Sign in to follow this  
floatingwoods

File signature calculation

Recommended Posts

Hello, I want to be able to check whether a given file (e.g. *.exe or *.dll or any other) is the original one. For that I am using several variations of a CRC check. The question that I am wondering about now is: is it possible that Windows will store additional information in that file if the file is copied onto another pc (for exe or dll files)? I can imagine that every exe file or every dll file has a header part used by Windows for various reasons, and that the actual code of that exe or dll comes only after the header part. If I read an exe or dll with following code:
		CFile file(filePath,CFile::modeRead|CFile::shareDenyNone);
		CArchive archive(&file,CArchive::load);
		DWORD archiveLength=DWORD(file.GetLength());
		for (int i=0;i<archiveLength;i++)
		{
			BYTE myByte;
			archive >> myByte;
			// Now calculate the CRC and other signatures with that byte!
		}


Will the result always be same on every Windows platform? (given that the file was not manipulated other that copy/pasting into a different location) Thanks

Share this post


Link to post
Share on other sites
Any additional information the OS stores won't be kept in the PE file header, it'll be in a different file, in the registry, or in alternate NTFS data streams.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this