Thanks for all the help.
With a lot of help, I have this that can do a simple checksum without having to use a CRC32.
I have attached imagehlp.lib which proved challenging to find.
Andy
With a lot of help, I have this that can do a simple checksum without having to use a CRC32.
I have attached imagehlp.lib which proved challenging to find.
Andy
.DATA
szFileName db "C:\masm32\SOURCE\INTERRUPTS.asm",0
szAppName db "Box",0
headerSum dd 0
checkSum dd 0
szFileChanged db "The file has changed.",0
szFile_OK db "File has not been altered.",0
Orig_ChkSum dd 576623h ; value of UNaltered file - Stores in REVERSE order !!
.data?
dwHeaderSum dw ?
hWnd dd ?
dwCheckSum dd ?
.CODE
start:
invoke MapFileAndCheckSumA, ADDR szFileName, ; Do a checksum of our file
ADDR headerSum,
ADDR checkSum
mov eax, checkSum ; move value to EAX
.if eax == Orig_ChkSum ; Check if file has been altered
invoke MessageBox, NULL, addr szFile_OK, addr szAppName,MB_OK
.else
invoke MessageBox,NULL,addr szFileChanged,addr szAppName,MB_OK
.endif
invoke ExitProcess,0
end start
PE's checksum is too weak for image integrity check. It's simply word sum of PE (well, not exactly, but you generally can increase byte at offset X and decrease at offset X+2*n or swap words at 2*n and 2*m without changing checksum).
What's so valuable that you're trying to protect? Anti-debug tricks, checksum... Against determined cracker resistance is futile.
What's so valuable that you're trying to protect? Anti-debug tricks, checksum... Against determined cracker resistance is futile.