Did someone tamper with my program?

I got this solution to a similar question I asked, but I already awarded points, so ...

This won't compile:

#include <windows.h>

#define fudge

void Nag()
{  

      MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);

}



void CheckNag()

{
      char * p;  
      p = (char *)  &Nag;
      p += fudge;  
      if( *p == 0x90 )
            return false;

        return true;
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{

   if(CheckNag()){

      // Program runs normal. The messagebox is in tact

    } else {

     // You should be ashamed of yourself! Patching this little program!

     MessageBox(NULL, TEXT("PATCH DETECTED!"), TEXT("Program has been tampered with"), MB_OK);

   }

    return 0;

}


This looks like exactly what I am trying to do! IF I can get it to work.
LVL 1
edvinsonAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cupCommented:
You have defined fudge as nothing so

     p += fudge;  

expands to

      p += ;  

which will cause a compilation error.
0
jkrCommented:
Apart from the #define issue - you want a 'void' function

void CheckNag()

{
     char * p;  
     p = (char *)  &Nag;
     p += fudge;  
     if( *p == 0x90 )
          return false;

        return true;
}

to return a boolean value? That won't work, it should be

bool CheckNag()

{
     char * p;  
     p = (char *)  &Nag;
     p += fudge;  
     if( *p == 0x90 )
          return false;

        return true;
}

BTW, that's quite error prone - if I was to patch your code, I'd add either remove the calls to 'Nag()' or overwrite it with 0x90 *eg*
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jkrCommented:
One ather thing - make 'Nag()' an inline function and use it from various places, this will make it way harder to remove it.
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

edvinsonAuthor Commented:
Ok this is my plan:

Get this little thing running, and step through it in my debugger to see what's going on. Then...

Add the code into my real program, and again step through it. When I get to the Messagebox I will copy the opcode, which is probably some form of a PUSH, right? Anyways, Then in my patch detection routine, I would check for what *should* be there.

Does that make sense?

Also, what do you mean inline function? Could you show me a small example? Thanks.
0
jkrCommented:
>>Also, what do you mean inline function? Could you show me a small example?

Sure:

__forceinline
void Nag()
{  

     MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);

}

This means that the compiler will place the code directly where it finds a 'Nag()' rather than generating a call to that function. So, if you 'call' it 20 times in your code, you have 20 copies of that function around.
0
edvinsonAuthor Commented:
Would it be better to force inline with the function that actually does the check, rather than the nag?
0
jkrCommented:
If you have the function inline, the check won't work anymore, since there is no such thing as the address of that function. It is embedded in the code that "calls" it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C++

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.