[ros-dev] ReactOS and Viruses
Casper Hornstrup
chorns at users.sourceforge.net
Wed Nov 24 12:52:11 CET 2004
> -----Original Message-----
> From: ros-dev-bounces at reactos.com
> [mailto:ros-dev-bounces at reactos.com] On Behalf Of K McI
> Sent: 24. november 2004 09:59
> To: ReactOS Development List
> Subject: Re: [ros-dev] ReactOS and Viruses
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jasper van de Gronde wrote:
> | The PE format already allows for something like this (although it
> | might be very insecure, I don't know), see the Checksum
> field in section:
> | 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) Of
> | pecoff.doc:
> | http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
>
> They don't seem to say the algorithm used, but it's likely
> MDx (4 or 5), both of which have been cracked (Feel free to
> correct me), so that might not be too good. Also the
> verification is done via a DLL called "IMAGHELP.DLL", which
> we may or may not have. Also, I'm not sure if the "image"
> refers to a picture, or some other binary construction (You
> can tell I'm a newbie ;)).
You misunderstand the purpose of the checksum. It is there to prevent
the OS from executing corrupted images.
Casper
More information about the Ros-dev
mailing list