File signature calculation

Recommended Posts

Hello, I want to be able to check whether a given file (e.g. *.exe or *.dll or any other) is the original one. For that I am using several variations of a CRC check. The question that I am wondering about now is: is it possible that Windows will store additional information in that file if the file is copied onto another pc (for exe or dll files)? I can imagine that every exe file or every dll file has a header part used by Windows for various reasons, and that the actual code of that exe or dll comes only after the header part. If I read an exe or dll with following code:
		CFile file(filePath,CFile::modeRead|CFile::shareDenyNone);
DWORD archiveLength=DWORD(file.GetLength());
for (int i=0;i<archiveLength;i++)
{
BYTE myByte;
archive >> myByte;
// Now calculate the CRC and other signatures with that byte!
}


Will the result always be same on every Windows platform? (given that the file was not manipulated other that copy/pasting into a different location) Thanks

Share on other sites
Any additional information the OS stores won't be kept in the PE file header, it'll be in a different file, in the registry, or in alternate NTFS data streams.

Share on other sites
Thank you for the quick reply!

Create an account

Register a new account

• Forum Statistics

• Total Topics
627746
• Total Posts
2978905

• 10
• 10
• 21
• 14
• 14