4Eyes Posted September 5, 2010 Share Posted September 5, 2010 Folks, Here's a little utility I wrote some time ago that I've found useful and you may too. It certainly is not meant to be the height of programming and I've stewed for quite some time about posting it here at all. When you verify that it is nothing nasty, compile it and run it. It will add an item in the file context menu. To use it, right click on a file then choose 'WhatIs' and it will examine the file and tell you what it really is, which is NOT necessarily the same as the file extension would imply. If the real file extension is does not match the real file type, WhatIs will offer to make a copy of the file with the correct extension and then ShellExecute it, effectively running it thru whichever is the appropriate player/viewer etc. After it is played/viewed etc, WhatIs will offer to delete the copy. To uninstall WhatIs, simply run the exe file again and it will offer to remove the context menu item. As it stands it can determine these types of files: text, exe, bmp, jpg, gif, png, mp3, wmv (well, I can't determine the difference between a wmv and a wma by looking at the internal file structure, so both are called wmv), ogg, wav, rar, pdf, mpg, avi, swf, Office 2003, Office 2007, reg and zip. I've found it especially useful to examine the '.met' files generated by eMule during a download. You can often get a preview of the file before the download has completed. Hopefully mentioning the 'e' word above has not incurred the 'Wrath of Valik'. By no means did I intend to promote any illegal downloading etc. BTW, I've found more than one file that was an exe file pretending to be something else. Regards, 4Eyes expandcollapse popup#NoTrayIcon #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_icon=..\Hammer.ico #AutoIt3Wrapper_UseUpx=n #AutoIt3Wrapper_Run_Obfuscator=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #cs WhatIs - a little proggie to examine a file and advise what it really is... have found '.mp3' files etc that are really exe files! - should examine file and determine if extn matches real file type... only need to worry if is exe but extn says otherwise It is meant to be called via the file context menu (ie right click on a file and choose WhatIs? rev 0.2 - 19/Mar/10 - needs a little work at end for it to understand that a docx (for example) is actually an 'Office 2007 document' hence it should not complain - could be really smart and add reg entries to make this is an auto-installing program - at first run check if setup correctly and if not offer to do it - will then need to advise user that it is setup and needs to be run again - don't recall whether Vista/Windows 7 allows writing to HKEY_Classes_Root with UAC active... hmmm? - how to do a whole dir? - via dos? rev 0.3 - 22/Mar/2010 - instead of showing usage for a double click on prog, offer to setup or if already setup, uninstall - hmmm... it seems there are a number of other filetypes that are executable like .cpl, .tlb, .mui, .ocx, .com, .rll, .drv and .ax (see windows\system32) rev 0.4 - 25/Mar/2010 - added test for .cpl, .tlb, .mui, .ocx, .com, .rll, .drv and .ax NB If you try to open a 'system' file used by Windows, WhatIs may say it's not an exe file when in fact it is rev 0.5 - 25/Jun/2010 - offers to make copy of wrongly named file (with correct extn) and ShellExecute it - if an unknown filetype, shows 1st 8 bytes in hex and ASCII in a MsgBox rev 0.6 - 2/Aug/2010 - now uses ShellExecuteWait() and offers to delete ren'ed file after it has 'ShellExecute'd Bugs This url: http://www.tech-recipes.com/rx/1176/how-to-add-menu-items-under-right-click-or-context-menu/ explains how to add