Honestly the easiest thing to do is hardcode the SHA2 hash of TurboActivate.dll in your app, and at runtime take the hash of the DLL, and compare it against the hardcoded hash.
There are lots of SHA2 libraries for every language.
Hi,
I have read some posts concerning checking the Authenticode signature of the dll to prevent some hacking.
Could you please explain me how to to it ?
Thanks,Fred
Honestly the easiest thing to do is hardcode the SHA2 hash of TurboActivate.dll in your app, and at runtime take the hash of the DLL, and compare it against the hardcoded hash.
There are lots of SHA2 libraries for every language.
Thanks, Sam.
I thought it would be safier to check the signature.
But maybe , it's a bit hard to do...
Thanks,Fred
It's a lot harder to do, and effectively accomplishes the same end-goal.
Ok, Sam, understood, thanks.
What is safier in your experience at wday ? SHA512, SHA256, something else ?
Thanks, Fred
SHA256 produces good non-conflicting hashes. That would be the best choice.
You can check Authenticode signatures in C#. http://stackoverflow.com/questions/4595537/verify-authenticode-signature-as-being-from-our-company-for-automatic-updater