-
crc32
I'm trying to make dll that will check the crc32 of a file, but how schould i do this?
I'm injecting the dll in an application...
And i wanna check if the crc32 from the files in the folder where the application is where i injected the dll in are right.
-
Do you want to check the executable file (and it's dependancies?) or the content of memory within the app? Those are two different things.
Checking the file is relatively easy. Checking the content in memory is a bit more complicated, as you really need a memory map, and of course, DLL's may be loaded at different places each time, so the content may change in value (sorry, I didn't think about that one when I suggested checking with a CRC previously).
--
Mats
-
Could you help with both? i would like to make it really good XD
-
The problem with doing it "in memory" is twofold:
1. the application and it's DLL's may not be loaded at the same (virtual) address each time - which means that a function call like this:
will look like this one day:
Code:
mov eax, 4
mov dword ptr [0x10000100], eax
and on another day (or five minutes later, for that matter)
Code:
mov eax, 4
mov dword ptr [0x20000100], eax
Naturally, checksumming the first will give quite a different result than checksumming the second one.
2. How do we know which components (application + DLL's) are loaded where? I think there are some applications that can list which DLL belongs to which application and where they are loaded, so if you can find one of those apps and either get the source-code, or reverse engineer this functionality, you should have a good starting point.
Checksumming the files, assuming we have a list of files that we know about, shouldn't be hard.
1. open the file.
2. read a chunk from the file.
3. for each byte in the chunk, update the CRC.
4. If not end of file, go to 2.
5. Confirm that CRC is same as "expected" for this file (also make sure that the "expected" results aren't easily changeable and that they are "hidden" (e.g. encrypted) so that it's not easy to change these values).
--
Mats
-
Additionally: One way to ensure that the ensure the checksum is correct is to have a secure server on the web, and make the application "check" with the secure server before launching the application.
Of course, this will prevent some people from being able to play the game, and perhaps some others from "being happy with the game", because they think this is a violation of their privacy.
--
Mats
-
I'm guessing you're still trying to do this
http://cboard.cprogramming.com/showthread.php?t=92069
You don't need to touch the code in order to modify the data. So even with all your clever tricks to check that the code hasn't changed will still result in you losing.
-
Now i'm using this:
Code:
int crc(int argc)
{
unsigned long table[256] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
register unsigned long iCRC;
register long i = 0;
register long lSize;
register FILE * fp;
if (argc)
{
fp = fopen("Gunz.exe", "rb");
if (fp)
{
// THIS FINDS THE SIZE OF THE FILE
fseek(fp , 0 , SEEK_END);
lSize = ftell(fp);
rewind (fp);
iCRC = 0xFFFFFFFF;
// THE CALCULATION OF THE CRC32
for (i = 0; i < lSize; i++){
iCRC = ((iCRC >> 8) & 0xFFFFFFFF) ^ table[(iCRC ^ fgetc(fp)) & 0xFF];
}
printf("CRC32: %x", (iCRC ^ 0xFFFFFFFF));
}
}
if ("CRC32: 4605c3a8" == "CRC32: %x", (iCRC ^ 0xFFFFFFFF)){
MBox("CRC Check Sucess", LTITLE);
}
else{
MBox("CRC Check Failed", LTITLE);
Sleep(1000);
TerminateProcess("antihack.exe", 0);
}
return 0;
}
But for some reason it always says CRC Check Sucess...
Anyone can help me out?
-
Code:
if ("CRC32: 4605c3a8" == "CRC32: %x", (iCRC ^ 0xFFFFFFFF)){
The above line doesn't look like a condition to me, more like half a printf.
Try checking with
Code:
if (0x4605c3a8 == iCRC ^ 0xffffffff)
... OK ...
else
... BAD ..
[The compiler should warn if you try to compare two different string literals - that will ALWAYS be false, and the second statement after the comma is always the one that forms the condition, so if iCRC ^ 0xFFFFFFFF isn't zero, you always get a true statement. ]
--
Mats
-
It still doesn't work for me ..
-
What happens, and can you copy the if-statement that checks the CRC against a fixed value? (Actually, my if-statement may need an extra parenthesis around the iCRC ^ 0xffffffff, so that you are sure it's not XOR-ing the result of 0x4... and iCRC being equal with 0xffffff...).
What is the value printed by the CRC calculation?
Also, it's probably pretty useless to check the CRC if you didn't succeed in opening the file, so the reporting should probably be inside the "if (fp)" condition.
It is very old-fashioned to use the "register" keyword. Modern compilers are pretty good at doing register allocation, so using "register" is at best going not doing anythng, or at worst confusing the compiler to produce less optimal code.
--
Mats
-
It's says CRC Check succes and the printf doesn't even show up
-
Does it succeed in opening the file? Try adding an error message to the "if (fp) ... " by adding an "else printf("Could not open file").
By the way, the "if (argc)" is a "no-operation", as argc will ALWAYS be 1 or more - the first argv entry is the name of the application as it came in.
--
Mats
-
Now i have this:
Code:
#include "StdAfx.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
// CRC32
int main(int argc, char *argv[])
{
unsigned long table[256] = {
0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f,
0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2,
0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c,
0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423,
0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106,
0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d,
0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7,
0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa,
0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81,
0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84,
0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e,
0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55,
0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28,
0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f,
0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69,
0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc,
0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693,
0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d};
register unsigned long iCRC;
register long i = 0;
register long lSize;
register FILE * fp;
if (argc)
{
fp = fopen("Gunz.exe", "rb");
if (fp)
{
// THIS FINDS THE SIZE OF THE FILE
fseek(fp , 0 , SEEK_END);
lSize = ftell(fp);
rewind (fp);
iCRC = 0xFFFFFFFF;
// THE CALCULATION OF THE CRC32
for (i = 0; i < lSize; i++){
iCRC = ((iCRC >> 8) & 0xFFFFFFFF) ^ table[(iCRC ^ fgetc(fp)) & 0xFF];
}
printf("CRC32: %x", (iCRC ^ 0xFFFFFFFF));
}
}
if (0x4605c3a8 == iCRC ^ 0xffffffff){
printf("CRC Check Sucess.");
}
else{
printf("CRC Check Failed.");
}
Sleep(90000);
return 0;
}
And it keeps saying CRC Check Sucess if if it isn't..
And the CRC shows up now..
-
Try (as I said in a parenthesis above):
Code:
if (0x4605c3a8 == (iCRC ^ 0xffffffff)) ...
Also add an "else" at the end of if (fp), so that you can see if it failed to open the file - if it fails to open the file, you probably won't calculate much.
I would also add an initialization to "iCRC" just so that it has a defined value if it's failed to calculate - something easily identified like "0xDEADDEAD" or "0xBAADFEED", so you know that the check failed.
--
Mats
-