I need a real nice easy way of making sure someone hasn't modified my executable file.

The simplest of course would be to load the file completely in memory and sum up each byte, then subtract the bytes composing the expected checksum, then comparing the result to the expected checksum.

Unfortunately I wouldn't really know what the checksum would be until after the program is written WITH the integrity check. And if I print the checksum at any time, if someone modifies the file he will see the checksum and with a wee bit more work change it along with his modifications.

Or maybe I'm just too paranoid? Just forget about integrity checks?
Posted on 2002-05-18 08:17:53 by AmkG
well you said an easy way so how about this one. when you create your executeable keep note of the creation date. then compare it to the date modified.:grin:
Posted on 2002-05-18 09:36:56 by smurf
where are you going to store the creation date?
If you put it in the registry or a file that makes an easy target to just change the creation date to the current one. If it's written inside the exe, the same can be done with a debugger.
Posted on 2002-05-19 00:43:40 by grv575
But come to think about it, my only goal is to stop the Debugger and The Dummpies programs, and i know that some of this is possibles... So that might not be a bad idea after all. At lease the Debugger can be stopped in it tracks. The rest don't really matter to me anymore.
Posted on 2002-05-19 01:47:05 by cmax
well integrity checks is not really useless, but it sure ain't the ultimate weapon against cracker, because such thing does not exist=/
the best way of doing integrity "check" is decrypting code with the checksum of the file..to avoid obvious jumps etc.
really good integrity check u can find in a protection like vbox (which uses several .dlls also which checks the integrity the main process)
Posted on 2002-05-19 04:11:40 by DZA
the MZ header has a bunch of unused bytes. Store your CRC or
hash or whatever there. CreateFileMapping on your executable,
and sum up everything but the MZ header. Compare value to the
one stored in MZ header. Easy-peasy.
Posted on 2002-05-22 16:52:05 by f0dder
You mean the OLD DOS MZ HEADER???

Of course... even the newest exe files have a DOSSTUB...

Durn... didn't think of that... nice idea Fodder...
Posted on 2002-05-22 20:18:56 by AmkG