Clandestiny
September 11th, 2001, 20:56
Hi Tech,
CRC = "cyclic redundancy check". The CRC is an algorithm used to detect changes in a file. It is not a protection scheme per se, though it may be used as such. When not applied to a software protection, the CRC may serve as a form of error checking (ie. to detect data corruption). When applied to a protection, it will be used to deter casual patching of an .exe or .dll. The algorithm may be as simple as summing up all the bytes in the file and comparing it to a correct value, or it may be substantially more complex, being performed only on critical portions of the file. The vulnerability of the CRC is that the program must typically open and read itself using an API like CreateFileA or MapViewOfFile. These API's along with the other win32 file I/O functions (ie. OpenFile, ReadFile, _hread, _lseek...ect) are the attack points when seeking to disable a CRC. Obviously an API monitor will be invaluable in this type of situation. BTW, +Spath has an excellent article describing the CRC algorithm...Should be easy to locate on +Tsehp's site with a quick search.
Hope this answers your question.
Cheers
Clandestiny