Thread: crc32

  1. #1
    Registered User
    Join Date
    Jul 2007
    Posts
    61

    crc32

    I'm trying to make dll that will check the crc32 of a file, but how schould i do this?
    I'm injecting the dll in an application...
    And i wanna check if the crc32 from the files in the folder where the application is where i injected the dll in are right.

  2. #2
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Do you want to check the executable file (and it's dependancies?) or the content of memory within the app? Those are two different things.

    Checking the file is relatively easy. Checking the content in memory is a bit more complicated, as you really need a memory map, and of course, DLL's may be loaded at different places each time, so the content may change in value (sorry, I didn't think about that one when I suggested checking with a CRC previously).

    --
    Mats

  3. #3
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Could you help with both? i would like to make it really good XD

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    The problem with doing it "in memory" is twofold:
    1. the application and it's DLL's may not be loaded at the same (virtual) address each time - which means that a function call like this:
    Code:
        foo = 4;
    will look like this one day:
    Code:
        mov    eax, 4
        mov    dword ptr [0x10000100], eax
    and on another day (or five minutes later, for that matter)
    Code:
        mov    eax, 4
        mov    dword ptr [0x20000100], eax
    Naturally, checksumming the first will give quite a different result than checksumming the second one.

    2. How do we know which components (application + DLL's) are loaded where? I think there are some applications that can list which DLL belongs to which application and where they are loaded, so if you can find one of those apps and either get the source-code, or reverse engineer this functionality, you should have a good starting point.

    Checksumming the files, assuming we have a list of files that we know about, shouldn't be hard.
    1. open the file.
    2. read a chunk from the file.
    3. for each byte in the chunk, update the CRC.
    4. If not end of file, go to 2.
    5. Confirm that CRC is same as "expected" for this file (also make sure that the "expected" results aren't easily changeable and that they are "hidden" (e.g. encrypted) so that it's not easy to change these values).

    --
    Mats

  5. #5
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Additionally: One way to ensure that the ensure the checksum is correct is to have a secure server on the web, and make the application "check" with the secure server before launching the application.

    Of course, this will prevent some people from being able to play the game, and perhaps some others from "being happy with the game", because they think this is a violation of their privacy.

    --
    Mats

  6. #6
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    I'm guessing you're still trying to do this
    http://cboard.cprogramming.com/showthread.php?t=92069

    You don't need to touch the code in order to modify the data. So even with all your clever tricks to check that the code hasn't changed will still result in you losing.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  7. #7
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Now i'm using this:

    Code:
    int crc(int argc)
    {
    
    	unsigned long table[256] = {
    	0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
    	0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
    	0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
    	0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
    	0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
    	0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
    	0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
    	0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
    	0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
    	0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
    	0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
    	0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
    	0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
    	0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
    	0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
    	0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
    	0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
    	0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
    	0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
    	0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
    	0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
    	0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
    	0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
    	0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
    	0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
    	0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
    	0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
    	0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
    	0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
    	0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
    	0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
    	0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
    	0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
    	0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
    	0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
    	0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
    	0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
    	0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
    	0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
    	0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
    	0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
    	0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
    	0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
    
    	register unsigned long iCRC;
    	register long i = 0;
    	register long lSize;
    	register FILE * fp;
    
    	if (argc)
    	{
    
    		fp = fopen("Gunz.exe", "rb");
    
    		if (fp)
    		{
    			// THIS FINDS THE SIZE OF THE FILE
    			fseek(fp , 0 , SEEK_END);
    			lSize = ftell(fp);
    			rewind (fp);
    
    			iCRC = 0xFFFFFFFF;
    
    			// THE CALCULATION OF THE CRC32
    			for (i = 0; i < lSize; i++){
    				iCRC = ((iCRC >> 8) & 0xFFFFFFFF) ^ table[(iCRC ^ fgetc(fp)) & 0xFF];
    			}
    			printf("CRC32: %x", (iCRC ^ 0xFFFFFFFF));
    		}
    
    	}
    	if ("CRC32: 4605c3a8" == "CRC32: %x", (iCRC ^ 0xFFFFFFFF)){
    		MBox("CRC Check Sucess", LTITLE);
    	}
    	else{
    		MBox("CRC Check Failed", LTITLE);
    		Sleep(1000);
    		TerminateProcess("antihack.exe", 0);
    	}
    
    	return 0;
    }
    But for some reason it always says CRC Check Sucess...
    Anyone can help me out?

  8. #8
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Code:
    	if ("CRC32: 4605c3a8" == "CRC32: %x", (iCRC ^ 0xFFFFFFFF)){
    The above line doesn't look like a condition to me, more like half a printf.

