如何为exe检测创建文件签名? [英] How do I create a file signature for exe detection?

问题描述

我需要帮助检测PC上运行的exe文件，就像AV的方式一样.我需要使用它，以防止用户在某些PC上运行该程序.

最初，我使用文件名，但是有人聪明了，将其重命名为exe.然后，我使用了文件的MD5校验和，但是该方法被证明无效，因为它仅检测到一个exe版本.并且通过仅重建exe文件而不更改代码中的任何内容，就击败了md5方式.我在考虑更多从文件中提取字节序列并进行比较，但不会获得不是该特定exe的其他进程吗?

我试图寻找最佳的偏移量，但是被卡住了.有什么帮助吗?我有两个版本的exe，分别是debug和release，因此我可以比较两者的共同之处.

哦，我用的是C ++.

I need help with detecting an exe file running on a PC, much like the way an AV does it. I need it on order to prevent users from running the program on some PCs.

At first, I used filenames, but someone got clever and renamed the exe. Then I used an MD5 checksum of the file but that method proved ineffective as it detected only one build of the exe. And by just rebuilding the exe without changing anything on the code, the md5 way was beaten. I was thinking more of taking a sequence of bytes from the file and doing a comparison but won''t that get other processes that are not that particular exe?

I tried looking for the best offset to take but am stuck. Any help? I have two versions of the exe, debug and release so I can compare what is common in both.

Oh, and I use C++.

推荐答案

不要草率地编写代码来阻止它们，这是一个社会问题，技术解决方案通常不会为他们工作.如果您有聪明的用户，他们将绕过您遇到的任何障碍，并且听起来他们可以构建自己的代码，因此他们总是比您领先一步.

因此，请您的经理/主管与他们的经理/主管讨论有关滥用您和您的用户/参加工作的任何组织的资源的情况.如果他们不同意该问题的通用解决方案，那么您不必担心.

灰

Don''t sod about writing code to stop them, it''s a sociological problem and tech solutions generally don''t work for them. If you have clever users they''ll get around any barriers you stick in the way and it sounds like they can build their own code so they''re always going to be one step ahead of you.

So get your manager/supervisor to talk to their manager/supervisor about misusing resources of whatever organisation you and your users work for/attend. If they can''t agree to a common solution for the problem then you don''t have to worry about it.

Ash

这篇关于如何为exe检测创建文件签名?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！