Tech Arsenal 1

home *** CD-ROM | disk | FTP | other *** search

/ Tech Arsenal 1 / Tech Arsenal (Arsenal Computer).ISO / tek-02 / tpschk11.zip / SELFCHK.DOC < prev next >

Wrap

Text File | 1990-02-05 | 9KB | 231 lines

------------------------- The SelfChk Unit v1.1 ------------------------- Source code for Borland's Turbo Pascal. Add CRC Anti-Hack/Viral Protection to Turbo Pascal Programs. (C) 1990 by Michael S. Durkin Released as ShareWare, 02/05/1990. Purpose ~~~~~~~ The SelfChk Unit for Borland International's Turbo Pascal v4.0+ allows your programs written in Turbo Pascal to compute the CCITT 16 bit Cyclical Redundancy Check (CRC) of themselves at runtime to check for changes to the program executable. For the relatively small amount of time used to compute the CRC value each time your program is executed, the self check provides a fairly effective method for detecting hacks, software viruses, or disk corruption at a generic level. If a change is detected, you may handle it any way you wish. Full source code is provided for compilation under versions of Borland's Turbo Pascal 4.0, 5.0, 5.5, and future releases. The source ( SelfChk.Pas ) is commented for any details. This document is to explain the basic steps for adding a SelfChk to your programs, and to note certain considerations for this unit's usage. The Shareware Principle - Registration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This has been released under the Shareware principle so that you may 'try before you buy'. If you continue to use this unit, or a modified version of it, you are obliged to register. HOWEVER, I will not demand a registration unless you receive compensation for your work. If you write your program for your private use only, or for Public Domain or Freeware release and are not compensated, you aren't required to register and are encouraged to continue to use the SelfChk Unit in your programs. ( Of course, if you want to register, I won't stop you. ) Shareware authors... you are not required to register the SelfChk Unit UNTIL you receive registrations for your program that cover The SelfChk Unit's registration twofold. If you never receive monetary compensation for your work, then you aren't forced to register this unit. Registration : Basic Registration $ 12.00 Additional Shareware Program Releases $ 5.00 * SchkInst Source License Basic + $ 15.00 ** * Shareware author's who release more than one program using The SelfChk Unit are requested to register an additional $5 for each program once the program has generated registrations of three times the $5 registration ($15). A new version of an old program does not require an additional $5. ** The source code for the SchkInst CRC installation program is not included in the shareware release of this unit but is available to registered users of this unit for an additional $15. Please send registrations, bug reports, and suggestions for improvements to : Mike Durkin The TeleSoft RBBS-PC P.O. Box 1021 Data: (415) 969-8238 Mt. View, CA Four Lines (CAPAL) 94042-1021 FidoNet: (1:143/204) Checks to : Mike Durkin please. SchkInst Source Licenses may be picked up from the TeleSoft RBBS approximately one week after your registration arrives. Just log into the BBS and leave a message to 'Sysop'. Should you require, an SchkInst Source License can be mailed to you for an additional $5 to cover shipping. Please note in your registration that you'd like the disk mailed. All registrants can expect an acknowledgment and thank you via U.S. Mail. Should you have trouble reaching The TeleSoft RBBS, I can be reached through Midnight Express in Santa Clara, CA. at (408) 248- 2352. E-Mail: Mike Durkin. Distribution, Rights, and Legalities ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The SelfChk Unit and this documentation is CopyRight 1990 by Michael S. Durkin and may be distributed in it's original state only. All files must remain intact, and grouped together without additional files. You may NOT distribute modified source code. Do not modify or remove this or any other notice. If you distribute source code with your software, you may distribute the SelfChk package within your ZIP/LZH/etc. or on your distribution disk in it's own ZIP/LZH/etc. or in a separate subdir- ectory. You must make it clear that this unit requires a separate registration. The SelfChk Unit may NOT be used in a commercial product, or a ShareWare product released with a number of features disabled ( CrippleWare ) or not readily available to anyone who desires to try the software. This unit is provided without warranty expressed or implied. Should damage result from your use of this software, I can't assume responsibility and will not be held liable. Quick and Simple Installation ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are Five easy steps to adding a SelfChk to your program... a) Compile SELFCHK.PAS and CRC_GEN.INC to SelfChk.Tpu. b) Place 'SelfChk' in your program's 'Uses' statement. ( ie. Uses SelfChk, Crt, Dos; ) c) Place a call to the procedure 'ChkIntegrity' near the beginning of your program, preferably just after an introduction line to your program, or even as the first procedure call. d) Compile your program. e) Execute the SchkInst program against your freshly compiled execut- able with the command line 'SCHKINST filename'. That's all there is too it! Any modifications to your executable will display two beeps, a warning message, and halt the program's execution. Special Considerations ~~~~~~~~~~~~~~~~~~~~~~ There aren't many desirable modifications for you to perform, but source code is provided if you wish to do so. Most likely you will modify the ChkIntegrity procedure. Notes on what not to change are commented within the source, particularly the data signature that the SchkInst program looks for when installing the CRC value. A call to 'DoSelfChk' performs the actual CRC computation and sets the SelfChkResult variable with the result of the SelfChk. You can then examine this variable as the ChkIntegrity procedure does and take appropriate action. The procedure 'UpdSelfChkData' is provided if you modify your own program at runtime, usually to change configuration data. There is little error checking within the procedure, but a call to DoSelfChk just prior to modifying your program and then calling UpdSelfChkData should provide adequate security. You could add error checking, but if the update fails after you've made your modifications, it will do no good unless you can recover and finish the update or 'undo' the modifications. You can modify the ChkIntegrity procedure to allow for program execution to continue after the warning message, however be careful when also using the UpdSelfChkData procedure as updating the CRC of a hacked, infected, or corrupt file defeats the purpose. Always execute DoSelfChk prior to updating your executable ( and calling the CRC update procedure ) to ensure that the self check passes ( SelfChkResult = 0 ). Special Notes ~~~~~~~~~~~~~ Although the security of a CRC is very high, especially compared to no protection at all, it is possible to defeat the purpose. A good hacker could disable the SelfChk altogether, and there is at least one virus ( the 4096 ) that defeats all generic self checks and CheckSum / CRC anti-viral methods I know of with more probably on the way. The SelfChk Unit does however provide protection against the inexperienced hacker, and most known viruses including those which have presented the largest problems and continue to do so. Future releases will hopefully address the 4096 virus and others that follow suit. I suggest not noting that a self check is occurring within your program until it fails the test. Note within your documentation yes, but not during runtime. This so as not to provide a bloated sense of security to the user. Thanks for using the SelfChk Unit! And in case you missed it, contact information can be found above.