Re: [softwaredev-113] Detecting if a windows executable has been tampered with

From: Matthew H
Sent on: Friday, May 16, 2014 2:19 PM
If the primary concern is determining whether or not the application has been modified maliciously, and not through some form of failed download, then it should be logical to assume that a competent person would also remove the validation logic.

Digging around lead me to this paper from the university that might be of assistance:
Strengthening Software Self-Checksumming via Self-Modifying Code
-- 
Matthew Hughes

On May 16, 2014 at 1:43:31 PM, David K ([address removed]) wrote:

I just tested this and I certainly get a warning when executing a file that has been tampered with. Do you have UAC disabled?


On Fri, May 16, 2014 at 1:36 PM, David K <[address removed]> wrote:
It's not automatic on launch, but you can verify by calling signtool again.  I can't speak to being able to work around it or not.



On Fri, May 16, 2014 at 1:11 PM, Blake Niemyjski <[address removed]> wrote:
Signing won't really offer any protection (and it is really easy to get around). It was only intended to show someone that the assembly came from you. Microsoft is pretty much obsoleting this in vnext and is not recommending / signing their assemblies. The best route is to obfuscate your assemblies with a tool like Red-Gate (highly recommended).

Thanks
-Blake Niemyjski


On Fri, May 16, 2014 at 12:31 PM, Paul Miller <[address removed]> wrote:

I'm looking at adding some kind of crack detection to my windows applications. For some reason I thought if I sign the .exe with SignTool, and then open up the exe in a hex editor and change some bytes around, that Windows wouldn't launch it, but that doesn't seem to be the case.

Is there some "standard" method of detecting if the binary has been tampered with, or is this something I'll need to implement myself? Otherwise, what's the point of the codesign step?

 





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Paul Miller ([address removed]) from Madison Area Software Developers Meetup Group.
To learn more about Paul Miller, visit his/her member profile
To report this message or block the sender, please click here
To unsubscribe from special announcements from your Organizer(s), click here

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by Blake Niemyjski ([address removed]) from Madison Area Software Developers Meetup Group.
To learn more about Blake Niemyjski, visit his/her member profile

To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by David K ([address removed]) from Madison Area Software Developers Meetup Group.
To learn more about David K, visit his/her member profile

To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]





--
Please Note: If you hit "REPLY", your message will be sent to everyone on this mailing list ([address removed])
This message was sent by David K ([address removed]) from Madison Area Software Developers Meetup Group.
To learn more about David K, visit his/her member profile
To report this message or block the sender, please click here
Set my mailing list to email me As they are sent | In one daily email | Don't send me mailing list messages

Meetup, POB 4668 #37895 NY NY USA 10163 | [address removed]

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy