WhatIs?

[4Eyes]

Folks,

Here's a little utility I wrote some time ago that I've found useful and you may too. It certainly is not meant to be the height of programming and I've stewed for quite some time about posting it here at all.

When you verify that it is nothing nasty, compile it and run it. It will add an item in the file context menu. To use it, right click on a file then choose 'WhatIs' and it will examine the file and tell you what it really is, which is NOT necessarily the same as the file extension would imply. If the real file extension is does not match the real file type, WhatIs will offer to make a copy of the file with the correct extension and then ShellExecute it, effectively running it thru whichever is the appropriate player/viewer etc. After it is played/viewed etc, WhatIs will offer to delete the copy. To uninstall WhatIs, simply run the exe file again and it will offer to remove the context menu item.

As it stands it can determine these types of files: text, exe, bmp, jpg, gif, png, mp3, wmv (well, I can't determine the difference between a wmv and a wma by looking at the internal file structure, so both are called wmv), ogg, wav, rar, pdf, mpg, avi, swf, Office 2003, Office 2007, reg and zip.

I've found it especially useful to examine the '.met' files generated by eMule during a download. You can often get a preview of the file before the download has completed. Hopefully mentioning the 'e' word above has not incurred the 'Wrath of Valik'. By no means did I intend to promote any illegal downloading etc.

BTW, I've found more than one file that was an exe file pretending to be something else.

Regards,

4Eyes

expandcollapse popup

#NoTrayIcon
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=..\Hammer.ico
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Run_Obfuscator=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#cs
WhatIs - a little proggie to examine a file and advise what it really is... have found '.mp3' files etc that are really exe files!
- should examine file and determine if extn matches real file type... only need to worry if is exe but extn says otherwise

It is meant to be called via the file context menu (ie right click on a file and choose WhatIs?

rev 0.2 - 19/Mar/10
- needs a little work at end for it to understand that a docx (for example) is actually an 'Office 2007 document' hence it should not complain
- could be really smart and add reg entries to make this is an auto-installing program
  - at first run check if setup correctly and if not offer to do it
    - will then need to advise user that it is setup and needs to be run again
  - don't recall whether Vista/Windows 7 allows writing to HKEY_Classes_Root with UAC active... hmmm?
- how to do a whole dir?
  - via dos?

rev 0.3 - 22/Mar/2010
- instead of showing usage for a double click on prog, offer to setup or if already setup, uninstall
- hmmm... it seems there are a number of other filetypes that are executable like .cpl, .tlb, .mui, .ocx, .com, .rll, .drv and .ax (see windows\system32)

rev 0.4 - 25/Mar/2010
- added test for .cpl, .tlb, .mui, .ocx, .com, .rll, .drv and .ax
NB If you try to open a 'system' file used by Windows, WhatIs may say it's not an exe file when in fact it is

rev 0.5 - 25/Jun/2010
- offers to make copy of wrongly named file (with correct extn) and ShellExecute it
- if an unknown filetype, shows 1st 8 bytes in hex and ASCII in a MsgBox

rev 0.6 - 2/Aug/2010
- now uses ShellExecuteWait() and offers to delete ren'ed file after it has 'ShellExecute'd

Bugs

This url: http://www.tech-recipes.com/rx/1176/how-to-add-menu-items-under-right-click-or-context-menu/ explains how to add the
context menu item...
"Right Click on File:
-open regedit (start\run, type regedit)
-expand until you are in: HKEY_CLASSES_ROOT\*\shell
-if the key ’shell’ does not exist, right click on * and add new key and name it ’shell’
-to add the item right click on ’shell’ and create a new key, the name of this key will be what appears in the menu.
  I named mine “cmd”
-next right click your newly created key “cmd” and create another key under it named “command”
-double click the default entry in this folder and type in command.exe (edit by Mike H - make this cmd.exe... this must be REALLY old)
-(if you are doing a different program, you would do the complete path to that program instead of command.exe)
-that’s it your done, now when you right click on a file the option to open a command prompt will be there!"

