PE CheckSum calc func

kick

Предвестник
Administrator
За веру и верность форуму
Отец-основатель
Сообщения
6 970
Розыгрыши
22
Решения
1
Репутация
6 046
Реакции
6 829
Баллы
2 688
Код:
//

UINT32 CalcCheckSum(BYTE* _data, UINT32 _data_size, UINT32 _data_checkSumOffset)
{
    UINT32 _checksum = 0, _i, _i_max;

    _i_max = (_data_checkSumOffset / sizeof(UINT16));
    for(_i = 0; _i < _i_max; _i++)
        _checksum += ((UINT16*)_data)[_i];

    _i_max = (_data_size / sizeof(UINT16));
    for(_i += (sizeof(UINT32) / sizeof(UINT16)); _i < _i_max; _i++)
        _checksum += ((UINT16*)_data)[_i];

    _checksum = ((_checksum >> (sizeof(UINT16) * CHAR_BIT)) + ((UINT16)_checksum));
    _checksum = (_checksum + (_checksum >> (sizeof(UINT16) * CHAR_BIT)));
    _checksum = (_data_size + ((UINT16)_checksum));

    return _checksum;
};

//

VOID Msg(const WCHAR* format = L"", ...)
{
    WCHAR pBuff[2048];
    va_list va;
    va_start(va, format);
    vswprintf_s(pBuff, 2048, format, va);
    MessageBoxW(0, pBuff, L"", MB_OK);
    va_end(va);
};

//

    FILE* pFile = _wfopen(L"DllFile.dll", L"rb");
    if(pFile)
    {
        fseek(pFile, 0, SEEK_END);
        UINT32 _file_size = (UINT32)ftell(pFile);
        fseek(pFile, 0, SEEK_SET);

        string _file_buff;
        _file_buff.resize(_file_size);

        if(fread((LPVOID)_file_buff.c_str(), _file_size, 1, pFile) == 1)
        {
            fclose(pFile); pFile = NULL;

            //

            ULONG_PTR _file = (ULONG_PTR)_file_buff.c_str(), _file_size = (ULONG_PTR)_file_buff.size();

            if(((PIMAGE_DOS_HEADER)_file)->e_magic == IMAGE_DOS_SIGNATURE)
            {
                PIMAGE_NT_HEADERS _pinth = (PIMAGE_NT_HEADERS)(_file + ((PIMAGE_DOS_HEADER)_file)->e_lfanew);

                switch(_pinth->OptionalHeader.Magic)
                {
                case IMAGE_NT_OPTIONAL_HDR32_MAGIC:
                    {
                        PIMAGE_NT_HEADERS32 pinth = (PIMAGE_NT_HEADERS32)_pinth;

                        Msg(L"in_file: 0x%08X, calculated: 0x%08X (X86)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));

                        break;
                    }
                case IMAGE_NT_OPTIONAL_HDR64_MAGIC:
                    {
                        PIMAGE_NT_HEADERS64 pinth = (PIMAGE_NT_HEADERS64)_pinth;

                        Msg(L"in_file: 0x%08X, calculated: 0x%08X (X64)", pinth->OptionalHeader.CheckSum, CalcCheckSum((BYTE*)_file, ((UINT32)_file_size), ((UINT32)(((ULONG_PTR)&pinth->OptionalHeader.CheckSum) - _file))));

                        break;
                    }
                }

                //
            }

            //
        }
        else
        {
            fclose(pFile); pFile = NULL;
        }
    }

//
 

Назад
Сверху Снизу