Jump to content
Sign in to follow this  
Chimaera

Is there a way to tell what program created a file?

Recommended Posts

Chimaera

its mainly in reference to archive files

I dont mean by the file ending because several programs can use the same files

Is there some kind of inbuilt reference within the files that can be read to determine which type of program created the file?

 

Share this post


Link to post
Share on other sites
BrewManNH

I'm pretty sure that information isn't readily available. Sometimes it's even hard to tell who created it even with an exe file, there's even less information readily available about files that don't hold much in the way of metadata like a text file for example.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Chimaera

Thats a shame i have a situation where there is a set of archive files but they could have been made by 2 different programs. (winrar or 7zip)

The file ending is the same either way but if i unpack with the correct one i get the files i need but

If i use the wrong one it gives me a damaged file

Bit of a no win situation i guess

Edited by Chimaera

Share this post


Link to post
Share on other sites
BrewManNH

The problem though doesn't tell you which program created the archive file, it just tells you which type it is. I have several archives on the computer all created by 7zip, and the header bytes don't all say 7z.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Chimaera

How do i test for a FourCC code?, ive never heard of it although i have heard of Gspot which uses it

Is the 4cc code an indication of what your current association is within windows or is it set at creation?

Share this post


Link to post
Share on other sites
orbs

the first four bytes of a file may contain a "magic number" to indicate what type of file it is. this is similar to the usage of the file extension.

this is also referred to as "file signatures": http://en.wikipedia.org/wiki/List_of_file_signatures

however this is not helpful for your question.

if you are interested in forensic analysis, try this:

http://www.nirsoft.net/utils/computer_activity_view.html

if you are investigating a real-time situation, then set-up file monitoring - there are 3rd-party utilities to do this, and even an AutoIt solution! search the forum for  "file monitoring".

Share this post


Link to post
Share on other sites
Chimaera

Unfortunatly the files are downloaded so i have no idea about them, thats why i wondered about the solution

Ill have to make some solution of trial and error and break down error codes to see if i can find an occurance that i can change extraction on

Thx anyway guys

Share this post


Link to post
Share on other sites
BrewManNH

Most of the time you can just try and open it with 7zip or WinRar and not worry about what type of archive it is.The program can usually figure that out without user intervention.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Chimaera

Not in this instance since WinRar 5 was released the algorithm is different and if you use 7zip to unpack a rar5 file it creates a dead file

I will have to hit it first with rar then move to the others as needed

Thx anyway

Share this post


Link to post
Share on other sites
Chimaera

they are actually .001 files which can be both its proprietary for 7zip but the files have been packed with winrar.

which causes the dead file if you unpack with 7zip

current estimate for the 7zip developers to update to cover it is 2 years...

Edited by Chimaera

Share this post


Link to post
Share on other sites
BrewManNH

Are they pieces of an archive split into more than one part? Or are they just being named that way from some website?

I don't understand why anyone would use a commercial archiver when there are free ones that can do the exact same job.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites
Chimaera

Yes split archives .001/.002/.003 etc

If i had to guess probably to disguise the contents, its from the newsgroups

they double pack the files with the lower level being the problem one

I made a unpacker a long time ago with repairs unpacks and leaves you with just the files you need and im adjusting it to meet the current situation which is why i wondered if there was a sure fire way to tell the creation program.

Crackers and packers are a law unto themselves they do how they see fit.

I can resolve it anyway by leading with the winrar unpack first then check for options but it was interesting to see if there was a method.

Share this post


Link to post
Share on other sites
Werty

I don't understand why anyone would use a commercial archiver when there are free ones that can do the exact same job.

 

WinRAR got popular because they let you use the software eventhough the trial period had expired, "Your 30 days trial has ended, please register", but they didnt block the program in any way, it was fully functional, dunno if they still do it.

Share this post


Link to post
Share on other sites
BrewManNH

You can still use other programs that will archive using the RAR format and avoid the whole trial period part and the nag screens. 7zip is free, and lets you archive in the most popular formats, WinRAR will do the same thing but either costs you money to use or you have to deal with the nagging.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×