Windows Python / Performing Code Checksum
Author | Unprotect |
Platform | Windows |
Language | Python |
Technique | Performing Code Checksum |
Description:
This code defines a function named calc_func_crc that calculates the checksum of a given function. It also defines the debuggee_function and debuggee_function_end functions, which are used as the input to the calc_func_crc function. The code then calculates the current checksum of the debuggee_function function and compares it to the original checksum stored in the ORIG_CRC variable. If the checksums do not match, it means the function has been modified and the code takes appropriate action. This is just an example and the code may need to be modified for more complex scenarios.
Code
import struct
# Calculate checksum of function
def calc_func_crc(func_begin, func_end):
crc = 0
for i in range(func_begin, func_end):
crc += struct.unpack("B", i)[0]
return crc
# Debuggee function
def debuggee_function():
calc = 0
calc += 2
calc <<= 8
calc -= 3
# End of debuggee function
def debuggee_function_end():
pass
# Original function checksum
ORIG_CRC = 0x2bd0
# Calculate current function checksum
CUR_CRC = calc_func_crc(debuggee_function, debuggee_function_end)
# Check if current checksum matches original checksum
if CUR_CRC != ORIG_CRC:
print("Stop debugging program!")
exit(-1)
Created
December 6, 2022
Last Revised
April 22, 2024