Can anyone tell me why this is returning wrong value?

I am trying to detect if my program has been patched.

So far, I have this:

#include <windows.h>

void Nag()

     MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);


#define fudge  14;

bool CheckNag()

     char * p;  
     p = (char *)  &Nag;
     p += fudge;  

     // Messagebox the value
     // Print first hex values

     char buf[255];
     char c = *((char*) p);
     int val = (int) c;
        wsprintfA(buf,"HEX VALUE  == 0x%2.2x", val);
        if( *p != 0xFF )
            return false;

        return true;

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)


      // Program runs normal. The messagebox is in tact
       MessageBox(NULL, TEXT("NO PATCH"), TEXT("Not tampered with."), MB_OK);

    } else {

     // You should be ashamed of yourself! Patching this little program!

     MessageBox(NULL, TEXT("PATCH DETECTED!"), TEXT("Program has been tampered with"), MB_OK);


    return 0;

But even though I have not "patched" this, I am still being returned the MessageBox telling me it has been patched.

This is like my 4th question trying to figure this out step, by step.

Any help would be appreciated. Getting frustrated... Thanks.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

>>        if( *p != 0xFF )
>>            return false;
You are returning false thats why it is giving patch detected.
The program is testing for 0xFF at Nag+14, but there isn't anything visible that puts that value there.  Why do you think that value should be there?
OK, I see from your previous question why you are checking for that value there.  I suggest you run the program in a debugger to see what is actually where in memory.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
according to your "patch check", what will you do when your check is patched? or your messagebox is NOPed?
edvinsonAuthor Commented:
Actually, I am going to be checking a Window Style flag, to see if they have enabled a "SAVE" button that has been disabled intentionally (like a demo program).

If I catch them,

1. Write a Reg Key so I know for future versions
2. Heal the button
3. Quietly continue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.