Hi, I was just thinking and tried to do it like a challenge for me, but I got no success. Is there anyway to check self CRC of executable file? Thanks!

On windows, imagehlp.dll MapFileAndCheckSum function
http://msdn.microsoft.com/en-us/library/windows/desktop/ms680355%28v=vs.85%29.aspx

the algo
http://www.mail-archive.com/cryptopp-users@googlegroups.com/msg03491.html
it may be SSE eligible,

Cheers,

Thanks for reply. I think the best method to check CRC is to start checking from PE header to forward..

Sure ... walk through the memory, peek the Byte's and feed them into the CRC-32 algo ... skip last 4 Byte's holding the should-value.

> On windows, imagehlp.dll MapFileAndCheckSum function
> msdn.microsoft.com/en-us/library/windows/desktop/
> ms680355%28v=vs.85%29.aspx

COOL ... this is NOT CRC-32 nor CRC-whatever, it's the PE/Windows-specific checknumber algo, and there is no point to [ab]use imagehlp.dll because, IIRC, FASM source code has a native implementation of it

PS: CRC-32 is not uncrackable. Use SHA-256 if you need an uncrackable one.

PPSS: make sure to get some reliable self-killing technology too, just in case the self-checking returns "bad"

Proper implementation even doesn't need to skip anything. Divide all the bytes, then check for remainder being zero as an indication of success. ;-)

Code that counts and checks CRC must be protected by obfuscators or virtualizators, otherwise it will be easy to fill this code by NOPs, change should-value to another or just change "jnz" to "jz" .

I think it is easier to just not bother with these sorts of pointless integrity checks. It is better to leave it to the OS to do a proper signature check before executing.

I wonder how digital signatures work.. aren't they just full check itself with any hash algo?

Signatures use public key crypto to sign a hash. The OS will have the public keys to check the signature. The private keys are held by the OS maker, or can be a self generated set of keys if you only need stuff working on your own systems.