How to modify checksum of a binary?
Specifically, I want to edit embedded checksum in a dll/exe.
Are there any tools available?
views:
241answers:
3
A:
You can use a "hex editor" to modify a dll/exe, but unless you know how to reverse calculate your checksum, its not going to be much help.
NeuroScr
2010-04-30 12:01:15
I just want to put embedded checksum of a dll to 00000000, not able to figure it out how can I do it?
Alien01
2010-04-30 12:02:08
The bottom line is you're going to need more information than you've given us about what type of checksum.
NeuroScr
2010-04-30 12:29:41
I have added comments in question.
Alien01
2010-04-30 12:36:25
A:
OK, this link gives you the file format of Windows DLLs/Executables: http://www.openrce.org/reference_library/files/reference/PE%20Format.pdf
You can see there are several possible palces in the headers were checksums can be stored, some of which are optional, so you'd need to parse the image to find out what's in there. There are tools like Python PE parsers (google for options) to help with this.
Once you know which bytes you want to change, pick a hex editor and do it. You can even edit binaries in Visual Studio.
[Edit: But, as I commented above, I think Windows might barf on it if it doesn't match the expected value]
Vicky
2010-04-30 12:28:17
A:
Windows only requires the checksum to be != 0 for kernel modules, you don't need to set it for usermode modules. If you really want to set the checksum, run EDITBIN /RELEASE yourapp.exe, or call CheckSumMappedFile(). See this article for an analysis of the checksum algorithm.
w0lo
2010-04-30 15:33:47