the context menu item... "Right Click on File: -open regedit (start\run, type regedit) -expand until you are in: HKEY_CLASSES_ROOT\*\shell -if the key ’shell’ does not exist, right click on * and add new key and name it ’shell’ -to add the item right click on ’shell’ and create a new key, the name of this key will be what appears in the menu. I named mine “cmd” -next right click your newly created key “cmd” and create another key under it named “command” -double click the default entry in this folder and type in command.exe (edit by Mike H - make this cmd.exe... this must be REALLY old) -(if you are doing a different program, you would do the complete path to that program instead of command.exe) -that’s it your done, now when you right click on a file the option to open a command prompt will be there!" File types: jpg = FF D8 bmp = 42 48 (BM) gif = 47 49 46 38 39 (GIF89) png = 89 50 4E 47 (odd character followed by PNG exe = 4D 5A (MZ) followed by 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 dll = 4D 5A (MZ) followed by 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 mp3 = 49 44 33 (ID3) wma/wmv = 30 26 B2 75 8E 66 ogg = 4F 67 67 (Ogg) wav = 52 49 46 46 3A 0B 00 00 57 41 56 45 (RIFF 4 odd chars WAVE) zip = 50 4B (PK) rar = 52 61 72 (Rar) pdf = 25 50 44 46 (%PDF) mpg = 00 00 01 BA (nothing obvious, but same on 3 test files, varies after that) avi = 52 49 46 46 6A 42 01 00 41 56 49 (RIFF 4 odd chars AVI) swf = 46 57 53 (FWS) Office 2003 doc's = D0 CF 11 E0 A1 B1 1A E1 00 rest of 1st line (same for pub, ppt, xls) Office 2007 doc's - look like zip's but have a string at offset 0x1E = [Content_Types] reg = FF FE 57 00 69 00 6E (Offset 18) R x e x g this is particularly sinister as windows shows purely text but this is NOT what is in the file! txt = all ascii #ce Global $Text, $Text2, $RegValue, $Fp1, $Counter1, $Extn, $Filename, $RealType, $HKCRString, $strFileContents, $strRename Const $MsgBoxTitle = "WhatIs rev 0.6 - by Mike Hansell" Dim $Buffer[41] ; Set a string to reflect HKEY_Classes_Root for 32 bit and 64 bit O/S If @OSArch = "X64" Then ; Check if operating under 64 bit O/S $HKCRString = "HKEY_CLASSES_ROOT64" Else $HKCRString = "HKEY_CLASSES_ROOT" EndIf ; Careful here! It looks like $CmdLine is always setup, but must check first element to see if a parameter was passed If $CmdLine[0] = 0 Then ; Check if not given a filename which would indicate user doubleclicked this prog instead of using via context menu InstallUninstall() Exit(1) ; Show exited with error EndIf If FileExists(@ScriptDir & "\debug.dat") Then $Filename = "c:\temp\testfile.txt" ; ...use a known filename that can be fiddled as nec for debug Else $Filename = $CmdLine[1] EndIf ; Try to open the file... $Fp1 = FileOpen($Filename, 16) ; 16 = binary mode If $Fp1 = -1 Then MsgBox(0, $MsgBoxTitle, "Error: failed to open file.") Exit(1) EndIf For $Counter1 = 1 To 40 $Buffer[$Counter1] = FileRead($Fp1, 1) Next If @error = 1 Then MsgBox(0, $MsgBoxTitle, "Error occurred during file read.") Exit(1) EndIf FileClose($Fp1) $Extn = StringRight($Filename, 3) ; get the extn $RealType = "txt" For $Counter1 = 1 To 40 If $Buffer[$Counter1] = 13 Or $Buffer[$Counter1] = 10 Or $Buffer[$Counter1] = 9 Then ContinueLoop ; Char is CR, LF or tab If $Buffer[$Counter1] < 32 Or $Buffer[$Counter1] > 126 Then $RealType = "unknown" ExitLoop EndIf Next If $RealType <> "txt" Then ; It's not a text file so what is it? If $Buffer[1] = "M" And $Buffer[2] = "Z" And $Buffer[4] = 0 Then $RealType = "exe" ; is an exe file If $Buffer[1] = "B" And $Buffer[2] = "M" Then $RealType = "BMP" If $Buffer[1] = Dec("ff") And $Buffer[2] = Dec("D8") Then $RealType = "JPG" If $Buffer[1] = "G" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[4] = "8" Then $RealType = "GIF" If $Buffer[1] = Dec("89") And $Buffer[2] = "P" And $Buffer[3] = "N" And $Buffer[4] = "G" Then $RealType = "PNG" If $Buffer[1] = "I" And $Buffer[2] = "D" And $Buffer[3] = "3" Then $RealType = "mp3" If $Buffer[1] = Dec("30") And $Buffer[2] = Dec("26") And $Buffer[3] = Dec("B2") And $Buffer[4] = Dec("75") Then $RealType = "wmv" If $Buffer[1] = "O" And $Buffer[2] = "g" And $Buffer[3] = "g" Then $RealType = "Ogg" If $Buffer[1] = "R" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[9] = "W" And $Buffer[10] = "A" And $Buffer[11] = "V" Then $RealType = "Wav" If $Buffer[1] = "R" And $Buffer[2] = "a" And $Buffer[3] = "r" Then $RealType = "rar" If $Buffer[1] = "%" And $Buffer[2] = "P" And $Buffer[3] = "D" And $Buffer[4] = "F" Then $RealType = "pdf" ; This is not really valid as it may be a text file that starts with %PDF If $Buffer[1] = 0 And $Buffer[2] = 0 And $Buffer[3] = 1 And $Buffer[4] = Dec("BA") Then $RealType = "mpg" If $Buffer[1] = "R" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[9] = "A" And $Buffer[10] = "V" And $Buffer[11] = "I" Then $RealType = "avi" If $Buffer[1] = "F" And $Buffer[2] = "W" And $Buffer[3] = "S" Then $RealType = "swf" If $Buffer[1] = Dec("D0") And $Buffer[2] = Dec("CF") And $Buffer[3] = Dec("11") And $Buffer[4] = Dec("E0") Then $RealType = "Office 2003 document" If $Buffer[1] = Dec("FF") And $Buffer[2] = Dec("FE") And $Buffer[3] = "W" And $Buffer[5] = "i" And $Buffer[19] = "R" And $Buffer[21] = "e" Then $RealType = "reg" If $Buffer[1] = "P" And $Buffer[2] = "K" Then If $Buffer[32] = "C" And $Buffer[33] = "o" And $Buffer[34] = "n" And $Buffer[35] = "t" Then $RealType = "Office 2007 document" Else $RealType = "zip" EndIf EndIf EndIf ; first, check for most dangerous type which is exe If StringCompare($RealType, "exe") = 0 Then ; It really is an exe file ... If $Extn = "exe" Or $Extn = "dll" Or $Extn = "cpl" Or $Extn = "tlb" Or $Extn = "mui" Or $Extn = "ocx" Or $Extn = "com" Or $Extn = "rll" Or $Extn = "drv" Or $Extn = ".ax" Then MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' really is a " & $Extn & " file.") Else MsgBox(48, $MsgBoxTitle, "Caution! This file is not what it seems." & @CRLF & @CRLF & "'" & $Filename & "'" & @CRLF & "is an executable!") EndIf Exit EndIf If StringCompare($Extn, "reg") <> 0 Then If $RealType = "reg" Then MsgBox(0, $MsgBoxTitle, "Caution! The file is a registry entry (.reg) file!") Exit EndIf EndIf If $RealType = "Office 2003 document" Then If $Extn = "doc" Or $Extn = "xls" Or $Extn = "ppt" Or $Extn = "pub" Or $Extn = "access" Then MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' is an Office 2003 document.") Exit EndIf EndIf If $RealType = "Office 2007 document" Then If $Extn = "docx" Or $Extn = "xlsx" Or $Extn = "pptx" Or $Extn = "pubx" Or $Extn = "mdbx" Then MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' is an Office 2007 document.") Exit EndIf EndIf If $Extn <> $RealType Then ; The filetype is not the same as the extn would imply or this prog doesn't know what it is If $RealType = "unknown" Then $strFileContents = Chr(39) & $Filename & "' - the file type is unknown but appears to be non-executable." & @CRLF & @CRLF $strFileContents &= Chr(9) & "Here's a dump of the 1st 8 bytes..." & @CRLF & @CRLF For $Counter1 = 1 To 8 $strFileContents &= Chr(9) & "Byte " & $Counter1 & " = Hex 0x" & Hex($Buffer[$Counter1], 2) & ", ASCII " If $Buffer[$Counter1] > 31 Then $strFileContents &= Chr($Buffer[$Counter1]) ; If a printable char show it $strFileContents &= @CRLF Next MsgBox(0, $MsgBoxTitle, $strFileContents) Else $strRename = "'" & $Filename & "' is actually a " & $RealType & " file." & @CRLF & @CRLF $strRename &= "Would you like to make a copy with the correct extension and ShellExecute() it?" & @CRLF If MsgBox(32 + 4, $MsgBoxTitle, $strRename) = 6 Then ; Yes FileCopy($Filename, $Filename & "." & $RealType) ShellExecuteWait($Filename & "." & $RealType) If MsgBox(32 + 4, $MsgBoxTitle, "Would you like to delete the renamed copy of the file?") = 6 Then ; Yes FileDelete($Filename & "." & $RealType) EndIf EndIf EndIf Else MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' really is a " & $RealType & " file.") EndIf ;******************************** Func InstallUninstall() Local $MsgString, $rc, $rc2 $MsgString = "WhatIs is meant to be used via the file context menu," & @CRLF & "not via a double click." & @CRLF & @CRLF ; See if it's already setup $rc = RegRead("HKCR\*\shell\WhatIs?\Command", "") If $rc <> "" and @error = 0 Then ; Is installed $MsgString &= "WhatIs is installed. Would you like to uninstall it now?" & @CRLF $rc2 = MsgBox(4, $MsgBoxTitle, $MsgString) If $rc2 = 6 Then ; User wants to uninstall ; Following line gets rid of part of it, but not all, so delete it bit by bit $rc = RegDelete($HKCRString & "\*\shell\WhatIs?\command", "") $rc = RegDelete($HKCRString & "\*\shell\WhatIs?", "command") $rc = RegDelete($HKCRString & "\*\shell\WhatIs?") If $rc = 1 Then MsgBox(0, $MsgBoxTitle, "WhatIs has been uninstalled.") Else MsgBox(0, $MsgBoxTitle, "WhatIs did not uninstall." & @CRLF & @CRLF & "Error code = " & @error) EndIf EndIf Else ; Is not installed, offer to install it $MsgString &= "WhatIs is not installed. Would you like to install it now?" & @CRLF $rc2 = MsgBox(4, $MsgBoxTitle, $MsgString) If $rc2 = 6 Then ; User wants to uninstall $rc = RegWrite($HKCRString & "\*\shell\WhatIs?\command", "", "REG_SZ", @ScriptFullPath & " " & Chr(34) & "%1" & Chr(34)) If $rc = 1 Then MsgBox(0, $MsgBoxTitle, "WhatIs has been installed." & @CRLF & @CRLF & "Right click on a filename to use it.") Else MsgBox(0, $MsgBoxTitle, "WhatIs did not install." & @CRLF & @CRLF & "Error code = " & @error) EndIf EndIf EndIf EndFunc ; End of Func InstallUninstall() ;******************************** Link to comment Share on other sites More sharing options...
monter Posted September 5, 2010 Share Posted September 5, 2010 It's a nice idea. I have a similar conception in my audio/video converting script. Your script needs some tuning. If mp3 file has no ID3 v.2 tag it can start with "FF FB" monter.FM [font="Tahoma;"]Full programs:[/font][font="'Microsoft Sans Serif';"] LogOnOff - keeps alive user session, after set time it performs logoff (instead of locking [acronym="Personal Computer"]PC[/acronym], useful in some corporations working with [acronym="Active Directory"]AD[/acronym]).[/font] ČharCönvěr - character set converter. [font="'Microsoft Sans Serif';"]CDTray - automated opening/closing the [acronym="Compact Disc"]CD[/acronym] tray.[/font] [font="'Microsoft Sans Serif';"]Example scripts: [/font][font="'Microsoft Sans Serif';"]RecentFolders - managing recently used folder list with combobox.[/font] [font="'Microsoft Sans Serif';"]AutoUpdater - periodic auto-checking, auto-updating and auto-relaunching newest script version.[/font] Changed host from monter.homeip.net to monter.homenet.org - replace address in my scripts to get back them to work. Link to comment Share on other sites More sharing options...
4Eyes Posted September 5, 2010 Author Share Posted September 5, 2010 monter, Ah, I see. I have no doubt that it many things can be improved. I'll see what mp3's I may have that have no ID3 tag so that I can fix it. Feel free to add fixes. That's why the source is there. 4Eyes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now