-----Original Message----- From: ros-dev-bounces@reactos.com [mailto:ros-dev-bounces@reactos.com] On Behalf Of K McI Sent: 24. november 2004 09:59 To: ReactOS Development List Subject: Re: [ros-dev] ReactOS and Viruses
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jasper van de Gronde wrote: | The PE format already allows for something like this (although it | might be very insecure, I don't know), see the Checksum field in section: | 3.4.2. Optional Header Windows NT-Specific Fields (Image Only) Of | pecoff.doc: | http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx
They don't seem to say the algorithm used, but it's likely MDx (4 or 5), both of which have been cracked (Feel free to correct me), so that might not be too good. Also the verification is done via a DLL called "IMAGHELP.DLL", which we may or may not have. Also, I'm not sure if the "image" refers to a picture, or some other binary construction (You can tell I'm a newbie ;)).
You misunderstand the purpose of the checksum. It is there to prevent the OS from executing corrupted images.
Casper