this module was employed to detect info about certain viruses which our symantec product didnt detect sometimes but was known as malicious (of course i used to research on the internet to ensure it is malicious)
Plain Text
#include "md5.au3" #compiler_plugin_funcs = MD5Hash Global $BufferSize = 0x20000 Global $FullFilename Global $FileMD5 , $FileNameOnly, $FileSize, $tmp , $FileLocation, $LogFileName $FullFileName = FileOpenDialog("Open file", "", "Any file (*.*)") If $FullFilename = "" Then Exit $FileMD5 = GetFileMD5($FullFileName) $FileNameOnly = GetNameFromPath($FullFileName) $FileSize = FileGetSize($FullFileName) $FileLocation = StringLeft($FullFileName , StringLen($FullFileName) - STringLEn($FileNameOnly)) $str = "FileName=" & $FileNameOnly & @LF $str = $str & "FileMD5=" & $FileMD5 & @LF $str = $str & "FileSize=" & $FileSize &@LF $str = $str & "FileLocation=" & $FileLocation & @LF If CreateIni() = 1 Then $tmp = IniReadSectionNames($LogFileName) IF @ERROR Then IniWriteSection($LogFileName, "FileInfo1",$str) Else IniWriteSection($LogFileName, "FileInfo"& $tmp[0]+1 ,$str) EndIf Else EndIf Msgbox(4096,"FileInfo",$str) Func CreateIni() ; v2.0 05 Jan 09 ; Creates a log file in the name of the executable file and current logged on user name if possible , extension changed to log. ; v1.1 last modified 31 dec 2008 ; creates a log file in current working directory if not found creates a log in c:\ Local $FName $LogFileName = "C:\FileInfo.ini" $FileHandle = FileOpen($LogFileName,1) If $FileHandle Then ; File Was successfully created, proceed now. Return 1 Else ; file could not be created, exit now Return 0 Exit EndIf FileClose($FileHandle) EndFunc Func GetFileMd5($FileName) ; needs md5hash.dll in current directory ; use a md5hashl.dll searcher function in the start of application to avoid errors Local $MD5Hasher = @WorkingDir & "\MD5Hash.dll" If FileExists($Md5Hasher) Then Dim $PHandle, $FHash $pHandle = PluginOpen($MD5Hasher) IF @error Then $StatusText = "Fatal Error: MD5 Signature Verification Failed! - Terminating Application" Exit EndIf $FHash = MD5Hash($MD5Hasher,1,True) PluginClose($PHandle) Return $FHash Else Local $BufferSize = 0x20000 Local $FileHandle = FileOpen($Filename, 16) $MD5CTX = _MD5Init() For $i = 1 To Ceiling(FileGetSize($Filename) / $BufferSize) _MD5Input($MD5CTX, FileRead($FileHandle, $BufferSize)) Next $Hash = _MD5Result($MD5CTX) FileClose($FileHandle) Return $Hash EndIf EndFunc Func GetNameFromPath($FullPath) ; Version 1 : created 30 Dec 2008 ; Purpose : Get File Name only from a full path given ; Usage: GetNameFromPath(Full File name with path) will return only the file or folder name at the end Local $DirLen , $FindSlash, $FName ; Clear Trailing Slash "\" If StringRight($FullPath,1) = "\" Then $FullPath = StringTrimRight($FullPath,1) $DirLen = StringLen($FullPath) $FindSlash = StringInStr( $FullPath, "\" ,0 , -1 ) $FName = StringRight($FullPath ,$DirLen - $FindSlash) IF @ERROR Then Exit Return $FName EndFunc
Code uses MD5.au3 (from Hash Function Collection) from http://www.autoitscript.com/forum/index.php?showtopic=76976 in case of non availability of MD5Hash.dll available in the forums. (I didnt want to go into the file install procedure and all which would involve user rights and various issues :-) - too lazy to do that when i started.)
Edited by rajeshontheweb, 11 March 2009 - 10:10 AM.
