Hello people this is my first post so please be as harsh as you can (yes flame me if I am writing bull).I have exhausted the possible to me resources (google, couple of books) but still haven’t come with an answer.

Here are my questions and my assumptions (Please correct assumptions or give answers when possible):

I have encountered something called a fingerprint of a program (usually executable file although other files have fingerprints as well), which is used by firewalls in order to verify that a program is what it poses to be as. I also understand a checksum can be used for the same purpose. Is fingerprint and checksum the same? If yes then what exactly is the checksum of a program? How do we get it, produce it? I understand that this can be later encrypted so it will not be easy to be spoofed. If I feed the firewall with the encryption output of that program then won’t I be able to fool the firewall? How exactly this entire process authentication does takes place? Is there another way for the firewall to authenticate a process (beside name and target folder running from)?

My drive for asking these questions is that I fell upon something called process injection attack. Can process injection attack be stopped by a firewall? How does process injection work exactly (what I know is that the leak process injects its self into the address space of a legal process)

Thank you in advance

P.S Should I have started two threads (process authentication, process injection)?