Sid, that's a good thought. However I would have thought that it would have worked the same in both cases, since the
file that is being hashed is nominally the same, before and after encryption/decryption.
Some more info:
I've been experimenting with a lot more files and in different locations. I get the same results whether the files are
stored in:
C:\Users\Rob\Temp\<folder>
or
C:\Temp\<folder>
or
F:\<folder>
where <folder> is my holding folder and F is a USB stick.
However it doesn't do this with all files and so far I haven't been able to figure out which files are vulnerable. It
doesn't seem to depend on file size or file type. I'll do some more expts.
Rob
Sid Gudes wrote:
>Could it be that XP returns the actual EXE size, while Vista rounds
>up to the next cluster size, so you're hashing some garbage bytes
>past the end of the EXE?
At 12:02 PM 6/24/2009, Rob Cameron wrote:
>>I wrote a program (in Delphi 7) and have been using it for ages to
>>encrypt then decrypt an executable file, then compare the hash of
>>the decrypted file with the original. Specifically:
>>
>>Compute the hash of a file, save it. Let's call it "OldHash"
>>Encrypt the file in place
>>Decrypt the file in place
>>Compute the hash of the file, let's call it "NewHash"
>>Compare OldHash and NewHash.
>>
>>In XP (SP3 now, but all SPs AFAIK): OldHash = NewHash.
>>In Vista: OldHash <> NewHash.
>>
>>In both cases the decrypted file appears to be in good order - i.e.
>>it executes OK and shows no practial differences.
>>
>>To make the comparisons, I have prepared a folder which contains
>>only the Launcher (which does the encrypt/decrypt) the target exe
>>file and a couple of files which are needed for the exe to run (they
>>are, in fact untouched in these tests). Then I copy this folder from
>>a machine running XP to a machine running Vista Business and get
>>different results.
__________________________________________________
Delphi-Talk mailing list -> [email protected]
http://lists.elists.org/cgi-bin/mailman/listinfo/delphi-talk
