Posted on 2006-05-07
Last Modified: 2010-05-18
I have a  (DOS-QBcompiled) program  wich by Dutch-Law my only start if there has been at startup a check
(checksum???)  that this program is not changed or manipulated by a user
How to  write code to do this checksum , it is allowed to do this checksum from another module first,  then if ok run/chain the tested program
Question by:BIAPRO
    LVL 37

    Expert Comment

    by:Harisha M G
    Hi, you can use the standard hash generators, or write your own.

    A simple checksum would be to find the sum of ASCII values of the characters and then find the modulus of that with some value.

    If you want a 8-bit hash, then use {Sum of ASCII} MOD 256
    If you want a 16-bit hash, then use {Sum of ASCII} MOD 65536

    Hope this helps


    Author Comment

    Thanks, but what would be the syntax e.g.  in VB6  to calculate the value off a  exe-file
    LVL 5

    Accepted Solution

    You could simply open your EXE file, read every byte and add it to a checksum, then close the file.

    chksum = 0
    OPEN "myprog.exe" FOR INPUT AS #1
      GET #1, , char$
      byte = ASC(A$)
      chksum = chksum + byte
    IF chksum <> 12345 THEN
      PRINT "Program tampered."
    END IF

    The file can check itself, but of course you need to know what the checksum is before you compile it, and changing the checksum will change the size of your program. You could write a second program to check the main one then launch, but I'm not sure if the main program could verify it was only launched from the checksum program. There's no use having a launcher to check the file if a hacker can bypass it just by running the main exe directly.

    Your best bet is to write a small program to write the checksum and print it out. You can then insert the value it prints out into the above code. It will take a few attempts to refine it, but with a little trial and error you should be able to find the right checksum.
    LVL 14

    Expert Comment

    LVL 2

    Expert Comment

    Yikes, lets hope that this law doesnt get past the Dutch borders! The more I think about this conundrum the worse it gets. lostcarpark is right, but it gets even worse.

    Basically it is impossible to write a program that could perform a self-verification based on a checksum etc.

    For self-verification to occur, then the final checksum must be embedded in the program,  but this value will never be know until the program is compiled. Changing the source will then change the final checksum, which will then require another change in the source. Basically you are then stuck in a never ending loop.

    The answer here is to employ a wrapper program. You then end up with two executables. One is the progam itself, the second is an add on program that verifies the checksum of the original program, and then launches the program if it is unchanged.  As lostcarpark highlighted above, this wont stop you running the real program directly. It also wont stop the program and the wrapper being modified and new checksums being embedded.

    By the way, in VB its something like 'Shell "myprogram.exe", vbNormalFocus' to launch an external program.
    LVL 41

    Expert Comment

     Another alternative (which would not require iteration) would be to have the checksum value (bytes) distributed throughout the executable, perhaps redundantly.  The checksum algorithm would "ignore" these distributed bytes while computing the checksum, and use them to compare the final value.

    Author Comment

    ok after some modification and change syntax for doscompiler I can run from dos or either dos-box in windows
    this code I use in dos-compiler. The only work involved is that every time I change something to the program
    wich need to be checked, I have to update the 'starting' program with the new chksum value, but that does not happing
    a lot.  Anyway it works even in dos (Yes! still around)

    RECLEN% = 1
    RECNR% = FreeFile
    Close RECNR%
    B$ = Str$(LOF(RECNR%))
    T# = (Val(B$) / RECLEN%) + 1
    CHKSUM# = 0
    For I# = 1 To T#
       GET #1,I#
       byte = ASC(A$)
       chksum#= chksum#+ byte
    Print CHKSUM#
    If CHKSUM# <> 4435828 Then End  ' value for this program  to start

    LVL 5

    Expert Comment

    That looks good, but I notice you use FreeFile to get the first available file handle, but the use:

       GET #1,I#

    Which reads from file #1. I expect that in almost every case FreeFile will return 1, so they should be the same thing, but for consistency you probably should use:

       GET #RECNR%,I#

    Author Comment

    True ,  it was a quick writing - test  ,  normally all my opening-calls contains  RECNR% at all location, I have to, due to some programs have more then 30 files open and closing,  ,  in dos  and in VB6,
    but thanks for the advice anyway
    Regards Jack

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    INTRODUCTION We all know how to code. But at times you simply want to insert a common code block into your existing code and amend it as per your requirements. This tool not only saves you time but also saves you the pain of typing it all out aga…
    This is an explanation of a simple data model to help parse a JSON feed
    Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now