautions would not useful and helpful at all . :)

Link to comment
Share on other sites
troggarf Community Regular

troggarf

Posted
Posted

here are the contents of the .vlx.

It simply loads a .DVB file. Does anyone know how to check out a .dvb file without actually running it?

This seems fishy. why put this program in this folder?

I aint running it (nor do I have a need for it) but I am not going to run a compiled code that runs another compiled code in a fishy folder location...

BORVLX.jpg

BOR DVB.jpg

Link to comment
Share on other sites
MUTHUKUMAR1983 Contributor

MUTHUKUMAR1983

Posted
  • Author
Posted

http://d01.megashares.com/index.php?d01=3Jm7FMM

 

bor.vlx file download link

 

dont rename thefolder & file please paste d: drive

 

hai Remark (You're not the 30 year old, male, programming developer from Chennai, India are you? )

 

i am male 30 yrs old , i am not a programmer , i know few commands in autolisp and vba and also i am an Tamilan from india

Link to comment
Share on other sites
ReMark Grand Master

ReMark

Posted
Posted

Muthukumar:

 

I think I'll pass on running your program until I have had a chance to learn more about it and see if there are any reported problems.

Link to comment
Share on other sites
Lee Mac Grand Master

Lee Mac

Posted
Posted
I'm pretty sure Lee Mac and a couple other lisp gurus have warned users not to be so quick to load a .fas or .vlx file unless you know who is behind it. Better safe than sorry.

 

I couldn't agree more -

Here are my thoughts on the topic taken from a post at the Swamp three years ago in response to a question from trogg:

 

what I would like to know is what to be looking for to avoid trouble.

Any tips that you know of that us beginners should be looking for would save a lot of time and frustration.

 

A very good point. I have actually posted about this very topic before in another forum that I frequent as many users do seem to download and immediately run a program - completely bypassing any inspection of the code they are running.

 

Of course, in some cases, this is unavoidable (for instance with compiled apps) and one can only go on the trust of the author - I try to avoid these cases as much as possible and will rarely run compiled programs - you don't know what might be lurking inside...).

 

I think many are disillusioned by the simplicity of LISP and don't realise how much power a developer actually has with even a relatively simple language; therefore most may run a program blindly.

 

Before running any program, I would always scan the source code to get the overall jist of what the program is trying to achieve and how it is going about it to save any surprises in the long run.

 

I'm sure others can add to it, but this would be a quick overview of things to look out for:

 

 

  • System Variable Changes: Look out for setvar or vla-setvariable - two functions which may be used to change AutoCAD System Variables. Where these are used, be sure the previous settings are stored (using getvar or vla-getvariable) before they are changed, and furthermore that these settings are reset, not only at the end of the code, but also in the error handler.

 

  • Registry Modification: Two things to look out for in this respect: firstly, setenv / getenv may write or read a registry entry to and from this location:
    (strcat "HKEY_CURRENT_USER\\" (vlax-product-key) "\\FixedProfile\\General")

    It might be worth checking that location to see what has been written in the past. But more dangerous are the Visual LISP registry functions: vl-registry-write, vl-registry-read, vl-registry-descendents, vl-registry-delete. These functions can write to many other locations in the registry, delete registry entries and hence do far more damage.

 

  • acaddoc.lsp Creation: AutoCAD will automatically load the first acaddoc.lsp file it finds in any AutoCAD Support Path or the Working Directory; malicious programs exploit this fact and may write a 'self-duplicating' acaddoc.lsp file (AutoCAD virus if you will), hence, should a user run the program, an acaddoc.lsp may be written containing expressions which will check for the existence of the acaddoc.lsp in another location and maybe write itself there too - and, of course, these files may contain many more surprises than just self duplicating behaviour - take any/all of the above for example.

 

  • Disguised Code: This should immediately ring alarm bells. After all, why would a developer need to go to the trouble of disguising parts of the source code other than to hide its malicious purpose from an unsuspecting user?
     
    The most common way I have seen code being disguised is using the ASCII codes of the characters which make up the code, then using an eval/read statement to evaluate the code. For example:
    (eval (read (vl-list->string '(40 97 108 101 114 116 32 34 83 117 114 112 114 105 115 101 33 34 41))))

    Or concatenating each character code using the chr function.

 

  • File Modification: Some malicious code may look to delete or modify files from a user's computer - look out for such VL functions as vl-file-delete or vl-file-copy, which, I'm sure you'll have guessed, delete & copy files respectively.
     
    Also, don't overlook how simple read-line / write-line / princ / print / prin1 are being used, as all can also be used to write to files on your computer. This might not always be dangerous, but be sure to know the purpose of the file being written and exactly where it is being written to.

 

  • File Download: There are several examples on this site [theswamp] demonstrating how to download files from the internet to a user's computer, some may try to use the vla-getremotefile, or, should this be unsuccessful, perhaps interface with the WinHttpRequest Object as deftly demonstrated here.

 

  • Compiled Programs: compiling is a reasonable action should a developer want to protect his/her code, however, if you wish to run compiled programs, be sure they originate from a trusted source. Without the ability to look over the source code, a compiled program could contain any or all of the above - potentially causing serious damage.

 

That's about all I can think of at the moment, but if others have more to add, please chime in.

 

Good luck!

 

Lee

For more information, this post may also be of interest: 'Dangers of the acaddoc.lsp'
Link to comment
Share on other sites
Dadgad Grand Master

Dadgad

Posted
Posted

That is a very informative post Lee, thanks for sharing it, as I had never seen it before, and

there is lots of very helpful information for the coding challenged.

 

:beer:

Link to comment
Share on other sites
Lee Mac Grand Master

Lee Mac

Posted
Posted
That is a very informative post Lee, thanks for sharing it, as I had never seen it before, and

there is lots of very helpful information for the coding challenged.

 

You're most welcome Dadgad - one can never be too careful :thumbsup:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...