How do I create a file signature for exe detection?

Question

0.00/5 (No votes)

See more:

I need help with detecting an exe file running on a PC, much like the way an AV does it. I need it on order to prevent users from running the program on some PCs.

At first, I used filenames, but someone got clever and renamed the exe. Then I used an MD5 checksum of the file but that method proved ineffective as it detected only one build of the exe. And by just rebuilding the exe without changing anything on the code, the md5 way was beaten. I was thinking more of taking a sequence of bytes from the file and doing a comparison but won't that get other processes that are not that particular exe?

I tried looking for the best offset to take but am stuck. Any help? I have two versions of the exe, debug and release so I can compare what is common in both.

Oh, and I use C++.

Posted 18-May-12 3:39am

Mudaka

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Aescleal · Accepted Answer · 2012-05-18T03:57:00

Solution 1

Don't sod about writing code to stop them, it's a sociological problem and tech solutions generally don't work for them. If you have clever users they'll get around any barriers you stick in the way and it sounds like they can build their own code so they're always going to be one step ahead of you.

So get your manager/supervisor to talk to their manager/supervisor about misusing resources of whatever organisation you and your users work for/attend. If they can't agree to a common solution for the problem then you don't have to worry about it.

Ash

Posted 18-May-12 3:57am

Aescleal

Comments

Mudaka 18-May-12 10:07am

I have tried that. They will generally agree not to use the program but they do. I just want to get rid of the program. But just for the sake of it, I also want to implement that so that I can keep adding signatures to a file just in case I have something like that again.

Aescleal 18-May-12 10:26am

They don't have to agree to not use the program - if the company as a whole don't want them using it, management have told them not to use it and they still do and the company won't sack them then concentrate on other things. Life's too short.

Or get the cash of your boss to buy a central management system - or even better move the buggers onto linux without Wine installed. Run it now you buggers.

Mudaka 18-May-12 10:32am

Agreed... Life's too short! It's not my problem. Am going to go ahead and mark this as answered. But when I do have time, I WILL build that mini AV if I may call it.