PDA

View Full Version : CRC correction


cscat
September 13th, 2008, 05:47
Hi,

I want to change my exe file and add some extra info to it. Applying the change, the size of the file increases. When I run it, an error appears as my file is corrupted. I want to change the header so that I won't get this checksum error anymore.

Now what should I do to solve this problem? I saw "PE Tools" and "Stud_PE" but I don't know how to work with them!!!

thanks

squidge
September 13th, 2008, 14:27
So, what you need to do is this:

a) Read your signature
b) Find out how the checksum is calculated and where it is stored (it may or may not be in the header)
c) Calculate your own checksum
d) Patch the program with your newly acquired checksum

evaluator
September 13th, 2008, 16:01
LordPe can calc CRC & save

cscat
September 13th, 2008, 23:33
But... guys! I am a total n00b!!!
@squidge: please... explain a little bit more about the steps you said.

@evaluator:
The last time I did this: Opened a hex editor, inserted my data (hex values) to exe file, saved the file[NORMALLY now my exe file will be corrupted]. Then I opened LordPE, processed that exe with LordPE, calculated CRC checksum and saved it [BUT when I look at it, the file is STILL corrupted!].

thanks

FoxB
September 13th, 2008, 23:44
http://www.codeproject.com/KB/cpp/PEChecksum.aspx

squidge
September 14th, 2008, 03:25
Quote:
[Originally Posted by cscat;76975]But... guys! I am a total n00b!!!

Then you have some reading up to do. If it's not the header checksum, then you need to find out where it is, so get Free IDA, read some assembly language guides, and show us that you have done some work yourself.

evaluator
September 14th, 2008, 14:38
>>Opened a hex editor, inserted my data (hex values) to exe file

if you INSERT between bytes, you will damage;
you must OVERWRITE

dELTA
September 19th, 2008, 17:17
Search for info about protections using CRC/checksums. It's most likely not the CRC in the PE file header that's the problem, but rather a custom checksum test made by the application itself, and in that case you must find it on the application's code, and neutralize it.

SiGiNT
September 23rd, 2008, 16:56
I've only ever run into one app that inserted it's own file checksum in the code, this is quite problematic because inserting your new checksum will change the checksum - more likely than not it contains the checksum of the code only, and sometimes only the important code -the easiest way to find the code executing the check is to place a memory on access break where you've made your changes.

SiGiNT