Can anyone tell me why this is returning wrong value?

Posted on 2006-04-25
Last Modified: 2010-04-01
I am trying to detect if my program has been patched.

So far, I have this:

#include <windows.h>

void Nag()

     MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);


#define fudge  14;

bool CheckNag()

     char * p;  
     p = (char *)  &Nag;
     p += fudge;  

     // Messagebox the value
     // Print first hex values

     char buf[255];
     char c = *((char*) p);
     int val = (int) c;
        wsprintfA(buf,"HEX VALUE  == 0x%2.2x", val);
        if( *p != 0xFF )
            return false;

        return true;

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)


      // Program runs normal. The messagebox is in tact
       MessageBox(NULL, TEXT("NO PATCH"), TEXT("Not tampered with."), MB_OK);

    } else {

     // You should be ashamed of yourself! Patching this little program!

     MessageBox(NULL, TEXT("PATCH DETECTED!"), TEXT("Program has been tampered with"), MB_OK);


    return 0;

But even though I have not "patched" this, I am still being returned the MessageBox telling me it has been patched.

This is like my 4th question trying to figure this out step, by step.

Any help would be appreciated. Getting frustrated... Thanks.

Question by:edvinson
    LVL 12

    Assisted Solution

    >>        if( *p != 0xFF )
    >>            return false;
    You are returning false thats why it is giving patch detected.
    LVL 15

    Expert Comment

    The program is testing for 0xFF at Nag+14, but there isn't anything visible that puts that value there.  Why do you think that value should be there?
    LVL 15

    Accepted Solution

    OK, I see from your previous question why you are checking for that value there.  I suggest you run the program in a debugger to see what is actually where in memory.
    LVL 12

    Expert Comment

    according to your "patch check", what will you do when your check is patched? or your messagebox is NOPed?
    LVL 1

    Author Comment

    Actually, I am going to be checking a Window Style flag, to see if they have enabled a "SAVE" button that has been disabled intentionally (like a demo program).

    If I catch them,

    1. Write a Reg Key so I know for future versions
    2. Heal the button
    3. Quietly continue

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    Errors will happen. It is a fact of life for the programmer. How and when errors are detected have a great impact on quality and cost of a product. It is better to detect errors at compile time, when possible and practical. Errors that make their wa…
    C++ Properties One feature missing from standard C++ that you will find in many other Object Oriented Programming languages is something called a Property (…
    The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
    The viewer will be introduced to the member functions push_back and pop_back of the vector class. The video will teach the difference between the two as well as how to use each one along with its functionality.

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now