How to write a runtime checksum algorithm for win32 app?

I'm developing an application for windows( WindowsXP, Vista ), and would like to create a function to do an integrity checksum. As the application runs, the checksum function will take a start/end address in the instruction memory and ensure that none of the instructions have changed. The trouble I'm having is that the assembly instructions that take address's, such as JMP, have a different address each time the application runs, since windows changes the base address at which the application resides in memory. How can I create a checksum algorithm that works in this environment? Basically, I'm trying to write my own software protection scheme.
static unsigned int addressStart;
static unsigned int addressEnd;
_asm mov eax,GUARD_1_BEGIN
_asm mov ebx,GUARD_1_END
_asm mov addressStart,eax
_asm mov addressEnd,ebx
unsigned int a = addressStart;
unsigned int sum = 0;
while (a <= addressEnd) {
        unsigned rawVal = *(unsigned int*)(a);
        sum += rawVal;
        a += 4;
}
if ( sum != 0x00127d69) {
        return 0;
} else {
   // it worked!!!
}

Open in new window

mhorsley99Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grg99Commented:
I think through the debug API you can request that a program load but not start.   So you can right then do a code checksum.

By the way, are you checksumming all the called DLL's too?

0
evilrixSenior Software Engineer (Avast)Commented:
The base address will be different but the offset will always be the same. Alternatively, if this is a DLL then maybe rebasing it will help you out (you'd have to read up about this for yourself, I am not 100% sure).
http://msdn2.microsoft.com/en-us/library/ms810432.aspx
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mhorsley99Author Commented:
The checksums have to be computed every frame, or at least every minute or so. It won't checksum the entire app, just short code segments, maybe a hundred instructions or so. There will be multiple checksums spread throughout the app.
0
mhorsley99Author Commented:
My trouble seems to be that as the checksum algorithm processes each bit of information,
1) it has to know the size of the opcode( which varies ), and
2) if the parameters to that opcode need to be offset by the base address

The code snippet I included worked fine until it processed JMP instructions. The only solution I could think of was to create some sort of table that tells me if the opcode being processed is one that requires an address reference, and if so, somehow "correct" the reference so that the checksum comes out the same everytime the app is run, no matter where in memory.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.