md5test.cpp

主要流程由汇编实现的MD5算法 由于主要过程由汇编实现,算法的效率较高

// Md5Test.cpp : Defines the class behaviors for the application.
// by king_koo@163.net	www.otiana.com/vcanlge

#include "stdafx.h"
#include "Md5Test.h"
#include "Md5TestDlg.h"
//#include "MD5.H"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

/////////////////////////////////////////////////////////////////////////////
// CMd5TestApp

BEGIN_MESSAGE_MAP(CMd5TestApp, CWinApp)
	//{{AFX_MSG_MAP(CMd5TestApp)
		// NOTE - the ClassWizard will add and remove mapping macros here.
		//    DO NOT EDIT what you see in these blocks of generated code!
	//}}AFX_MSG
	ON_COMMAND(ID_HELP, CWinApp::OnHelp)
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CMd5TestApp construction

CMd5TestApp::CMd5TestApp()
{
	// TODO: add construction code here,
	// Place all significant initialization in InitInstance
}

/////////////////////////////////////////////////////////////////////////////
// The one and only CMd5TestApp object

CMd5TestApp theApp;

/********************************************************
 功能 判断pe文件资源校验值是否被改变。
 参数 m_filename：	pe文件名
      Orgin：		预设校验值
 返回 TRUE：		已被改变
      FALSE：		未曾改变
********************************************************/
BOOL IsRcChange(LPCTSTR m_filename,unsigned char Orgin[16])
{
	
/*
	FILE *file;
	MD5_CTX context;
	int len;
	unsigned char buffer[1024];
	short k;
	
	if ((file = fopen (m_filename, "rb")) == NULL)
	{
		printf ("%s can't be opened\n", m_filename);
	}
	else 
	{
		MD5Init(&context);
		while (len = fread (buffer, 1, 1024, file))
		{
			MD5Update(&context, buffer, len);
		}
		MD5Final(&context);
		
		fclose (file);
		if(memcmp(Orgin,(unsigned char*)context.state,16))
		{
			k=TRUE;
		}
		else
		{
			k=FALSE;
		}
		memcpy(Orgin,(unsigned char*)context.state,16);
		return k;
	}


//	MD5_CTX context;
	FILE* ff;
	unsigned char buff[8];
	unsigned char *rbuff;
	DWORD i,j;
//	short k;
	DWORD dwAddr,dwSize;
	_IMAGE_NT_HEADERS	stPEHeader;		//NT文件头
	if(!(ff=fopen(m_filename,"rb")))return TRUE;
	fseek(ff,0x3c,SEEK_SET);//PE文件头地址
	fread(&k,2,1,ff);
	fseek(ff,k,SEEK_SET);
	fread(&stPEHeader,1,sizeof(_IMAGE_NT_HEADERS),ff);
	for(i=0;(DWORD)i<stPEHeader.OptionalHeader.NumberOfRvaAndSizes;i++)//其实i=16
	{
		dwAddr=stPEHeader.OptionalHeader.DataDirectory[i].VirtualAddress;
		if(dwAddr&&i==2)//2为资源节
		{
			dwSize=stPEHeader.OptionalHeader.DataDirectory[i].Size;
			rbuff=new unsigned char[dwSize];
			fseek(ff,dwAddr,SEEK_SET);
			fread(rbuff,sizeof(char),dwSize,ff);
			j=dwSize/8;
			for(i=0;i<j;i++)
			{
				MD5Init(&context);//每次加密8byte
				MD5Update(&context, (unsigned char*)(rbuff+8*i),8);
				MD5Final(&context);
				memcpy(buff,(unsigned char*)context.state,8);
				if(i>j-2)break;
				for(k=0;k<8;k++)//把前面8byte加密结果和后8byte与或
					rbuff[8*i+8+k]=rbuff[8*i+8+k]^buff[k];
			}
			delete[] rbuff;
			fclose(ff);
			if(memcmp(Orgin,(unsigned char*)context.state,8))k=TRUE;
			else k=FALSE;
			memcpy(Orgin,(unsigned char*)context.state,8);//返回加密结果，便于调试
			return k;
		}
	}
	fclose(ff);
	*/
	return FALSE;
}

/////////////////////////////////////////////////////////////////////////////
// CMd5TestApp initialization

BOOL CMd5TestApp::InitInstance()
{
	AfxEnableControlContainer();

	// Standard initialization
	// If you are not using these features and wish to reduce the size
	//  of your final executable, you should remove from the following
	//  the specific initialization routines you do not need.

#ifdef _AFXDLL
	Enable3dControls();			// Call this when using MFC in a shared DLL
#else
	Enable3dControlsStatic();	// Call this when linking to MFC statically
#endif

	char buff[255]={0};
	char szDB[512]={0};
	unsigned char buff8[16];
	memcpy(buff8,"\x8f\xfc\x0f\x83\xb0\xce\x2c\x98\xd9\xfd\xf7\xff\xa2\xa2\x77\xc5",16);
	GetModuleFileName(NULL,szDB,512);//取得exe文件名
	bIsRCChange=IsRcChange(szDB,buff8);
	sprintf(szDB,"%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x",
		buff8[0],buff8[1],buff8[2],buff8[3],buff8[4],buff8[5],buff8[6],buff8[7],buff8[8],buff8[9],buff8[10],buff8[11],buff8[12],buff8[13],buff8[14],buff8[15]);
	if(bIsRCChange)
	{
		MessageBox(NULL,"    文件不完整,可能中毒了!\n请重新下载本程序!",szDB,MB_OK);
		return FALSE;
	}

	CMd5TestDlg dlg;
	m_pMainWnd = &dlg;
	int nResponse = dlg.DoModal();
	if (nResponse == IDOK)
	{
		// TODO: Place code here to handle when the dialog is
		//  dismissed with OK
	}
	else if (nResponse == IDCANCEL)
	{
		// TODO: Place code here to handle when the dialog is
		//  dismissed with Cancel
	}

	// Since the dialog has been closed, return FALSE so that we exit the
	//  application, rather than start the application's message pump.
	return FALSE;
}