Check if exe was modified

Joakim Christiansen · Wed Mar 21, 2007 10:26 pm

As I'm experimenting a little with anti cracking methods, I made this easy way of checking if a exe file was modified:

The code you should have in your app to check if it was modified:

Code: Select all

If ReadFile(0,ProgramFilename())
  *Buffer = AllocateMemory(Lof(0)-4)
  ReadData(0,*Buffer,MemorySize(*Buffer))
  If CRC32Fingerprint(*Buffer,MemorySize(*Buffer)) <> ReadLong(0)
    MessageRequester("Error","Exe has been tampered with...",#MB_ICONERROR)
    End
  EndIf
  FreeMemory(*Buffer)
  CloseFile(0)
EndIf

The code used to add the checksum at the end of the exe file:

Code: Select all

If OpenFile(0,OpenFileRequester("Add checksum to exe","","Executable|*.exe",0))
  *Buffer = AllocateMemory(Lof(0))
  ReadData(0,*Buffer,MemorySize(*Buffer))
  WriteLong(0,CRC32Fingerprint(*Buffer,MemorySize(*Buffer)))
  FreeMemory(*Buffer)
  CloseFile(0)
EndIf

Of course this is very little protection and anyone could very easily crack this, but it might be handy.

HarryO · Post by **HarryO** » Thu Mar 22, 2007 1:57 am

So if I understand this process correctly:

1. Create/compile program ('.exe') with your first procedure in it.
2. You would use the second procedure (in a separate program) to add the fingerprint at the end of the '.exe' created in step 1.
3. Then you could run your program (with the first procedure) to check the fingerprint of itself (the '.exe').

Is this correct?

That also means that everytime you change your program (compile) your have to rerun the second procedure/program to re-fingerprint your '.exe' file.

I think the process has merit.

Harry0

Joakim Christiansen · Post by **Joakim Christiansen** » Thu Mar 22, 2007 2:51 am

HarryO wrote:Is this correct?

That also means that everytime you change your program (compile) your have to rerun the second procedure/program to re-fingerprint your '.exe' file.

That is correct!

Derek · Post by **Derek** » Thu Mar 22, 2007 10:31 am

Joakim Christiansen wrote:The code used to add the checksum at the end of the exe file:

Code: Select all

If OpenFile(0,OpenFileRequester("Add checksum to exe","","Executable|*.exe",0))
  *Buffer = AllocateMemory(Lof(0))
  ReadData(0,*Buffer,MemorySize(*Buffer))
  WriteLong(0,CRC32Fingerprint(*Buffer,MemorySize(*Buffer)))
  FreeMemory(*Buffer)
  CloseFile(0)
EndIf

Correct me if I'm wrong but it looks like you are storing the CRC at the end of the file so shouldn't you allocate lof(0)+4 bytes to the buffer before reading in the data, also if this is the case then the readdata() command will also need a -4 at the end or need to be changed to lof().

Kaeru Gaman · Post by **Kaeru Gaman** » Thu Mar 22, 2007 2:06 pm

Derek wrote:Correct me if I'm wrong

with joy, dear friend.

the proc you quoted is for appending the checksum to a file without.
the other proc that checks the checksum uses the demanded

Code: Select all

*Buffer = AllocateMemory(Lof(0)-4)

Derek · Post by **Derek** » Thu Mar 22, 2007 2:18 pm

You're right.

Got my wires crossed, of course the file is being appened to.

Joakim Christiansen · Post by **Joakim Christiansen** » Thu Mar 22, 2007 7:03 pm

I wouldn't post code without testing it would I?

Derek · Post by **Derek** » Thu Mar 22, 2007 10:36 pm

@Joakim Christiansen, just me having a brain meltdown. Don't know why but for some reason I thought the whole program was being read into a buffer, checksummed and then the buffer being written out.

I have these days where my brain just mis-fires hence my putting "correct me if I'm wrong", I am quite often!!

kinglestat · Post by **kinglestat** » Mon Mar 26, 2007 5:58 pm

very nice Joakim
thanks

ricardo · Post by **ricardo** » Mon Mar 26, 2007 8:45 pm

If a crecker is smart enough to crack our software, i guess will be able to trick this kind of check.

Maybe need to be stored in some more complex way to avoid this possibilitie.

Matt · Post by **Matt** » Sun Apr 29, 2007 1:00 am

If someone really wanted to, they would be able to change the check sum at the end of the file, with no problem.

Joakim Christiansen · Post by **Joakim Christiansen** » Sun Apr 29, 2007 9:02 am

Matt wrote:If someone really wanted to, they would be able to change the check sum at the end of the file, with no problem.

But it's not too hard for the programmer to tweak/encrypt that checksum a little so the cracker doesn't know what to change it into.

thefool · Post by **thefool** » Sun Apr 29, 2007 12:06 pm

I wouldn't touch the checksum, rather go for the check itself.

Dare · Post by **Dare** » Sun Apr 29, 2007 12:22 pm

Good idea.

As thefool said, a cracker will take out the check (not the checksum) but it is another little thing that makes life a smidgen harder for the cracker.

Aside:
Trouble is that for a large number of the real crackers it is the challenge that counts. Harder it is, more obsfucation and proofing there is, the smarter the protection, then the more motivation there is to crack it.

Bit like crossword puzzles and chess problems. The solution is the reward.

PureBasic Forums - English

Check if exe was modified

Check if exe was modified

RE: Check if '.exe' was modified....

Re: RE: Check if '.exe' was modified....

Re: Check if exe was modified