SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Added] Lazarus - App-Request

    Added App Requests
    app-request
    2
    15
    3443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • OLLI_S
      OLLI_S Community Moderator last edited by OLLI_S

      Name of the app:

      • Lazarus

      File Path:

      • C:\lazarus\lazarus.exe

      Developer:

      • Lazarus and Free Pascal Team

      Website:

      • http://www.lazarus-ide.org/

      Download Site:

      • http://www.lazarus-ide.org/

      App-Icon: in ICO format

      0_1529746349935_Lazarus_Icon_256x256.ico

      Notes:
      The version number displayed in Help -> About is 1.8.4.
      This version is also shown in the application window (in the title bar) and also on the website.

      But the properties of the EXE I see:

      File version:      1.8.0.5
      Product version:   1.8.0.2
      Assembly version:  
      

      So I have no idea how to determine the version number correctly.

      1 Reply Last reply Reply Quote 0
      • OLLI_S
        OLLI_S Community Moderator last edited by

        Cool, the detected version is correct.

        1 Reply Last reply Reply Quote 0
        • T
          Tom VulnDetect Team Member last edited by

          Yes, and now I changed my mind about MyPhoneExplorer...

          /Tom
          Download the latest SecTeer VulnDetect agent here:
          https://vulndetect.com/dl/secteerSetup.exe

          1 Reply Last reply Reply Quote 0
          • OLLI_S
            OLLI_S Community Moderator last edited by

            Lazarus is detected and also the icon is shown.
            In VulnDetect I see the version 1.8.0.4, in Lazarus and on the website (and also in the in version.inc) I see 1.8.4.
            Will that be changed?

            1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member @OLLI_S last edited by

              @olli_s Currently no one seems to be running another version, so the current rule works. We have to wait for the next update or until a new user with an older version joins, and then we fix it on a per rule basis.

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              1 Reply Last reply Reply Quote 0
              • OLLI_S
                OLLI_S Community Moderator last edited by

                What will you do now?

                T 1 Reply Last reply Reply Quote 0
                • T
                  Tom VulnDetect Team Member @OLLI_S last edited by

                  @olli_s Thank you

                  /Tom
                  Download the latest SecTeer VulnDetect agent here:
                  https://vulndetect.com/dl/secteerSetup.exe

                  1 Reply Last reply Reply Quote 0
                  • OLLI_S
                    OLLI_S Community Moderator last edited by

                    OK, so I wrote in the Lazarus Forums:

                    It would be easier when the correct version is stored in the lazarus.exe because the update manager reads this information from EXE files and all other products work this way.

                    I received the following answer:

                    This should normally be done. But as it appears errors can happen. (It is not automated).
                    Anyway this can only be fixed for the next version.

                    So it is up to you if you want to read out local files for some special apps or if you just override the version number (like you have done it for many other apps).

                    Here the content of the file C:\lazarus\ide\version.inc:

                    '1.8.4'
                    
                    T 1 Reply Last reply Reply Quote 0
                    • T
                      Tom VulnDetect Team Member @OLLI_S last edited by

                      @olli_s Well, many things can be done. But such a thing would require a change to the binary agent, and changing the agent to support individual apps is not feasible.
                      And, we also have to be careful that we don't end up reading files that contain information that isn't relevant.
                      That said, we did identify a few apps where we (may) need either registry info or some info from a specific XML or INI type file. Whether we will do that or not, is not certain, as we have other ways, where we can identify specific versions of apps like Lazarus (and Nvidia and ...), it just requires a bit more feedback from you and other users. And I suppose, as we get more users, then that will be even more rapid and reliable.
                      But, Lazarus is added to the list of apps that is under consideration for such special treatment (as in reading more info from specific files). Can you email me the contents of those two files?

                      /Tom
                      Download the latest SecTeer VulnDetect agent here:
                      https://vulndetect.com/dl/secteerSetup.exe

                      1 Reply Last reply Reply Quote 0
                      • OLLI_S
                        OLLI_S Community Moderator last edited by

                        Today I updated my posting in the official Lazarus forum and received the following answer:

                        ($LazarusDir)\components\ide\version.inc
                        ($LazarusDir)\components\lazutils\lazversion.pas

                        Is this a practicable way?
                        I have to test tonight id the version is entered there correctly and in what format.
                        I will post my results here.

                        T 1 Reply Last reply Reply Quote 0
                        • T
                          Tom VulnDetect Team Member @OLLI_S last edited by Tom

                          @olli_s Well, yes, soon we will support checking the registry, but I believe we also have other methods, that should work. But let's see which approach is more practical on a per program basis.

                          /Tom
                          Download the latest SecTeer VulnDetect agent here:
                          https://vulndetect.com/dl/secteerSetup.exe

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tom VulnDetect Team Member last edited by Tom

                            Rule added
                            That shall be interesting rules to maintain. But I will double check, after your next inspection.

                            /Tom
                            Download the latest SecTeer VulnDetect agent here:
                            https://vulndetect.com/dl/secteerSetup.exe

                            1 Reply Last reply Reply Quote 0
                            • OLLI_S
                              OLLI_S Community Moderator last edited by OLLI_S

                              I use Lazarus to code the GetAppDetails so it would be cool when VulnDetect informs me about available updates of Lazarus.

                              1 Reply Last reply Reply Quote 0
                              • OLLI_S
                                OLLI_S Community Moderator last edited by OLLI_S

                                In the Windows 10 Settings the version number is shown correctly in the list of installed applications:

                                0_1529751336646_Lazarus_Version_Win10.png

                                Same for GeForce Experience so maybe considering the version information stored in the Windows 10 system settings would be helpful!

                                T 1 Reply Last reply Reply Quote 0
                                • OLLI_S
                                  OLLI_S Community Moderator last edited by

                                  I suggested in the Lazarus forums that they store the version number properly in the EXE:
                                  http://forum.lazarus-ide.org/index.php/topic,41650.msg289409.html#msg289409

                                  I keep you updated here.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                                  Please see our Privacy and Data Processing Policy
                                  Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                                  Forum software by NodeBB