Thursday, January 1, 2015

About the recent claims of viruses in devcppPortable.exe

Recently, a lot of reports of antivirus programs marking the file devcppPortable.exe as a virus/trojan/unwanted program have surfaced. I can assure you that the files you download from SourceForge do NOT contain any of that.

To prove my statement, let us check the source code of devcppPortable.exe. It can be found in the Source\Tools\DevCppPortable folder in the source zip files provided here or in the Git repo here.

Let's walk through the code step by step:
#include <windows.h>
#include <Shlwapi.h>
#include <string>
using std::wstring;
The included files are unchanged versions of the ones found in TDM-GCC 4.8.1.
int main() {
int ArgumentCount = 0;
wchar_t** ArgumentInput = CommandLineToArgvW(GetCommandLineW(),&ArgumentCount);
wstring ArgumentsToDev = L"-c .\\config ";
for(int i = 1;i < ArgumentCount;i++) {
  ArgumentsToDev += '\"';
  ArgumentsToDev += ArgumentInput[i];
  ArgumentsToDev += '\"';
  if(i != ArgumentCount - 1) {
    ArgumentsToDev += ' ';
Over here, devcppPortable builds a string ArgumentsToDev which consists of the -c command that tells devcpp.exe to store its configuration files elsewhere AND the commands that have been passed to devcppPortable. Think of files that are dragged onto devcppPortable.exe in explorer or Auto-Open binds that use devcppPortable. All it does is forward these commands to devcpp.exe
wchar_t CurrentDirectory[32768];
Over here, the directory where devcppPortable is located is stored in array CurrentDirectory.
int Result = (INT_PTR)ShellExecuteW(
  NULL, // no parent window
  L"open", // open the file
  L"devcpp.exe", // the file to open
  ArgumentsToDev.c_str(), // extra parameters to pass
  CurrentDirectory, // use the current directory
  SW_SHOWNORMAL // activate and display window
if(Result <= 32) {
  switch(Result) {
      MessageBoxW(NULL,L"devcpp.exe",L"File not found",MB_OK);
    default: {
      MessageBoxW(NULL,L"An unspecified error has occured!",L"Error",MB_OK);
return 0;
Lastly, devcpp.exe is launched using the provided arguments and using the current directory using the not-so special ShellExecute function.

In other words, this file is harmless. My educated guess as to why this file is marked as an unwanted file is that real unwanted files (especially trojans) exhibit the same behaviour. They also function as hosts that execute external code. Since devcppPortable exhibits the same behaviour, the scanner will think "Hey, this program shows behaviour similar to the other million trojan files in our database. Let's tell the user it is one too to be sure".

What can you do as a user? Please report devcppPortable.exe as a false positive.


  1. This comment has been removed by a blog administrator.

  2. Probably some lazy Antivirus definition database that doesn't know how to classify the behaviour and so takes the safest option, it's dangerous. A lot of false positives start out this way.

  3. Would be nice if you could tag all release posts as "download" or something or a dedicated Download page for the latest (stable) version with a link to the SourceForge page for previous versions. Thanks.

    1. Live adult cams | सेक्स के दौरान आवाज क्यों करती हैं महिलाएं
      Live adult cams | उईईईईइ माँ बाहर निकालो में मर जाऊंगी,कंडोम गर्भ
      free adult video chat | एच आर मैडम की चुदाई ऑफिस के वाशरूम में चुत से खून निकला
      free sex webcams | दीपिका पादुकोण चुत से खून निकला
      free sex webcams | चुत से खून निकला
      Free Chat with Couples | ऐस्वर्या की चुदाई की फोटो
      Girl Alone live sex chat | साली की चुदाई दोपहर मैं २ बजे
      live crazy adult webcam model | live crazy adult webcam model | उईईईईइ माँ बाहर निकालो में मर जाऊंगी,कंडोम गर्भ
      live crazy adult webcam model | ईइ माँ बाहर निकालो में मर जाऊंगी,कंडोम गर्भ
      Sexy transgenderfree chat with men|गांड मे लंड डालने की कहानी
      free chat with men | उईईईईइ माँ बाहर निकालो में मर जाऊंगी,कंडोम गर्भ
      live gay cams |
      Girls Teen Webcam |
      Webcam Porn video | सेक्स के दौरान आवाज क्यों करती हैं महिलाएं

  4. Yes i really agree with you. How we save our C++ data

  5. Looks like you are out-of-touch with Sourceforge. This is not your fault. Sourceforge's new policy has been bundling malware automatically with *every* .exe hosted on its website. A recent case was with that of Filezilla. See:

  6. Looks like you are out-of-touch with Sourceforge. This is not your fault. Sourceforge's new policy has been bundling malware automatically with *every* .exe hosted on its website. A recent case was with that of Filezilla

    sua nha dep | tam chong am khoi | da hoa cuong | unionshirts | gearlaunch | teespring | teechip | sunfrogshirts | snorgtees | bonfire funds | promopays | elephant shirt | diversethreads | viralstyle | teezily


  7. The share your really gives us excitement. Thanks for your sharing. If you feel tired at work or study try to participate in our games to bring the most exciting feeling. Thank you!
    hotmail sign in | red ball |

  8. • I love your blog! I hope to see more posts from you in the future. Really great!!!
    * Street view

  9. The blog or and best that is extremely useful to keep I can share the ideas of the future as this is really what I was looking for, I am very comfortable and pleased to come here. Thank you very much.
    animal jam | five nights at freddy's | hotmail login

  10. i really likes your blog and You have shared the whole concept really well. and Very beautifully soulful read! thanks for sharing.
    GCLUB มือถือ

  11. Amazing! Thank you for putting this together!


  12. JBN Creators is dedicated to provide all-in-one eCommerce websites for your store. Here we are ready to provide you optimum support in terms of improving your business and expanding the horizon. We invite you to make use of our optimum resources so as to meet the business goal at the earliest.
    Website Designing

  13. Post really provice useful information! Thanks for sharing, nice post!

    Chúng tôi có các blog rất hữu ích gồm:, giúp giải đáp thắc mắc nằm mơ thấy rắn, dubai thuộc nước nàobias là gì rất hữu ích.