• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

Can anyone tell me why this is returning wrong value?

I am trying to detect if my program has been patched.

So far, I have this:

#include <windows.h>


void Nag()
{  

     MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);

}

#define fudge  14;


bool CheckNag()

{
     char * p;  
     p = (char *)  &Nag;
     p += fudge;  

     // Messagebox the value
     // Print first hex values

     char buf[255];
     char c = *((char*) p);
     int val = (int) c;
        wsprintfA(buf,"HEX VALUE  == 0x%2.2x", val);
        MessageBox(NULL,buf,"Error",MB_OK);
     
        if( *p != 0xFF )
            return false;

        return true;
}


int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{

     if(CheckNag()){

      // Program runs normal. The messagebox is in tact
       MessageBox(NULL, TEXT("NO PATCH"), TEXT("Not tampered with."), MB_OK);

    } else {

     // You should be ashamed of yourself! Patching this little program!

     MessageBox(NULL, TEXT("PATCH DETECTED!"), TEXT("Program has been tampered with"), MB_OK);

   }

    return 0;
}


But even though I have not "patched" this, I am still being returned the MessageBox telling me it has been patched.

This is like my 4th question trying to figure this out step, by step.

Any help would be appreciated. Getting frustrated... Thanks.



0
edvinson
Asked:
edvinson
2 Solutions
 
rajeev_devinCommented:
>>        if( *p != 0xFF )
>>            return false;
You are returning false thats why it is giving patch detected.
0
 
efnCommented:
The program is testing for 0xFF at Nag+14, but there isn't anything visible that puts that value there.  Why do you think that value should be there?
0
 
efnCommented:
OK, I see from your previous question why you are checking for that value there.  I suggest you run the program in a debugger to see what is actually where in memory.
0
 
AmigoJackCommented:
according to your "patch check", what will you do when your check is patched? or your messagebox is NOPed?
0
 
edvinsonAuthor Commented:
Actually, I am going to be checking a Window Style flag, to see if they have enabled a "SAVE" button that has been disabled intentionally (like a demo program).

If I catch them,

1. Write a Reg Key so I know for future versions
2. Heal the button
3. Quietly continue
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now