Solved

Marking start and end of functions for CRC checks

Posted on 2002-05-30
20
230 Views
Last Modified: 2010-04-15
Firstly, I writing in C for a Dos platform. This is using the Microsoft C compliers.

I have an issue with security on a certain piece of code in our software. It is a standard piece of code and I need to be able to perform a CRC on it to ensure that it hasn't been tampered with or an incorrect exe verion put on the computer. My problem is that the code around this may change (bug fixes, s/w additions, etc.) so I need to be able to check this particular part of the exe to ensure it hasn't changed.

The second option is to isolate the function into an exe of it's own, but this is a last resort because of the way the function works with the rest of the code. Changing it to be an independant exe will cause other more awkward security issues that will have to be dealt with.

The 2nd option I know how to do -> so I do not need advice with it. I need ideas on my first point. How do I mark the entry and exit points of a function so that a particular code section can be CRC checked?

Regards,
C.
0
Comment
Question by:cgallagher
  • 10
  • 5
  • 2
  • +2
20 Comments
 
LVL 5

Expert Comment

by:ecw
ID: 7044549
entry point is the function.  ie. just use the function name.  end point is the address of the next function.  eg.

int check_me(void) { ....
}

void check_me_end(void) {}

int crc_check(void) {
char *start = (char *) check_me;
char *end = (char *) check_me_end;


}
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7044870
Ok, that will work if I want to check the CRC of a function within my own executable and that may be sufficient... but I don't think it will. You see if the "CHECK_ME" function was changed how do we know that the "CRC_CHECK" function hasn't been changed as well!!! This is mainly my problem.

Therefore, how do I do a CRC check on that function from another executable, i.e.:

If my executable is "prog.exe" I would like to be able to check the function by running:

crc_chk c:\mydir\prog.exe

the program will be hard coded to check for the particular function (by using the entry and exit points of the function) within the executable... I don't know will you have to load the "prog.exe" into memory first and then check the function??? or can you check the actual executable file itself???

Here's an idea, would it be similar to the way an application finds a function entry point in a DLL? I persume it would...

Thanks for the response!
C.
0
 
LVL 5

Expert Comment

by:ecw
ID: 7045157
oh, licensing.. now that's a lot harder.  The usual way is obscurity, encrypt some very important program data using a key generated by hashing the check_me function.  If check_me is frigged, the key will be invalid, and the data useless.  This will not stop a determined hack, but very little, if anything, can.
0
 
LVL 6

Expert Comment

by:Triskelion
ID: 7045892
Is it possible for you to deliver your piece as an obj (or library) file?

An easy technique would be to NOT show source code.  You can pre-compile your code into one or many linkable .obj or .lib files that act as black boxes.  You would only need to provide the interface (usually through the header file) of the functions and/or classes.
This would be better than an isolated EXE because it becomes an internal part of the finished product.

If the project requires multiple platforms, you can create seperate lib/obj files for each situation (16, 32 bit, etc.)


I guess it depends on how REALLY secure you need it to be.
0
 
LVL 9

Expert Comment

by:BeyondWu
ID: 7046231
Try this:
int MyImportantProc(...)
{
        DWORD address1,address2;

        __asm mov address1,offset beginCRC
        __asm mov address2,offset endCRC
     
        CheckCRC(address1,address2);

beginCRC: // begin of code to CRC check

        //..here is your very important piece of code
       
endCRC: // end of code to be CRC checked    

     //CheckCRC(address1,address2); //you can also check it here.

     return 0;
}
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7046528
ecw:
Ok it's not quite licencing. Its so that external auditors can check the piece of code so that it hasn't changed. This is why we need the external checker and also why I don't think a built in function will work. We don't really care about piracy etc. because considering the area we are in the people don't have a clue about that. So it's not security in the sense that we don't want people copying our s/w. It's more about another company saying: can we trust that your s/w hasn't changed in the area we are concerned with???

Triskelion:
We are not supplying a universal library etc. So we cannot supply a library to out customers. I cannot either supply an obj or source code. What I am trying to get around is isolating it from the program itself. I can isolate it but it will pose other security issues so all I am looking for is a way to CRC it while within the same executable. Supplying an obj file will not help me because I cannont give that to the customer. Actually performing the CRC check is not the problem just yet. It's marking the area I wish to perform the CRC around. I need to be able to run a program on a site that will tell me if the function is intact.

0
 
LVL 6

Expert Comment

by:Triskelion
ID: 7046754
If something has changed in the target area, will you disable the program?
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7046755
Another point I would like to pose.

If you generate a MAP file with your exe could you potentially use the functions info to locate their respective position within your exe? Or could you potentially use this MAP file in my situation at all?

Regards,
C.
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7046763
Triskelion.
Yes. If the function has changed then the program will not run, or will not be allowed to run. This does not neccessarily mean that the program itself has to detect this. Maybe by calling an external program, this external program can check it for us. This means that this "external program" can be run manually as well.

