Skip to content

Memory integrity check with CRC32 instruction, section-based

Notifications You must be signed in to change notification settings

afulsamet/integrity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Memory integrity check

Retrieve all non-writable sections with IMAGE_SCN_MEM_WRITE flag in specified module then hash original bytes of section via CRC32 instruction
Repeat steps in loop and compare new bytes of section via integrity::check::compare_checksums

Example for usage

std::int32_t main(int, char **)
{
    integrity::check check = integrity::check();

    while (true)
    {
        const std::vector<integrity::check::section> &sections = check.compare_checksums(check.retrieve_sections());

        if (!sections.size())
            std::cout << "all sections are good" << std::endl;

        for (const integrity::check::section &section : sections)
            std::cout << section.name << " section has been changed" << std::endl;

        std::this_thread::sleep_for(500ms);
    }

    return EXIT_SUCCESS;
}

POC

About

Memory integrity check with CRC32 instruction, section-based

Topics

Resources

Stars

Watchers

Forks

Languages