Advertisement

01.28.2008 at 11:20AM PST, ID: 23117199 | Points: 500
[x]
Attachment Details

How to write a runtime checksum algorithm for win32 app?

Asked by mhorsley99 in C Programming Language, Processor Programming for Specific Platforms, Windows Network Security

Tags:

I'm developing an application for windows( WindowsXP, Vista ), and would like to create a function to do an integrity checksum. As the application runs, the checksum function will take a start/end address in the instruction memory and ensure that none of the instructions have changed. The trouble I'm having is that the assembly instructions that take address's, such as JMP, have a different address each time the application runs, since windows changes the base address at which the application resides in memory. How can I create a checksum algorithm that works in this environment? Basically, I'm trying to write my own software protection scheme.Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:

static unsigned int addressStart;
static unsigned int addressEnd;
_asm mov eax,GUARD_1_BEGIN
_asm mov ebx,GUARD_1_END
_asm mov addressStart,eax
_asm mov addressEnd,ebx
unsigned int a = addressStart;
unsigned int sum = 0;
while (a <= addressEnd) {
        unsigned rawVal = *(unsigned int*)(a);
        sum += rawVal;
        a += 4;
}
if ( sum != 0x00127d69) {
        return 0;
} else {
   // it worked!!!
}
[+][-]01.28.2008 at 11:41AM PST, ID: 20762145

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.28.2008 at 11:59AM PST, ID: 20762282

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.28.2008 at 12:13PM PST, ID: 20762406

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.28.2008 at 12:21PM PST, ID: 20762481

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.20.2008 at 02:39PM PST, ID: 20942810

Experts Exchange has a courteous staff of administrators who help members get the most out of the website by means of administrative comments like this one.

Start your 7-day free trial to view this Administrative Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628