Self Virus Check / Exec Alteration

[Joris]

That's what ProgramFilename() is for. You don't need to know where the user puts your exe. It gets the exe's path and filename at runtime.

Well, if I put that text file in the Linker and try to create executable, I get the message :
POLINK Fatal Error : File not found 'szFullPath.s=ProgramFilename()'.
So, what am I doing wrong then ?

Thanks.

[kvitaliy]

Well, if I put that text file in the Linker and try to create executable, I get the message :
POLINK Fatal Error : File not found 'szFullPath.s=ProgramFilename()'.
So, what am I doing wrong then ?

Thanks.

The text file must contain 1 line:
/RELEASE

And you must embed this code into your program on PureBasic:

Code: Select all

szFullPath.s=ProgramFilename()
dwFileChecksum.l = 0: dwRealChecksum.l = 0
sz.s = "Hello" ; replace at least 1 character in EXE
MapFileAndCheckSum_(@szFullPath, @dwFileChecksum, @dwRealChecksum)
If dwFileChecksum<>dwRealChecksum
 
 MessageRequester(sz, "the checksum is Not correct = " + Str(dwFileChecksum) +" R="+  dwRealChecksum)
Else
   MessageRequester(sz,  "the checksum is correct= " + Str(dwFileChecksum) +" R="+  dwRealChecksum) 
EndIf

[J. Baker]

As Paul pointed out in another post (different topic), a "=" or "<>" can easily be changed in a hex editor, etc. This should help a bit but nothing is 100%. Replace "@b" with "@c" for a different result.

Code: Select all

szFullPath.s = ProgramFilename()

dwFileChecksum.l = 0
dwRealChecksum.l = 0

sz.s = "Hello" ; replace at least 1 character in EXE

MapFileAndCheckSum_(@szFullPath, @dwFileChecksum, @dwRealChecksum)

a.s = Str(dwFileChecksum)
b.s = Str(dwRealChecksum)
c.s = "hello"

If CompareMemoryString(@a,@b) ; dwFileChecksum <> dwRealChecksum
  MessageRequester(sz, "the checksum is Not correct = " + Str(dwFileChecksum) + " R=" + dwRealChecksum)
Else
  MessageRequester(sz,  "the checksum is correct= " + Str(dwFileChecksum) + " R=" + dwRealChecksum) 
EndIf

[kvitaliy]

As Paul pointed out in another post (different topic), a "=" or "<>" can easily be changed in a hex editor, etc.

The virus will not use hex editor, and will not change "=" to "<>"
A hacker will crack any code if needed.

[J. Baker]

LOL! Nope. If a virus uses a hex editor, I think that would be called an A.I. Just thought I would post it anyway.

[Saki]

Saki, fill free to post.

The QAES File Crypter addon for the Universal Crypter has a 256 bit AES and SHA3 based protection function.
You find at the bottom of the code.

This is primarily needed to check encrypted files for changes or damages.
Or to protect documents, files or images without encrypted content.
It is equally effective on encrypted and unencrypted files and cannot be manipulated.
It is very fast and can be added, checked or removed in a fraction of a second for common files.

Code: Select all

For very fast batch processing :
Debug "###### File protection without encrypt a file ###"
      SaveImage(CreateImage(#PB_Any, 10, 10), path_0$, #PB_ImagePlugin_JPEG)
Debug QAES_smart_file_coder(1, window_ID, progressbar_ID, path_0$, key$, "", 10) ; Protect a file
Debug QAES_smart_file_coder(3, window_ID, progressbar_ID, path_0$, key$, "", 10) ; Check the file protection - Also for encrypted files
Debug QAES_smart_file_coder(2, window_ID, progressbar_ID, path_0$, key$, "", 10) ; Remove the file protection

#### File protection without encrypt a file ###
ALLok ##16QF - File protected  ! - File hash ==>851039acf9350805f70315b74df68e20e155bc9de0259baff9e5719e1906b665
ALLok ##11QF - File integrity succesfully checked ! - Used counter =>10 - File hash ==>851039acf9350805f70315b74df68e20e155bc9de0259baff9e5719e1906b665
ALLok ##15QF - File unprotected  ! - Used counter =>10 - File hash ==>851039acf9350805f70315b74df68e20e155bc9de0259baff9e5719e1906b665

viewtopic.php?f=12&t=75943

It has included a complete tool for simplest using :