Write a value into PE file

Question

I want to try the following:

I have a C# program which takes a file as input and calculate MD5 algorithm for these five MD5. My algorithm has a unique value for each file; this value is a 128 bit value, so I want to use this technique to protect my programs by saving the output value of md5 algorithm into a my PE file (let's say the value is X). The PE will calculate the MD5 value again (for itself) (let's say the value is Y) and then compare X with Y. If it's the same value it's ok and run; else, it'll exit.

My Question is: how do I write my Value into the PE file? Important notice : my algorithm has been written with C# so I want a way to write into PE file using C# language.

Answer 1

One option is to simply append your value to the end of the file. Windows is quite happy for arbitrary data to be appended to executables - it's how self-extracting zip files work, for example.

Edit in response to Hany's comment: It works for me, using cmd.exe as an example:

C:\WINDOWS\system32>copy con rjh
This is a test!
^Z
        1 file(s) copied.

C:\WINDOWS\system32>copy /b cmd.exe + rjh cmdrjh.exe
cmd.exe
rjh
        1 file(s) copied.

C:\WINDOWS\system32>od -cv cmdrjh.exe | tail -4
1367760  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
1370000   T   h   i   s       i   s       a       t   e   s   t   !  \r
1370020  \n
1370021

C:\WINDOWS\system32>cmdrjh
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

(You did do the file operations in binary mode, didn't you?)

Answer 2

Create an empty string resource data that is embedded and is at the end of the code/data segment, work out the offset where to write in the value into that empty spot where the resource location is.

But then again, what's the point in protecting your programs by yourself...?

I wouldn't go down that route, instead employ a commercial protection scheme for PE files (Native C/C++ code/libraries and .NET)...for instance, .NET executables which are a PE file also, and they are easily reversed engineered (think of reflector)...Look at a lot of these so called warez where the protection schemes were cracked and serial numbers used...What do you think? If you still insist on doing it yourself, then the first paragraph above in my answer should help you.

My 2 cents thought here... Best regards and Good luck in your protection scheme, Tom.

Answer 3

Boogie Boogie Boogie

Answer 4

You can use Alternate Data Streams . . . where you can open and write to filename like filename.exe:md5sig so that md5sig is the namespace of the signature. The original file (residing in the unamed default namespace) and its data are left alone. TheEruditeTroglodyte