hey..i was wondering if anyone knew of a tutorial / had code of how to implement a self integrity check into a program. or how do i do it? i think if i knew how, i could do it...possibly. i searched google and that came up with a forum but that didnt really help.
thanks
Registered Linux User #380033. Be counted: http://counter.li.org
You could look at CRCs (depending on your needs).
You open the file as bytes, read each and calculate a big number.
This number should not change for the same file.
Two files could add to the same number but the possibility is usually small enough to be OK.
"Man alone suffers so excruciatingly in the world that he was compelled to invent laughter."
Friedrich Nietzsche
"I spent a lot of my money on booze, birds and fast cars......the rest I squandered."
George Best
"If you are going through hell....keep going."
Winston Churchill
> how to implement a self integrity check into a program
With what aim? Detecting if your program has been hacked?
Surely any hack which damaged your program would also fix the check to still say "success".
If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
If at first you don't succeed, try writing your phone number on the exam paper.
how?
Registered Linux User #380033. Be counted: http://counter.li.org
I think I should sue you for the injuries sustained when I banged my head on my desk after reading that response.
so you dont know how they'd fix it to be successful? or its so obvious that its childs play..?
:P
Registered Linux User #380033. Be counted: http://counter.li.org
If its just for safety, a simple crc check is enough. If it is to prevent hacking, you should give it some thought about how to do it. Some simple tips:
- If the check fails, never ever give a message box immediately.
- Doing some string obvuscation isnt a bad idea.
- It might help to put in some fake strings like "The integerty check failed"
But for some real advise you should atleast mention why you want to check the integrity.
Last edited by johny145; 09-18-2005 at 04:19 PM.
To anyone with any dissassembly experience it is. Here are some hints on how to make your code more secure though.or its so obvious that its childs play..?
Never do something along the lines of:When you do that, all a hacker has to do is find the jump that leads to the checkFailed() routine, and change it to a no-op. Instead, try and get creative with dead-end jumps and such.Code:if(!integretyCheck()) checkFailed();
If your platform is Windows, then use the API call IsDebuggerPresent() to make sure your binary is not being run through a debugger.
As johny145 stated, never output a message box that tells the user that the integrety check failed. Just exit the program silently.
There isn't any way to make your binary 100% secure against good hackers, but you can make it difficult to the point where they choose to spend their time cracking something easier.
Ok. That was random. Why do you need disassembly experience for this?To anyone with any dissassembly experience it is. Here are some hints on how to make your code more secure though.
he's not saying you need it, he's saying for anyone that has it. lol
Registered Linux User #380033. Be counted: http://counter.li.org
Just wondering, but what are you making that will require this?
Trinity: "Neo... nobody has ever done this before."
Neo: "That's why it's going to work."
c9915ec6c1f3b876ddf38514adbb94f0
Another trick you might want to try is simply using SEH a lot, since it tends to aggrivate debuggers quite a bit.
Also, do not always trust IsDebuggerPresent, you can easily destroy it's entire functionality by altering a part of the PEB in a program.
Do note that you can never exactly make your program 100% secure in every way. Thanks to programs like SoftICE and IDA Pro, anybody can really peer around your program providing they know how. Many reverse engineerers (I can Reverse engineer fairly well I suppose, although many disassemblies tend to confuse me at first glance) simply look at your programs' logic and can reconstruct psuedo-code based off that, which they then use that to try and find a vulnerability in your program and exploit that via something like a format string or buffer overflow, or simply develop a patch for it.
Of course, you could always try to implement some type of morphing engine into your program much like how many viruses these days do in order to have your program dynamically change every time.
Last edited by Mad_guy; 09-21-2005 at 09:59 PM.
operating systems: mac os 10.6, debian 5.0, windows 7
editor: back to emacs because it's more awesomer!!
version control: git
website: http://0xff.ath.cx/~as/
>> Just wondering, but what are you making that will require this?
Secure Text Editor.It may seem like overkill to you, but i think it would be good to have. part of the reason why I do things is to that I can teach myself how. Hence the reason I made a hangman program dealing with bitmaps (my programs can be found at http://www.angelfire.com/droid/willc0de4food , and i usually store the source for the programs in a folder called "source" whereas programs are in "programs"). This text editor is also the reason I was trying to get encryption working with wincrypt.h but that was never successful. But I didn't delete the code I tried, I simply commented it out
mm..idk if i was going to say anything else. so yea...bye..
Registered Linux User #380033. Be counted: http://counter.li.org
Yesterday I uploaded latest version of my app to my web server and then downloaded it to my notebook. It crashed before splash screen with stack overflow or some message like that.
I went back to my desktop, run the original and it worked well. I moved my app to my laptop with usb stick and it worked well. Then I took it from web server again and it crashed.
Well, both EXE files had same size reported in Properties but later I managed to erase the crashing version from both my web server and my disk. If I was smarter I should have compared them somehow, byte for byte with some utility or maybe I should have wrote one myself, but related to this topic, I am not sure if some self-check at startup would have caught this kind of a problem or would it just crash in low-level startup code?
Too bad, both IE and file manager at my web server failed to tell me the file got corruped at upload.
Last edited by Delf; 09-22-2005 at 11:35 AM.
