Share via

One file with two different SHA256 value, WHY?

Allen zhang 20 Reputation points
2023-06-09T10:44:13.1+00:00

related File: C:\Windows\system32\browser.dll

calculating way 1 (C# code)
get the sha256 string: 40011138869f5496a3e78d38c9900b466b6f3877526ac22952dcd528173f4645 

using (SHA256 sha256 = SHA256.Create())
            {
                try
                {
                    
                    string fileFullPath = @"C:\Windows\System32\browser.dll";//@"E:\xiufu\browser.dll";
                    string combineHsh = "nMJfH5P6ym9s4j9461hZDDmi48ijrN9ADoqd4HV+ra4=||QAEROIafVJaj5404yZALRmtvOHdSasIpUtzVKBc/RkU=";
                    using (FileStream fileStream = File.Open(fileFullPath, FileMode.Open, FileAccess.Read, FileShare.Read))
                    {
                        string[] hssArr = combineHsh.Split(new string[] { "||" }, 2, StringSplitOptions.None);

                            try
                            {
                                
                                // Create a fileStream for the file.
                                // Be sure it's positioned to the beginning of the stream.
                                fileStream.Position = 0;
                                // Compute the hash of the fileStream.
                                byte[] hashValue = sha256.ComputeHash(fileStream);
              
                                string sha256Base64Str = Convert.ToBase64String(hashValue);

                                if (sha256Base64Str.CompareTo(hssArr[1]) == 0)
                                {
                                    bEqual = true;
                                }
                                else
                                {
                                    bEqual = false;
                                }

                            }
                            catch (IndexOutOfRangeException e)
                            {
                                Console.WriteLine("Hash compare:" + e.Message);
                            }
                    }
                }
                catch (IOException e)
                {
                    Console.WriteLine("Open file for hash:" + e.Message);
                }
                catch (UnauthorizedAccessException e)
                {
                    Console.WriteLine("Open file for hash:" + e.Message);
                }

            }

calculating way 2 (C++ code)

get the sha256 string: 40011138869f5496a3e78d38c9900b466b6f3877526ac22952dcd528173f4645
hash-library
Crypto++

enter image description here

calculating way 3 (hash tab)

get the sha256 string: 9cc25f1f93faca6f6ce23f78eb58590c39a2e3c8a3acdf400e8a9de0757eadae

enter image description here

Who could tell me why? oddly enough. Thanks.

Developer technologies Windows Forms
Developer technologies C#
Accepted answer
  1. Viorel 122.5K Reputation points
    2023-06-09T13:35:47.9966667+00:00

    In case of 32-bit programs, the "C:\Windows\System32\browser.dll" path is interpreted as "C:\Windows\SysWOW64\browser.dll" due to File System Redirector:

    The “C:\Windows\System32” folder is for 64-bit modules used by new 64-bit programs; the “C:\Windows\SysWOW64” is for 32-bit modules, used by 32-bit programs.

    Your program calculated the SHA256 of “C:\Windows\SysWOW64\browser.dll”. Now it works with “C:\Windows\System32\browser.dll”.

    3 people found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.