[Added] Lazarus - App-Request
Name of the app:
- Lazarus and Free Pascal Team
App-Icon: in ICO format
The version number displayed in Help -> About is 1.8.4.
This version is also shown in the application window (in the title bar) and also on the website.
But the properties of the EXE I see:
File version: 220.127.116.11 Product version: 18.104.22.168 Assembly version:
So I have no idea how to determine the version number correctly.
Cool, the detected version is correct.
Yes, and now I changed my mind about MyPhoneExplorer...
Lazarus is detected and also the icon is shown.
In VulnDetect I see the version 22.214.171.124, in Lazarus and on the website (and also in the in version.inc) I see 1.8.4.
Will that be changed?
@olli_s Currently no one seems to be running another version, so the current rule works. We have to wait for the next update or until a new user with an older version joins, and then we fix it on a per rule basis.
What will you do now?
@olli_s Thank you
OK, so I wrote in the Lazarus Forums:
It would be easier when the correct version is stored in the lazarus.exe because the update manager reads this information from EXE files and all other products work this way.
I received the following answer:
This should normally be done. But as it appears errors can happen. (It is not automated).
Anyway this can only be fixed for the next version.
So it is up to you if you want to read out local files for some special apps or if you just override the version number (like you have done it for many other apps).
Here the content of the file C:\lazarus\ide\version.inc:
@olli_s Well, many things can be done. But such a thing would require a change to the binary agent, and changing the agent to support individual apps is not feasible.
And, we also have to be careful that we don't end up reading files that contain information that isn't relevant.
That said, we did identify a few apps where we (may) need either registry info or some info from a specific XML or INI type file. Whether we will do that or not, is not certain, as we have other ways, where we can identify specific versions of apps like Lazarus (and Nvidia and ...), it just requires a bit more feedback from you and other users. And I suppose, as we get more users, then that will be even more rapid and reliable.
But, Lazarus is added to the list of apps that is under consideration for such special treatment (as in reading more info from specific files). Can you email me the contents of those two files?
Today I updated my posting in the official Lazarus forum and received the following answer:
Is this a practicable way?
I have to test tonight id the version is entered there correctly and in what format.
I will post my results here.
@olli_s Well, yes, soon we will support checking the registry, but I believe we also have other methods, that should work. But let's see which approach is more practical on a per program basis.
That shall be interesting rules to maintain. But I will double check, after your next inspection.
I use Lazarus to code the GetAppDetails so it would be cool when VulnDetect informs me about available updates of Lazarus.
In the Windows 10 Settings the version number is shown correctly in the list of installed applications:
Same for GeForce Experience so maybe considering the version information stored in the Windows 10 system settings would be helpful!
I suggested in the Lazarus forums that they store the version number properly in the EXE:
I keep you updated here.