File types:
jpg = FF D8
bmp = 42 48 (BM)
gif = 47 49 46 38 39 (GIF89)
png = 89 50 4E 47 (odd character followed by PNG
exe = 4D 5A (MZ) followed by 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00
dll = 4D 5A (MZ) followed by 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00
mp3 = 49 44 33 (ID3)
wma/wmv = 30 26 B2 75 8E 66
ogg = 4F 67 67 (Ogg)
wav = 52 49 46 46 3A 0B 00 00 57 41 56 45 (RIFF 4 odd chars WAVE)
zip = 50 4B (PK)
rar = 52 61 72 (Rar)
pdf = 25 50 44 46 (%PDF)
mpg = 00 00 01 BA (nothing obvious, but same on 3 test files, varies after that)
avi = 52 49 46 46 6A 42 01 00 41 56 49 (RIFF 4 odd chars AVI)
swf = 46 57 53 (FWS)
Office 2003 doc's = D0 CF 11 E0   A1 B1 1A E1 00 rest of 1st line (same for pub, ppt, xls)
Office 2007 doc's - look like zip's but have a string at offset 0x1E = [Content_Types]
reg = FF FE 57 00 69 00 6E (Offset 18) R x e x g this is particularly sinister as windows shows purely text but this is NOT what is in the file!
txt = all ascii
#ce

Global $Text, $Text2, $RegValue, $Fp1, $Counter1, $Extn, $Filename, $RealType, $HKCRString, $strFileContents, $strRename

Const  $MsgBoxTitle = "WhatIs rev 0.6 - by Mike Hansell"

Dim $Buffer[41]

; Set a string to reflect HKEY_Classes_Root for 32 bit and 64 bit O/S
If @OSArch = "X64" Then                                     ; Check if operating under 64 bit O/S
    $HKCRString = "HKEY_CLASSES_ROOT64"
Else
    $HKCRString = "HKEY_CLASSES_ROOT"
EndIf

; Careful here! It looks like $CmdLine is always setup, but must check first element to see if a parameter was passed
If $CmdLine[0] = 0 Then                                     ; Check if not given a filename which would indicate user doubleclicked this prog instead of using via context menu
    InstallUninstall()
    Exit(1)                                                 ; Show exited with error
EndIf

If FileExists(@ScriptDir & "\debug.dat") Then
    $Filename = "c:\temp\testfile.txt"                      ; ...use a known filename that can be fiddled as nec for debug
Else
    $Filename = $CmdLine[1]
EndIf

; Try to open the file...
$Fp1 = FileOpen($Filename, 16)                              ; 16 = binary mode
If $Fp1 = -1 Then
    MsgBox(0, $MsgBoxTitle, "Error: failed to open file.")
    Exit(1)
EndIf

For $Counter1 = 1 To 40
    $Buffer[$Counter1] = FileRead($Fp1, 1)
Next

If @error = 1 Then
    MsgBox(0, $MsgBoxTitle, "Error occurred during file read.")
    Exit(1)
EndIf

FileClose($Fp1)

$Extn = StringRight($Filename, 3)                           ; get the extn

$RealType = "txt"
For $Counter1 = 1 To 40
    If $Buffer[$Counter1] = 13 Or $Buffer[$Counter1] = 10 Or $Buffer[$Counter1] = 9 Then ContinueLoop ; Char is CR, LF or tab
    If $Buffer[$Counter1] < 32 Or $Buffer[$Counter1] > 126 Then
        $RealType = "unknown"
        ExitLoop
    EndIf
Next

