Page 1 of 1
Check if exe was modified
Posted: Wed Mar 21, 2007 10:26 pm
by Joakim Christiansen
As I'm experimenting a little with anti cracking methods, I made this easy way of checking if a exe file was modified:
The code you should have in your app to check if it was modified:
Code: Select all
If ReadFile(0,ProgramFilename())
*Buffer = AllocateMemory(Lof(0)-4)
ReadData(0,*Buffer,MemorySize(*Buffer))
If CRC32Fingerprint(*Buffer,MemorySize(*Buffer)) <> ReadLong(0)
MessageRequester("Error","Exe has been tampered with...",#MB_ICONERROR)
End
EndIf
FreeMemory(*Buffer)
CloseFile(0)
EndIf
The code used to add the checksum at the end of the exe file:
Code: Select all
If OpenFile(0,OpenFileRequester("Add checksum to exe","","Executable|*.exe",0))
*Buffer = AllocateMemory(Lof(0))
ReadData(0,*Buffer,MemorySize(*Buffer))
WriteLong(0,CRC32Fingerprint(*Buffer,MemorySize(*Buffer)))
FreeMemory(*Buffer)
CloseFile(0)
EndIf
Of course this is very little protection and anyone could very easily crack this, but it might be handy.
RE: Check if '.exe' was modified....
Posted: Thu Mar 22, 2007 1:57 am
by HarryO
So if I understand this process correctly:
1. Create/compile program ('.exe') with your first procedure in it.
2. You would use the second procedure (in a separate program) to add the fingerprint at the end of the '.exe' created in step 1.
3. Then you could run your program (with the first procedure) to check the fingerprint of itself (the '.exe').
Is this correct?
That also means that everytime you change your program (compile) your have to rerun the second procedure/program to re-fingerprint your '.exe' file.
I think the process has merit.
Harry0
Re: RE: Check if '.exe' was modified....
Posted: Thu Mar 22, 2007 2:51 am
by Joakim Christiansen
HarryO wrote:Is this correct?
That also means that everytime you change your program (compile) your have to rerun the second procedure/program to re-fingerprint your '.exe' file.
That is correct!
Re: Check if exe was modified
Posted: Thu Mar 22, 2007 10:31 am
by Derek
Joakim Christiansen wrote:The code used to add the checksum at the end of the exe file:
Code: Select all
If OpenFile(0,OpenFileRequester("Add checksum to exe","","Executable|*.exe",0))
*Buffer = AllocateMemory(Lof(0))
ReadData(0,*Buffer,MemorySize(*Buffer))
WriteLong(0,CRC32Fingerprint(*Buffer,MemorySize(*Buffer)))
FreeMemory(*Buffer)
CloseFile(0)
EndIf
Correct me if I'm wrong but it looks like you are storing the CRC at the end of the file so shouldn't you allocate lof(0)+4 bytes to the buffer before reading in the data, also if this is the case then the readdata() command will also need a -4 at the end or need to be changed to lof().
Posted: Thu Mar 22, 2007 2:06 pm
by Kaeru Gaman
Derek wrote:Correct me if I'm wrong
with joy, dear friend.
the proc you quoted is for appending the checksum to a file without.
the other proc that checks the checksum uses the demanded
Code: Select all
*Buffer = AllocateMemory(Lof(0)-4)
Posted: Thu Mar 22, 2007 2:18 pm
by Derek
You're right.
Got my wires crossed, of course the file is being appened to.
Posted: Thu Mar 22, 2007 7:03 pm
by Joakim Christiansen
I wouldn't post code without testing it would I?
Posted: Thu Mar 22, 2007 10:36 pm
by Derek
@Joakim Christiansen, just me having a brain meltdown. Don't know why but for some reason I thought the whole program was being read into a buffer, checksummed and then the buffer being written out.
I have these days where my brain just mis-fires hence my putting "correct me if I'm wrong", I am quite often!!
Posted: Mon Mar 26, 2007 5:58 pm
by kinglestat
very nice Joakim
thanks
Posted: Mon Mar 26, 2007 8:45 pm
by ricardo
If a crecker is smart enough to crack our software, i guess will be able to trick this kind of check.
Maybe need to be stored in some more complex way to avoid this possibilitie.
Posted: Sun Apr 29, 2007 1:00 am
by Matt
If someone really wanted to, they would be able to change the check sum at the end of the file, with no problem.
Posted: Sun Apr 29, 2007 9:02 am
by Joakim Christiansen
Matt wrote:If someone really wanted to, they would be able to change the check sum at the end of the file, with no problem.
But it's not too hard for the programmer to tweak/encrypt that checksum a little so the cracker doesn't know what to change it into.
Posted: Sun Apr 29, 2007 12:06 pm
by thefool
I wouldn't touch the checksum, rather go for the check itself.
Posted: Sun Apr 29, 2007 12:22 pm
by Dare
Good idea.
As thefool said, a cracker will take out the check (not the checksum) but it is another little thing that makes life a smidgen harder for the cracker.
Aside:
Trouble is that for a large number of the real crackers it is the challenge that counts. Harder it is, more obsfucation and proofing there is, the smarter the protection, then the more motivation there is to crack it.
Bit like crossword puzzles and chess problems. The solution is the reward.