    Try checking with
    Code:
    if (0x4605c3a8 == iCRC ^ 0xffffffff) 
       ... OK ...
    else
       ... BAD ..
    [The compiler should warn if you try to compare two different string literals - that will ALWAYS be false, and the second statement after the comma is always the one that forms the condition, so if iCRC ^ 0xFFFFFFFF isn't zero, you always get a true statement. ]

    --
    Mats

  9. #9
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    It still doesn't work for me ..

  10. #10
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    What happens, and can you copy the if-statement that checks the CRC against a fixed value? (Actually, my if-statement may need an extra parenthesis around the iCRC ^ 0xffffffff, so that you are sure it's not XOR-ing the result of 0x4... and iCRC being equal with 0xffffff...).

    What is the value printed by the CRC calculation?

    Also, it's probably pretty useless to check the CRC if you didn't succeed in opening the file, so the reporting should probably be inside the "if (fp)" condition.

    It is very old-fashioned to use the "register" keyword. Modern compilers are pretty good at doing register allocation, so using "register" is at best going not doing anythng, or at worst confusing the compiler to produce less optimal code.

    --
    Mats

  11. #11
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    It's says CRC Check succes and the printf doesn't even show up

  12. #12
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Does it succeed in opening the file? Try adding an error message to the "if (fp) ... " by adding an "else printf("Could not open file").

    By the way, the "if (argc)" is a "no-operation", as argc will ALWAYS be 1 or more - the first argv entry is the name of the application as it came in.

    --
    Mats

  13. #13
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Now i have this:
    Code:
    #include "StdAfx.h"
    #include <windows.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <string.h>
    
    // CRC32
    
    int main(int argc, char *argv[])
    {
    
    	unsigned long table[256] = {
    	0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
    	0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
    	0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
    	0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
    	0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
    	0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
    	0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
    	0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
    	0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
    	0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
    	0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
    	0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
    	0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
    	0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
    	0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
    	0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
    	0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
    	0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
    	0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
    	0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
    	0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
    	0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
    	0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
    	0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
    	0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
    	0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
    	0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
    	0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
    	0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
    	0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
    	0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
    	0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
    	0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
    	0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
    	0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
    	0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
    	0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
    	0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
    	0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
    	0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
    	0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
    	0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
    	0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
    
    	register unsigned long iCRC;
    	register long i = 0;
    	register long lSize;
    	register FILE * fp;
    
    	if (argc)
    	{
    
    		fp = fopen("Gunz.exe", "rb");
    
    		if (fp)
    		{
    			// THIS FINDS THE SIZE OF THE FILE
    			fseek(fp , 0 , SEEK_END);
    			lSize = ftell(fp);
    			rewind (fp);
    
    			iCRC = 0xFFFFFFFF;
    
    			// THE CALCULATION OF THE CRC32
    			for (i = 0; i < lSize; i++){
    				iCRC = ((iCRC >> 8) & 0xFFFFFFFF) ^ table[(iCRC ^ fgetc(fp)) & 0xFF];
    			}
    			printf("CRC32: &#37;x", (iCRC ^ 0xFFFFFFFF));
    		}
    
    	}
    	if (0x4605c3a8 == iCRC ^ 0xffffffff){
    		printf("CRC Check Sucess.");
    	}
    	else{
    		printf("CRC Check Failed.");
    	}
    	Sleep(90000);
    
    	return 0;
    }
    And it keeps saying CRC Check Sucess if if it isn't..
    And the CRC shows up now..

  14. #14
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Try (as I said in a parenthesis above):
    Code:
    	if (0x4605c3a8 == (iCRC ^ 0xffffffff)) ...

    Also add an "else" at the end of if (fp), so that you can see if it failed to open the file - if it fails to open the file, you probably won't calculate much.

    I would also add an initialization to "iCRC" just so that it has a defined value if it's failed to calculate - something easily identified like "0xDEADDEAD" or "0xBAADFEED", so you know that the check failed.

    --
    Mats

  15. #15
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    thanks got it to work.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Crc32?
    By RobotGymnast in forum A Brief History of Cprogramming.com
    Replies: 6
    Last Post: 04-17-2008, 09:23 AM
  2. Critique / Help me make this program run faster.
    By Mastadex in forum C++ Programming
    Replies: 10
    Last Post: 06-26-2004, 11:58 AM
  3. Crc32
    By noob2c in forum C Programming
    Replies: 2
    Last Post: 05-31-2003, 05:00 PM