If $RealType <> "txt" Then                                  ; It's not a text file so what is it?
    If $Buffer[1] = "M" And $Buffer[2] = "Z" And $Buffer[4] = 0 Then $RealType = "exe"  ; is an exe file
    If $Buffer[1] = "B" And $Buffer[2] = "M" Then $RealType = "BMP"
    If $Buffer[1] = Dec("ff") And $Buffer[2] = Dec("D8") Then $RealType = "JPG"
    If $Buffer[1] = "G" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[4] = "8" Then $RealType = "GIF"
    If $Buffer[1] = Dec("89") And $Buffer[2] = "P" And $Buffer[3] = "N" And $Buffer[4] = "G" Then $RealType = "PNG"
    If $Buffer[1] = "I" And $Buffer[2] = "D" And $Buffer[3] = "3" Then $RealType = "mp3"
    If $Buffer[1] = Dec("30") And $Buffer[2] = Dec("26") And $Buffer[3] = Dec("B2") And $Buffer[4] = Dec("75") Then $RealType = "wmv"
    If $Buffer[1] = "O" And $Buffer[2] = "g" And $Buffer[3] = "g" Then $RealType = "Ogg"
    If $Buffer[1] = "R" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[9] = "W" And $Buffer[10] = "A" And $Buffer[11] = "V" Then $RealType = "Wav"
    If $Buffer[1] = "R" And $Buffer[2] = "a" And $Buffer[3] = "r" Then $RealType = "rar"
    If $Buffer[1] = "%" And $Buffer[2] = "P" And $Buffer[3] = "D" And $Buffer[4] = "F" Then $RealType = "pdf" ; This is not really valid as it may be a text file that starts with %PDF
    If $Buffer[1] = 0 And $Buffer[2] = 0 And $Buffer[3] = 1 And $Buffer[4] = Dec("BA") Then $RealType = "mpg"
    If $Buffer[1] = "R" And $Buffer[2] = "I" And $Buffer[3] = "F" And $Buffer[9] = "A" And $Buffer[10] = "V" And $Buffer[11] = "I" Then $RealType = "avi"
    If $Buffer[1] = "F" And $Buffer[2] = "W" And $Buffer[3] = "S" Then $RealType = "swf"
    If $Buffer[1] = Dec("D0") And $Buffer[2] = Dec("CF") And $Buffer[3] = Dec("11") And $Buffer[4] = Dec("E0") Then $RealType = "Office 2003 document"
    If $Buffer[1] = Dec("FF") And $Buffer[2] = Dec("FE") And $Buffer[3] = "W" And $Buffer[5] = "i" And $Buffer[19] = "R" And $Buffer[21] = "e" Then $RealType = "reg"
    If $Buffer[1] = "P" And $Buffer[2] = "K" Then
        If $Buffer[32] = "C" And $Buffer[33] = "o" And $Buffer[34] = "n" And $Buffer[35] = "t" Then
            $RealType = "Office 2007 document"
        Else
            $RealType = "zip"
        EndIf
    EndIf
EndIf

; first, check for most dangerous type which is exe
If StringCompare($RealType, "exe") = 0 Then         ; It really is an exe file ...
    If $Extn = "exe" Or $Extn = "dll" Or $Extn = "cpl" Or $Extn = "tlb" Or $Extn = "mui" Or $Extn = "ocx" Or $Extn = "com" Or $Extn = "rll" Or $Extn = "drv" Or $Extn = ".ax" Then
        MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' really is a " & $Extn & " file.")
    Else
        MsgBox(48, $MsgBoxTitle, "Caution! This file is not what it seems." & @CRLF & @CRLF & "'" & $Filename & "'" & @CRLF & "is an executable!")
    EndIf
    Exit
EndIf

If StringCompare($Extn, "reg") <> 0 Then
    If $RealType = "reg" Then
        MsgBox(0, $MsgBoxTitle, "Caution! The file is a registry entry (.reg) file!")
        Exit
    EndIf
EndIf

If $RealType = "Office 2003 document" Then
    If $Extn = "doc" Or $Extn = "xls" Or $Extn = "ppt" Or $Extn = "pub" Or $Extn = "access" Then
        MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' is an Office 2003 document.")
        Exit
    EndIf
EndIf

If $RealType = "Office 2007 document" Then
    If $Extn = "docx" Or $Extn = "xlsx" Or $Extn = "pptx" Or $Extn = "pubx" Or $Extn = "mdbx" Then
        MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' is an Office 2007 document.")
        Exit
    EndIf
EndIf

