Hi EG, > Do you need to know the checksum algorithm, This is what I desire.
> MapFileAndCheckSum() ... I'm currently using this, but I want to do a little more... I've got ImageHlp.dll open under WinDbg now. The function of ineterest is [EMAIL PROTECTED] (bp imagehlp!ChkSum), so hopefully I'll be able to make haeds or tails of it. I think I've gotten through the setup code in ChkSum - it appears to be a large switch. I think I looking at the code to calculate it now (what _it_ is has yet to be determined). It seems to be Checksuming starting at the FileHeader (including the timestamp), at this point. I haven't gotten into the OptionalHeader, SectionHeaders, or Sections yet... I suspect the add esi, 40h is an adjustment on what to checksum, and sub ecx, 40h below is adjusting for consuming one of the headers... Jeff 76c94625 743a je imagehlp!ChkSum+0xe8 (76c94661) 76c94627 0306 add eax,dword ptr [esi] 76c94629 134604 adc eax,dword ptr [esi+4] 76c9462c 134608 adc eax,dword ptr [esi+8] 76c9462f 13460c adc eax,dword ptr [esi+0Ch] 76c94632 134610 adc eax,dword ptr [esi+10h] 76c94635 134614 adc eax,dword ptr [esi+14h] 76c94638 134618 adc eax,dword ptr [esi+18h] 76c9463b 13461c adc eax,dword ptr [esi+1Ch] 76c9463e 134620 adc eax,dword ptr [esi+20h] 76c94641 134624 adc eax,dword ptr [esi+24h] 76c94644 134628 adc eax,dword ptr [esi+28h] 76c94647 13462c adc eax,dword ptr [esi+2Ch] 76c9464a 134630 adc eax,dword ptr [esi+30h] 76c9464d 134634 adc eax,dword ptr [esi+34h] 76c94650 134638 adc eax,dword ptr [esi+38h] 76c94653 13463c adc eax,dword ptr [esi+3Ch] 76c94656 83d000 adc eax,0 76c94659 83c640 add esi,40h 76c9465c 83e940 sub ecx,40h 76c9465f 7470 je imagehlp!ChkSum+0x158 (76c946d1) On 6/21/07, eg <[EMAIL PROTECTED]> wrote: > > Jeffrey Walton wrote: > > Hi Eric, > > > > I was hoping you could shed some light on the particular CRC in use by > > Win32 executables. I found the following reference, but my eye is not > > trained to spot CRC32 flavors based on tables... By the way, this > > information _IS NOT_ contained in Microsoft's PE Specification. > > > > http://www.powerbasic.com/support/forums/Forum2/HTML/000003.html > > > > Jeff > > > > Do you need to know the checksum algorithm, or just compute the value? > If the latter, you can just call MapFileAndCheckSum() which is in the > ImageHlp dll. > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