Regards,
C.
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 7046938
You could tag the routine using inline assembler like this:

#pragma optimize("", off)

void Test()
{
  // Begin tag
  __asm
    {
      jmp RoutineStart
      mov al,'*'
      mov ah,'*'
      mov al,'*'
      mov ah,'S'
      mov al,'T'
      mov ah,'A'
      mov al,'R'
      mov ah,'T'
      mov al,'*'
      mov ah,'*'
      mov al,'*'
RoutineStart:
    }

  // Your code
  TRACE("Test test\n");

  __asm
    {
      jmp RoutineEnd
      mov al,'*'
      mov ah,'*'
      mov al,'*'
      mov ah,'E'
      mov al,'N'
      mov ah,'D'
      mov al,'*'
      mov ah,'*'
      mov al,'*'
RoutineEnd:
    }
}

#pragma optimize("", on)

Then you could identify the starting point of your code by searching for the starting tag:

EB 16 B0 2A B4 2A B0 2A B4 53 B0 54 B4 41 B0 B4 B0 B4 B0 2A

The ending tag would look like this:

EB 12 B0 2A B4 2A B0 2A B4 45 B0 4E B4 44 B0 B4 B0 2A

I hope this help.

Good Luck,
Steve
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:cgallagher
ID: 7053379
Steve,
I created an exe with the above code inserted into the beginning and end of my function, and #pragma before and after the function. I then tried searching for the above with the exe file opened in both binary and text mode, but I couldn't find the tag.

Any Ideas? Would it be anything to do with my project compile or link settings?

Conor.
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7053383
Just a note to anyone who may not have fully gathered what I'm trying to do. I may not have specified this clearly in my initial question. I'm trying to find the location of the code module by searching through the actual exe file on the hard disk (or even the resident program when loaded into memory).

Regards,
C.
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 7053608
My hex codes to search for were copied wrong:

Start tag:

eb 16 b0 2a b4 2a b0 2a b4 53 b0 54 b4 41 b0 52 b4 54 b0 2a b4 2a b0 2a

End tag:

EB 12 B0 2A B4 2A B0 2A B4 45 B0 4E B4 44 B0 2a b4 2a b0 2a


0
 
LVL 1

Author Comment

by:cgallagher
ID: 7053707
I cannot even locate the string:

"eb 16 b0"

within my exe. I can find plenty of

"eb 16"

codes but when I try search for it plus the rest of the codes it doesn't seem to find it. I am using Visual C++ 6 to open the file in binary mode. I also tried opening the exe in wordpad to see if that made a difference but I still couldn't locate it.

C.
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 7053734
I created a stock "Hello World" console application and built it in debug mode with the Test() function and found the routine using VC++ 6.
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7053890
Ok. I see the issue here. I'm using Visual C++ 1.52 to create my exe. I have to use this for creating 16 bit exe's for dos machines. You are using Visual C++ 6 to create your exe's. I changed over to Visual C++ 6 just to test this and I successfully located the string.
I cannot use Visual C++ 6 to create final exe's because my target machines are MsDos machines. I stated in my original question that my target platform was MsDos. Maybe I wasn't really clear about what compilers I was using. When I said Microsoft compilers, I meant either "Microsoft C 6" or "Visual C++ 1.52". Visual C++ 6 cannot create 16 bit exe's for MsDos. They can only create 32 bit exe's which won't run is Dos mode. They run in windows console mode.

Have you any ideas about how I could locate this string if using these compilers?

C.
0
 
LVL 30

Accepted Solution

by:
SteveGTR earned 200 total points
ID: 7053930
Shouldn't make a difference as it applies to the concept.

Compile the program in 1.52 and debug it. Set a breakpoint in your routine (or just locate it). Go to disassembly mode and look at the op codes. Search for those.
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7061439
Sorry I didn't get back sooner. Was busy. I checked that out and it was only when you mentioned disassembly that I decked what you were getting at. For a 16 bit app it seems to start with the codes
E9 16 00

So thats where I was getting the problem. It's what I was lookin for so you get full marks.
0
 
LVL 30

Expert Comment

by:SteveGTR
ID: 7062327
Thanks. I thought I responded to your last comment from 6/4 and suggested that this might be the case. Must have not pressed submit... Good luck :)
0
 
LVL 1

Author Comment

by:cgallagher
ID: 7092073
In case you still have e-mail notification on I must say that I had a slight problem with code and I am going to post a new question. The is that if you change code OUTSIDE of the function you are marking the codes within the function change slightly (possibly due to using different registers or something I'm not sure why). If you're interested you might want to look out for the question.

C.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
This tutorial is posted by Aaron Wojnowski, administrator at SDKExpert.net.  To view more iPhone tutorials, visit www.sdkexpert.net. This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
The goal of this video is to provide viewers with basic examples to understand and use structures in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now