Thanks for all the help.

With a lot of help, I have this that can do a simple checksum without having to use a CRC32.
I have attached imagehlp.lib which proved challenging to find.



szFileName    db  "C:\masm32\SOURCE\INTERRUPTS.asm",0
szAppName      db  "Box",0
headerSum      dd  0
checkSum      dd  0
szFileChanged  db  "The file has changed.",0
szFile_OK      db  "File has not been altered.",0

Orig_ChkSum    dd  576623h ; value of UNaltered file - Stores in REVERSE order !!

dwHeaderSum    dw  ?
hWnd          dd  ?
dwCheckSum    dd  ?



invoke MapFileAndCheckSumA, ADDR szFileName, ; Do a checksum of our file
                            ADDR headerSum,
                            ADDR checkSum

mov eax, checkSum    ; move value to EAX

.if eax == Orig_ChkSum ; Check if file has been altered
invoke  MessageBox, NULL, addr szFile_OK, addr szAppName,MB_OK

  invoke MessageBox,NULL,addr szFileChanged,addr szAppName,MB_OK

invoke ExitProcess,0

end start

Posted on 2009-10-27 14:46:08 by skywalker
PE's checksum is too weak for image integrity check. It's simply word sum of PE (well, not exactly, but you generally can increase byte at offset X and decrease at offset X+2*n or swap words at 2*n and 2*m without changing checksum).

What's so valuable that you're trying to protect? Anti-debug tricks, checksum... Against determined cracker resistance is futile.
Posted on 2009-10-27 16:07:44 by baldr