Self contained .exe verification

[PaulC]

For obvious reasons (hacking, virus etc.) I want my application to self
verify at run time (yeh, I know the limitations of doing this - but every
little bit helps). So... I produce a twitchy checksum of the my apps .exe
file and when my app runs it checks that the number matches... If the app is
patched or played about the checksum changes and the app errors.

Works fine if I store the checksum in the registry (say during installation)
and check it at run-time but I don't want to do this.

Question : Anyone know a method of storing the checksum validation in the
.exe. (the problem being that changing the .exe file after the checksum is
generate invalidates the checksum).

Any help appreciated.

Cheers
Paul

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.333 / Virus Database: 187 - Release Date: 08/03/2002

[Michael Kelly]

On Sun, 10 Mar 2002 20:19:50 -0000, "PaulC" <paul.clari...@virgin.net>
wrote:

>Question : Anyone know a method of storing the checksum validation in the
>.exe. (the problem being that changing the .exe file after the checksum is
>generate invalidates the checksum).

Hi Paul. Probably the best thing would be to have a
dedicated address in your app where you store the
CRC32 that is excluded from the CRC calculation.
IOW, if you stored the CRC in a global you would
break your CRC calculation routine into 2 parts.
The first would calculate up to the address of
the global. The second would calculate to the
end of the exe from the address of the global
plus the 4 bytes. This way storing the result
in the global won't invalidate it. Also you could
be a bit cagey and move the address of the
global around a bit in different versions of
your program to make it a bit harder to hack
without really changing your CRC calls. This
isn't super hack proof but it's better than say,
sticking the CRC at the end of the exe. Most
people are hip that stuff stuck after the exe
image is ignored by the loader so even a
simple virus might look for that.

Also you might check out the
comp.software.shareware.authors
ng for suggestions and read their
FAQ.

calculated up to the global and then continue the
calculation after the global. So you would have
to break your CRC routine into 2 parts

Mike

--

"Only choice is an oxymoron."

--

[Andrew Jameson]

Hi Paul,

This should be simply a matter of appending the checksum bytes to the end of
your executable ... write an application that calculates the CRC of your
executable image and append that to the image ... you can either append a
precorrected CRC that allows for the inclusion of these bytes when the
application validates itself or the application can take into account the
fact that bytes have been appended to the image. This is what we do with
our applications and it is very effective in discouraging piracy ... in our
case ... we also arrange the self deletion of the image if tampering is
detected ... simple - no warnings ... it runs once and then it's gone !

Andrew

[Bas Gooijen]

i uploaded a sample to:

http://www.sitecreations.nl/bas/delphi/checksum.zip

just add check to the uses, call checkcrc to find out the exe or dll has
been changed.
to add the correct crc to your program execute addCRC YourApp.exe

hth

Bas Gooijen

"PaulC" <paul.clari...@virgin.net> wrote in message
news:3c8bbf2a_1@dnews...

[Ralph Friedman]

Andrew,

in article <3c8bcb11_1@dnews>, you wrote:

> in our
> case ... we also arrange the self deletion of the image if tampering is
> detected ... simple - no warnings ... it runs once and then it's gone !
>

one would hope that you warn your legitimate users up front as to this
"side-effect" of, say, playing with the resources in the app.

Followup-To: borland.public.off-topic

--
Regards
Ralph (TeamB)
==
Use Borland servers; TeamB doesn't see posts via ISPs
http://www.borland.com/newsgroups/genl_faqs.html
==
Man soll die Dinge nicht so tragisch nehmen wie sie sind
--Karl Valentin--

[PaulC]

Thanks to all who replied. Bas's code does exactly what I wanted.
Thanks !

Paul

"Bas Gooijen" <bas_g...@yahoo.com> wrote in message
news:3c8be560$1_1@dnews...

[PaulC]

Bas,
It looked good but I can't get it to work. When I try to 'ADDCRC' I always
get a 'Failed to add the CRC' . Looking at the ADDCRC function (in the
check.pas unit) it looks as though we are searching for the '#0#0#0#0CRC'
marker in the memory stream (i.e.the .exe file) before we calculate and
insert the CRC into the re-written file... Surely, (at this stage) the
marker isn't in the file ... or am I missing something ? I don't want to
break what ain't broken!

Any help would be much appreciated.
Regards
Paul

"PaulC" <paul.clari...@virgin.net> wrote in message

news:3c8d164c$1_2@dnews...

[PaulC]

[PaulC]

My fault!
Sorry!
Great Code & a Great Response.

Cheers Paul

"PaulC" <paul.clari...@virgin.net> wrote in message

news:3c8d2f0c_1@dnews...

[Jody Dawkins]

Greate code Bas!

I was wondering if you could give us a short walk through of how it works.

- Jody

"Bas Gooijen" <bas_g...@yahoo.com> wrote in message
news:3c8be560$1_1@dnews...

