<<< Steven Pasztor emailed to Vi Lam about: "Re: CRC
SELF-CHECK" >>>

G'day Steven

Thanks for you message

 SP> A better idea, is to make that four-byte code the initial value fed
 SP> into the  "crc" routine, and set it such that the resulting CRC
 SP> (including the last four  bytes if possible) will be equal to something
 SP> within the file's EXE header,  (or withing the programs code itself)
 SP> which is needed for the EXE to be loaded  properly.

That's brings you to my original question, the problem is it's very hard
to know the CRC before you compile the program. Once you compile it and
try to patch its CRC value, the newly patch program would result in a new
CRC value which would ultimately different from the one you've just patch.
That is, say you have a arbitrary predefined CRC value somewhere in the
EXE, after compile it and do the calculation, you'll have a *true* CRC of
this program. Now you'll patch it to the original value, but doing so
would result in a new CRC value for this program, then you'll patch this
new value in again, etc, etc... You'll have to do it iteratively to
finally get the correct match. Bear in mind that this work would be faster
if the so called "CRC" value is a checksum similar to what Andrew Snow
suggested, but if you are to use "real CRC" like CRC-16 or CRC-32, you'll
going to put a lot of time into it to get it right. 

[...]

 SP> This still isn't perfect, since the "hacker" could simply
hard-crack
 SP> the  program to ignore a wrong CRC, or may be able to alter the address
 SP> from where  you read the correct CRC, so that it is not at the end of

[...]

 SP> viruses, the latter  of which it probably won't catch very many anyway
 SP> since the ones worth  worrying about are the newer strains which will
 SP> remove themselves, or "appear"  to have removed themselves from the
 SP> file.  The rest will more than likely be  detected by any virus scanner

That's the two things that you can't avoid, an experienced hacker and a
well written stealth virus. However I think having some checking scheme
would help to determine if the integrity of the program has been
compromised. 

[...]

 SP> Another idea, is to include the "target" value of the crc
within the 
 SP> registration key rather than the EXE header.  However this will only
 SP> work if a  registration key is used.

Yes, that would be another easy solution, but it's not as "elegant" as
having the CRC in the program itself. 


Regards
Vi


___ Blue Wave/QWK v2.12

--- EzyQwk V1.10 03fa007a