Sign in to follow this  
Followers 0
akfourtyseven

executable search, please help!!!

9 posts in this topic

Hey everyone, oh it feels like forever, it has been more than 1 year since I last posted here. Anyways, coming to the problem...

What I want to do is search for an executable (or any binary file, that doesn't matter) with out using names but by comparing it to the copy of the executable file I have.

For example,

lets say that I have an executable, A.exe and copied it and renamed the copied one to B.exe and placed B.exe to someplace, so what I want to do is search for B.exe using A.exe since they are the same files but with different names.

I'm not asking anyone to write the script for me, I just want to know what to take into consideration and if this is possible on autoit or not, any help will be greatly appreciated.

Thanks in Advance


There are 10 kinds of people, those who understand me and those who don't.

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Only one question comes to mind: When would you really need this?

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

It would be useful to find all my copies of au3 files that I have copied and renamed, saved in other locations etc. lol


010101000110100001101001011100110010000001101001011100110010000

001101101011110010010000001110011011010010110011100100001

My Android cat and mouse game
https://play.google.com/store/apps/details?id=com.KaosVisions.WhiskersNSqueek

We're gonna need another Timmy!

Share this post


Link to post
Share on other sites

akfourtyseven,

Not that difficult to do I would hazard. :mellow:

Ther are plenty of recursive file searchers on the forum to enable you to search in subfolders to any depth. A first check might well be for equal file sizes, followed by a comparison of a suitable hash of the file to confirm.

Happy to go into more detail if required. :(

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

akfourtyseven,

Not that difficult to do I would hazard. :mellow:

Ther are plenty of recursive file searchers on the forum to enable you to search in subfolders to any depth. A first check might well be for equal file sizes, followed by a comparison of a suitable hash of the file to confirm.

Happy to go into more detail if required. :(

M23

Thanks everyone for your reply, and M23, I need it to search for a specific malware that copies itself to many folders, and your idea is great and specially if I combine it to search for equal file sizes and then check the hash. But the problem is that since most of the infected PCs already have some kind of PE infecting virus, wouldn't it change the hash of the malware if it gets infected with a PE infecter virus?


There are 10 kinds of people, those who understand me and those who don't.

Share this post


Link to post
Share on other sites

akfourtyseven,

Rather out of my comfort zone now, but if only the PE is affected why not just take a hash of the rest of the file?

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

M23, thanks. Your first post helped me to come up with an idea so is there a function to get the hash of a file on Autoit?

Thanks once again.


There are 10 kinds of people, those who understand me and those who don't.

Share this post


Link to post
Share on other sites

akfourtyseven,

A quick search produced this.

M23


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites

akfourtyseven,

A quick search produced this.

M23

Thanks M23, you are a life saver!

There are 10 kinds of people, those who understand me and those who don't.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0