How to detect that the application itself is modifed.

  • Thread starter Thread starter Cat
  • Start date Start date
C

Cat

Hello.
Let's say there is a simple Windows executable, app.exe
When app.exe is executed, I would like to check if the
app.exe is modified by others than me. Creating CRC data
would be a right choice but I then do I have to do that
all the time I recompile the app? Where to save the CRC
data anyway?

Any advice will be appreciated. Thank you, people.
 
Cat said:
Hello.
Let's say there is a simple Windows executable, app.exe
When app.exe is executed, I would like to check if the
app.exe is modified by others than me. Creating CRC data
would be a right choice but I then do I have to do that
all the time I recompile the app? Where to save the CRC
data anyway?

Any advice will be appreciated. Thank you, people.
Click to expand...

Generate new key by: sn -k keyname.snk

And add this to AssemblyInfo.cs:

[assembly:AssemblyKeyFile("keyname.snk")]

When someone modify your app it won't run.
 
One option would be to use third party tools that encrypt and wrap your
executable into an enclosing executable.

When the enclosing executable is run, it decompresses your application
in memory.

One such tool is Armadillo (aka SoftwarePassport).
 
Thanks. This ways looks very simple and reasonable. The app won't run
all right, but the problem is it shows a crash dialogue like "... has
encountered a problem and needs to close. We are sorry..". Instead, I
just want to inform the users that this app might be infected by a
virus and guide them to my homepage to re-download it. To do that, my
app should run. Any other way?
 
Cat said:
Thanks. This ways looks very simple and reasonable. The app won't run
all right, but the problem is it shows a crash dialogue like "... has
encountered a problem and needs to close. We are sorry..". Instead, I
just want to inform the users that this app might be infected by a
virus and guide them to my homepage to re-download it. To do that, my
app should run.
Click to expand...

That's a nice idea, but not very safe. Who says that if a virus has
infected your app, it's not already loaded when you get to the point
where you inform the user? Doing this "from the outside" of your app, as
the .NET framework does with assembly strong names, is a much safer
approach.



Oliver Sturm
 
Moreover, if it was virus that targeted .Net exe, they would surely "resign"
your app with it's own private key and app would load and run on way - with
what ever code the virus injected. Currently, the best you can do obfuscate
your code and sign it. Not fool proof, but raises the bar.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Worker thread preventing application shutdown 3
Problem trying to position a process window - please advise 11
how to start a Process so that it doesn't appear on the taskbar 5
Running winform Exe from Web Application 3
OleDb / Jet query randomly slow on high end server 2008 systems 1
Application configuration file deleted when building ... 1
How to hide Command window when batch file runs 4
How to get command-line paramter at start 4

Back
Top