auto check file?

Posted on 2006-07-04
Last Modified: 2010-04-05

i would like to check my program (md5 hash?) when it runs, so it would close if it detects any changes...
i know reverse engeneering can break that protection but it would help.

but there is an obvious problem... how can i insert the md5 hash in the exe without making any change in the md5!

so i was searching a bit and i found this:

its supposed to work for turbo pascal, but i also found this:

there was (2002 xD) an example for delphi but the link is broken :'(

so i was wondering if there is another way to do that? or someone knows how to modify the turbo pascal and the .inc file to work with delphi?

any hint would be appreciated a lot  :)
Question by:lobo_estepario
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +1

Expert Comment

ID: 17039870

One thing you can try is to "pre-enter" a string the same size as the MD5 hash in your application somwhere (make sure the string is recognisable). Then compile your application and take the hash of it. You can then use a tool, such as ResHacker, to replace "pre-entered" string with the correct Md5 hash.

ResHacker is available here:

I had a look at the Turbo Pascal tool you provided, but unless there iss a tool to convert the files automatically, doing it by hand would be long and arduous.

Hope that helps, Mark
LVL 28

Expert Comment

ID: 17040498
best way in my opinion is to use something like this (command line build batch):

- compile program
- calculate md5
- crypt md5
- append crypted md5 to end of program
- at program load time, program will seek to it's size - length md5 hash (this length is constant ;) ) and loar md5 hash
- then it will calculate md5hash for the program exe - length md5 hash
- it will copy the exe without the hash to a temp file, calculate the hash and then delete the temp file
crypting algorithm can bve something simple, just so the user will not be able to just replace the hash ;)

for such a solution and demos, see the answers of this question:

in Ubethatway's solution you will also have to skip the place where the hash is stored but in that case the place can be anywhere within the exe and is thus harder to implement.
LVL 16

Expert Comment

ID: 17048593
Ubethatway if you calculate the hash of your application and then store the hash to the string
(using ResHacker) or anything else then... that would change the hash of your application again ! :)

What if you store the hash in a file outside of your app ?
Of course you should encrypt the hash so noone would understand its an md5 hash.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 28

Expert Comment

ID: 17048792
codedk, using my "algorithm", the hash of the application does not change as I explained it, you don't calculate the hash of the file that contains the exe and the hash, but just the first part, the exe. so the hash will be the same always.
LVL 16

Expert Comment

ID: 17048846
I know ciuly, i was talking about Ubethatway suggestion.
LVL 28

Expert Comment

ID: 17048872
sorry, didn't scroll to see who the asker was :D

Author Comment

ID: 17056882
allright im trying to make it work... ill take a look at that link ciuly ;-)

so ill let you know once i finish reading and trying all that stuff lol


Author Comment

ID: 17070109
well, i had some hardware issues so i couldnt use my pc in two days :-(

anyway, i tried your sample, ciuly. the one called: "modify exe string" and everytime i used a to insert the text "edit1" in b, it corrupts the file :-(

i will try to solve that but what i really wanna know is how can i be able to do this: "then it will calculate md5hash for the program exe - length md5 hash".

i mean how can i get the md5 hash of it if its not really a file (i cant copy the exe to other place, i need to work with just the exe).

LVL 28

Expert Comment

ID: 17071008
that is most probably because you didn;t follow the instructions step by step as explained there. you MUST follow those step in that exact order:
download project files from
compile B. then write the size manuallt in size.pas then compile B again.
THEN compile A (this was specified in one of the first posts :) )

regarding your second question. you have several ways to do that:
- you create another class, derived from tfilestream (or from TStream and passing a filename, or whatever), readonly, that will aways retrieve the content of that file up until the filesize-length(md5sum) (this length IS constant. it's 128 bit = 16 bytes)
- you modify the md5 hash algorithm to only read until the filesize - 16 (length of md5 hash)

and there are variations of the above and of course other implementations that can be more or less complicated. the above are the 2 most simple ones in my opinion.

Author Comment

ID: 17076598
oops, my bad, sorry  :-(

so yes, that demo works fine!

now im gonna try to modify the md5 hash algorithm  :-)
LVL 28

Expert Comment

ID: 17077530
if the md5hash algorithm you are using supports calculating on a stream, I suggest using the first option: it is much more faster to implement and more secure (since you wil not be modifying the md5hash algorithm, there are no chances for you to introduce bugs there) and more flexible ;)

Author Comment

ID: 17078784
mmm, well im using this unit:

but, to be honest... im not quite sure where to make the changes  :-(

i will try to figure it out though.


LVL 28

Accepted Solution

2266180 earned 300 total points
ID: 17079559

Author Comment

ID: 17086157
Thanks  :-)

Im gonna analyze the code and then ill add some crypting and all that.

Thanks again.
greetings  ;-)


Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Delphi Mdi application Child forms get behind control 7 365
Unique identifier on a terminal server (rdp) 4 86
Base1 Encode/Decode 3 100
TAction.OnAfterExecute? 2 32
In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question