If $Extn <> $RealType Then                  ; The filetype is not the same as the extn would imply or this prog doesn't know what it is
    If $RealType = "unknown" Then
        $strFileContents = Chr(39) & $Filename & "' - the file type is unknown but appears to be non-executable." & @CRLF & @CRLF
        $strFileContents &= Chr(9) & "Here's a dump of the 1st 8 bytes..." & @CRLF & @CRLF
        For $Counter1 = 1 To 8
            $strFileContents &= Chr(9) & "Byte " & $Counter1 & " = Hex 0x" & Hex($Buffer[$Counter1], 2) & ", ASCII "
            If $Buffer[$Counter1] > 31 Then $strFileContents &= Chr($Buffer[$Counter1])     ; If a printable char show it
            $strFileContents &= @CRLF
        Next
        MsgBox(0, $MsgBoxTitle, $strFileContents)
    Else
        $strRename = "'" & $Filename & "' is actually a " & $RealType & " file." & @CRLF & @CRLF
        $strRename &= "Would you like to make a copy with the correct extension and ShellExecute() it?" & @CRLF
        If MsgBox(32 + 4, $MsgBoxTitle, $strRename) = 6 Then            ; Yes
            FileCopy($Filename, $Filename & "." & $RealType)
            ShellExecuteWait($Filename & "." & $RealType)
            If MsgBox(32 + 4, $MsgBoxTitle, "Would you like to delete the renamed copy of the file?") = 6 Then          ; Yes
                FileDelete($Filename & "." & $RealType)
            EndIf
        EndIf
    EndIf
Else
    MsgBox(0, $MsgBoxTitle, "'" & $Filename & "' really is a " & $RealType & " file.")
EndIf

;********************************

Func InstallUninstall()

    Local $MsgString, $rc, $rc2

    $MsgString  = "WhatIs is meant to be used via the file context menu," & @CRLF & "not via a double click." & @CRLF & @CRLF

    ; See if it's already setup
    $rc = RegRead("HKCR\*\shell\WhatIs?\Command", "")

    If $rc <> "" and @error = 0 Then                            ; Is installed
        $MsgString &= "WhatIs is installed. Would you like to uninstall it now?" & @CRLF
        $rc2 = MsgBox(4, $MsgBoxTitle, $MsgString)
        If $rc2 = 6 Then                                        ; User wants to uninstall
            ; Following line gets rid of part of it, but not all, so delete it bit by bit
            $rc = RegDelete($HKCRString & "\*\shell\WhatIs?\command", "")
            $rc = RegDelete($HKCRString & "\*\shell\WhatIs?", "command")
            $rc = RegDelete($HKCRString & "\*\shell\WhatIs?")

            If $rc = 1 Then
                MsgBox(0, $MsgBoxTitle, "WhatIs has been uninstalled.")
            Else
                MsgBox(0, $MsgBoxTitle, "WhatIs did not uninstall." & @CRLF & @CRLF & "Error code = " & @error)
            EndIf
        EndIf
    Else                                                        ; Is not installed, offer to install it
        $MsgString &= "WhatIs is not installed. Would you like to install it now?" & @CRLF
        $rc2 = MsgBox(4, $MsgBoxTitle, $MsgString)
        If $rc2 = 6 Then                                        ; User wants to uninstall
            $rc = RegWrite($HKCRString & "\*\shell\WhatIs?\command", "", "REG_SZ", @ScriptFullPath & " " & Chr(34) & "%1" & Chr(34))
            If $rc = 1 Then
                MsgBox(0, $MsgBoxTitle, "WhatIs has been installed." & @CRLF & @CRLF & "Right click on a filename to use it.")
            Else
                MsgBox(0, $MsgBoxTitle, "WhatIs did not install." & @CRLF & @CRLF & "Error code = " & @error)
            EndIf
        EndIf
    EndIf

EndFunc     ; End of Func InstallUninstall()

;********************************

[monter]

It's a nice idea. I have a similar conception in my audio/video converting script. Your script needs some tuning.

If mp3 file has no ID3 v.2 tag it can start with "FF FB"

[4Eyes]

monter,

Ah, I see. I have no doubt that it many things can be improved. I'll see what mp3's I may have that have no ID3 tag so that I can fix it. Feel free to add fixes. That's why the source is there.

4Eyes