Can anyone tell me why this is returning wrong value?

I am trying to detect if my program has been patched.

So far, I have this:

#include <windows.h>


void Nag()
{  

     MessageBox(NULL, TEXT("Please Pay!"), TEXT("Note"), MB_OK);

}

#define fudge  14;


bool CheckNag()

{
     char * p;  
     p = (char *)  &Nag;
     p += fudge;  

     // Messagebox the value
     // Print first hex values

     char buf[255];
     char c = *((char*) p);
     int val = (int) c;
        wsprintfA(buf,"HEX VALUE  == 0x%2.2x", val);
        MessageBox(NULL,buf,"Error",MB_OK);
     
        if( *p != 0xFF )
            return false;

        return true;
}


int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{

     if(CheckNag()){

      // Program runs normal. The messagebox is in tact
       MessageBox(NULL, TEXT("NO PATCH"), TEXT("Not tampered with."), MB_OK);

    } else {

     // You should be ashamed of yourself! Patching this little program!

     MessageBox(NULL, TEXT("PATCH DETECTED!"), TEXT("Program has been tampered with"), MB_OK);

   }

    return 0;
}


But even though I have not "patched" this, I am still being returned the MessageBox telling me it has been patched.

This is like my 4th question trying to figure this out step, by step.

Any help would be appreciated. Getting frustrated... Thanks.



LVL 1
edvinsonAsked:
Who is Participating?
 
efnCommented:
OK, I see from your previous question why you are checking for that value there.  I suggest you run the program in a debugger to see what is actually where in memory.
0
 
rajeev_devinCommented:
>>        if( *p != 0xFF )
>>            return false;
You are returning false thats why it is giving patch detected.
0
 
efnCommented:
The program is testing for 0xFF at Nag+14, but there isn't anything visible that puts that value there.  Why do you think that value should be there?
0
 
AmigoJackCommented:
according to your "patch check", what will you do when your check is patched? or your messagebox is NOPed?
0
 
edvinsonAuthor Commented:
Actually, I am going to be checking a Window Style flag, to see if they have enabled a "SAVE" button that has been disabled intentionally (like a demo program).

If I catch them,

1. Write a Reg Key so I know for future versions
2. Heal the button
3. Quietly continue
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.