[Bas Gooijen]

Sure,

The file where the CRC is on:
in the unit check.pas there is a global var, which is initialised on
#0#0#0#0CRCR
this var is changed when you add a crc to the file.
the first 4 bytes become a dword value containing the position (offset ) of
the 8 bytes in the file.
the second 4 bytes contain the actual crc-code.
when you call the checkcrc function, the intire exe-file is loaded into the
memory.
then with the first 4 bytes of the global-8-byte-value you know where it
fysically is located in the file.
in the memory-copy the 8 bytes are replaced with #0#0#0#0CRCR, it now is the
file (in memory) prior to adding the crc.
then the crc is calculated of the memory-copy, this crc is the same value as
the AddCrc function calculates.
the new-crc and the crc stored in the second 4 bytes are compared, if the
same, then the file wasn't altered.

The crc add function:
the file is copied into the memory
the position of the marker (#0#0#0#0CRCR) is determined in a for-loop
the crc of the (unchanged) memory-buffer is calculated.
the first 4 bytes are updated to represent the fysical offset of the marker
in the file.
the second 4 bytes are updated to represent the computed crc.
the memory is written back to the file

btw, the unit can be easily changed to use a diferent hash algoritm (eg.
md5 ) , or use another crc32 library.
as long as it can compute the checksum of a memory-block

Hope this explains it a little

--

Bas Gooijen

"Jody Dawkins" <jo...@shift4.com> wrote in message news:3c8d5c10$1_1@dnews...

[Bas Gooijen]

Aditional:

the procedure CheckCrcOrAdd thecks if the file is already patched,
if not it does so and terminates the program.
if so it checks, and if wring it terminates the program.

the unit can check exe and libraries ( dll,ocx,...)

and the check can be performed in the initialisation-section

eg.
for exe:
initialisation
if not CheckCrc then halt;

for dll:
initialisation
if not CheckCrc then ExitProcess(0);// the calling exe is terminated also

or you can do something more friendly, like showing a message.

--

Bas Gooijen

"Bas Gooijen" <bas_g...@yahoo.com> wrote in message

news:3c8dcfc6_2@dnews...

[Gwen Carpenter]

In article <3c8bbf2a_1@dnews>, paul.clari...@virgin.net says...

> For obvious reasons (hacking, virus etc.) I want my application to self
> verify at run time (yeh, I know the limitations of doing this - but every
> little bit helps). So... I produce a twitchy checksum of the my apps .exe
> file and when my app runs it checks that the number matches... If the app is
> patched or played about the checksum changes and the app errors.
>
> Works fine if I store the checksum in the registry (say during installation)
> and check it at run-time but I don't want to do this.
>
> Question : Anyone know a method of storing the checksum validation in the
> .exe. (the problem being that changing the .exe file after the checksum is
> generate invalidates the checksum).
>
> Any help appreciated.
>
> Cheers
> Paul
>

I think that I would just stuff the checksum value into the PE just after
where the dos stub message is located.. "This program runs only under
windows..yadda yadda "
You could then compress the file with something like UPX and then work up
a checksum of the expanded exe as it is held in ram after expansion...
then plug this value into the checksum bytes.
When the program is running it can easily read it's uncompressed form
from ram by referencing Hinstance value... this scheme would be a real
pain to hack through.... Oh they could do it of course but at least it
would be a major pain in the @ss ;-)

[ko...@techwin.be]

And how do you delete the EXE of your "running" app...?

Koen

"Andrew Jameson" <con...@softspotsoftware.com> wrote in message
news:3c8bcb11_1@dnews...

[ko...@techwin.be]

While its running i mean...

<ko...@techwin.be> wrote in message news:3c8f5f24$1_1@dnews...

[Rick Betting]

That function should be the last function of your app. (After
Application.Run)
Also see thread "How make application which after executing destroy
itself" -> Message of Johnnie (news:3c8f2ef9_1@dnews)

--

Rick Betting,
Online Software.
ri...@ATonlinegroepDOT.nl
(Remove AT and DOT )

I don't like spammers so send your spam to
ab...@iname.com

"Bas Gooijen" <bas_g...@yahoo.com> schreef in bericht
news:3c8f66a4$1_2@dnews...
> http://groups.google.com/groups?selm=3bfe3ed5_2%40dnews&rnum=2
>
> --
>
> Bas Gooijen
>
>
> <ko...@techwin.be> wrote in message news:3c8f62c4$2_2@dnews...

[Bas Gooijen]

http://groups.google.com/groups?selm=3bfe3ed5_2%40dnews&rnum=2

--

Bas Gooijen

<ko...@techwin.be> wrote in message news:3c8f62c4$2_2@dnews...

[DGJ]

Hi, I keep getting "Failed to add the CRC", no matter what executable
I try to run it on, any ideas?

Thanks

DGJ

[Bas Gooijen]

also on you use the sample i have included?
( you may need to re-download the zip )

--

Bas Gooijen

"DGJ" <D...@No.Spam-BTINTERNET.com> wrote in message
news:pttu8ugghhr8hhpr1...@4ax.com...