1

I have a Windows forms application. I would like a checksum to be associated with the executable. Each time I run this I would like to verify this checksum. The aim is to be able to detect malicious attacks.

I am tempted to use md5 algorithm but I am not sure if this is the right approach.

Thanks, Srav

Blorgbeard
  • 101,031
  • 48
  • 228
  • 272
Srav
  • 21
  • 1
  • 3
    how about signing your application? http://stackoverflow.com/questions/5280435/application-signing-verification – Benj Jun 24 '15 at 23:44
  • @Benj OP does not want to use SSL or verification by OS. He wants only check if his application is harmed by a malicious virus. Best way is to make a checksum of your application when you lunch it. – Ismail Gunes Jun 24 '15 at 23:51
  • @IsmailGunes: this implies storing the hash somewhere (but not in the executable, since the application's hash would change when embedding the hash). soooo, since you need to store it externally, malware could extract the storage location and - guess what - update that hash as well ... nothing gained. so you need a guarantee that a certain hash is connected (the fingerprint) of an application - and that is where certificates come to play. this has nothing to do with verification by OS. you can verify it by yourself. but OS is more convenient (of course) – Benj Jun 25 '15 at 00:01
  • I did it before. I took the checksum by xor my main application and added in an other application which is running the main application. I used two applications first one is checking the checksum if correct then running the main application. – Ismail Gunes Jun 25 '15 at 00:06
  • so each time the main application changes, the checker-application has to be updated and recompiled? sure, one can do that. basically your checker-application serves as a certificate then and ... can be modified as well – Benj Jun 25 '15 at 00:29

0 Answers0