Silver
October 31st, 2005, 06:58
Hi guys,
I believe I know the answer to this question, but I'd like to run it by the more experienced people here in case I've missed something.
Assuming an app is protected against quick modification by a checksum system (say, SHA1/ MD5). The app is composed of one executable and one DLL. The executable loads the DLL through late binding (LoadLibrary() etc).
To implement a checksum in this situation, the first instinct would be to generate a SHA1 of the exe and a SHA1 of the DLL. Insert the exe's SHA1 output into the DLL, then at runtime have a function in the DLL create another run-time SHA1 of the exe and compare the 2 hashes. Next insert the SHA1 of the DLL into the exe, and at runtime have a function in the exe create another SHA1 of the DLL, then compare the 2 hashes.
However as far as I'm aware this is impossible, because you have a chicken and egg situation. You can insert the SHA1 of the exe into the DLL, but as soon as you insert the SHA1 of the DLL into the exe you've changed the SHA1 of the exe, thus making the SHA1 stored in the DLL invalid. This problem is apparently circular.
My question is: is there a formula, system or similar that allows you to do this? Obviously you can exclude the section of the exe & DLL that contains the cross-checked hashes from the overall hash, or store the hashes outside of the exe/dll, but the assumption here is that you want to perform a hash on the entire .exe and .dll using only code and resource inside them.
Thanks!
I believe I know the answer to this question, but I'd like to run it by the more experienced people here in case I've missed something.
Assuming an app is protected against quick modification by a checksum system (say, SHA1/ MD5). The app is composed of one executable and one DLL. The executable loads the DLL through late binding (LoadLibrary() etc).
To implement a checksum in this situation, the first instinct would be to generate a SHA1 of the exe and a SHA1 of the DLL. Insert the exe's SHA1 output into the DLL, then at runtime have a function in the DLL create another run-time SHA1 of the exe and compare the 2 hashes. Next insert the SHA1 of the DLL into the exe, and at runtime have a function in the exe create another SHA1 of the DLL, then compare the 2 hashes.
However as far as I'm aware this is impossible, because you have a chicken and egg situation. You can insert the SHA1 of the exe into the DLL, but as soon as you insert the SHA1 of the DLL into the exe you've changed the SHA1 of the exe, thus making the SHA1 stored in the DLL invalid. This problem is apparently circular.
My question is: is there a formula, system or similar that allows you to do this? Obviously you can exclude the section of the exe & DLL that contains the cross-checked hashes from the overall hash, or store the hashes outside of the exe/dll, but the assumption here is that you want to perform a hash on the entire .exe and .dll using only code and resource inside them.
Thanks!