Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Cleanup and commenting, bump to version 4.1.0

  • Loading branch information...
commit 906a37fa6992a029821bbf449066288f176b6679 1 parent 3868e62
jessekornblum authored
View
7 ChangeLog
@@ -1,3 +1,10 @@
+2012-02-10 Jesse Kornblum <research@jessekornblum.com>:
+
+ * sample-hashes/sample.{c,jpg}: Added Windows executable with non-executable extension
+ * src/winpe.cpp, main.cpp, dig.cpp: Added comments
+ * configure.ac: Version bump to 4.1
+ * src/*.cpp: Added $Id$ tags
+
2012-02-08 Jesse Kornblum <research@jessekornblum.com>:
* src/dig.cpp, winpe.h, winpe.cpp, main.cpp: Added check for Windows PE files to expert mode.
View
2  NEWS
@@ -1,4 +1,4 @@
-** Changes in version 4.0.2 (RBF DATE)
+** Changes in version 4.1.0 (RBF DATE)
* New Features
View
2  configure.ac
@@ -3,7 +3,7 @@
#
AC_PREREQ(2.57)
-AC_INIT([MD5DEEP],[4.0.2-002],[research@jessekornblum.com])
+AC_INIT([MD5DEEP],[4.1],[research@jessekornblum.com])
AC_CONFIG_FILES([Makefile src/Makefile man/Makefile tests/Makefile tests/testfiles/Makefile ])
AM_INIT_AUTOMAKE
AC_CONFIG_HEADERS([config.h])
View
2  man/hashdeep.1
@@ -1,4 +1,4 @@
-.TH HASHDEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH HASHDEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
hashdeep \- Compute, compare, or audit multiple message digests
View
2  man/md5deep.1
@@ -1,4 +1,4 @@
-.TH MD5DEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH MD5DEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
md5deep \- Compute and compare MD5 message digests
View
2  man/sha1deep.1
@@ -1,4 +1,4 @@
-.TH MD5DEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH MD5DEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
md5deep \- Compute and compare MD5 message digests
View
2  man/sha256deep.1
@@ -1,4 +1,4 @@
-.TH MD5DEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH MD5DEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
md5deep \- Compute and compare MD5 message digests
View
2  man/tigerdeep.1
@@ -1,4 +1,4 @@
-.TH MD5DEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH MD5DEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
md5deep \- Compute and compare MD5 message digests
View
2  man/whirlpooldeep.1
@@ -1,4 +1,4 @@
-.TH MD5DEEP "1" "v4.0.2 \- RBF DATE 2012" "AFOSI" "United States Air Force"
+.TH MD5DEEP "1" "v4.1.0 \- RBF DATE 2012" "AFOSI" "United States Air Force"
.SH NAME
md5deep \- Compute and compare MD5 message digests
View
9 sample-hashes/sample.c
@@ -0,0 +1,9 @@
+/* $Id: sample.c 19 2010-02-27 23:13:13Z jessekornblum $ */
+
+#include <stdio.h>
+
+int main(int argc, char **argv)
+{
+ printf ("I AM AN EVIL H4X0R PRGRAM!!!1!\n");
+ return 1;
+}
View
BIN  sample-hashes/sample.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View
55 src/dig.cpp
@@ -514,6 +514,13 @@ bool state::should_hash_symlink(const tstring &fn, file_types *link_type)
}
+/// Returns true if the filename fn is a Windows PE executable
+///
+/// If the filename is a PE executable but does not have an executable
+/// extension, displays an error message. If the file cannot be read,
+/// returns false.
+///
+/// @param fn Filename to examine
bool state::should_hash_winpe(const tstring &fn)
{
bool executable_extension = has_executable_extension(fn);
@@ -572,29 +579,33 @@ bool state::should_hash_expert(const tstring &fn, file_types type)
// the high part of it is lost.
#define RETURN_IF_MODE(A) if (A) return true; break;
-
- case stat_regular: RETURN_IF_MODE(mode_regular);
- case stat_block: RETURN_IF_MODE(mode_block);
- case stat_character: RETURN_IF_MODE(mode_character);
- case stat_pipe: RETURN_IF_MODE(mode_pipe);
- case stat_socket: RETURN_IF_MODE(mode_socket);
- case stat_door: RETURN_IF_MODE(mode_door);
- case stat_symlink:
-
- // Although it might appear that we need nothing more than
- // return (s->mode & mode_symlink);
- // that doesn't work. That logic gets into trouble when we're
- // running in recursive mode on a symlink to a directory.
- // The program attempts to open the directory entry itself
- // and gets into an infinite loop.
-
- if (!(mode_symlink))
- return false;
- if (should_hash_symlink(fn,&link_type))
- {
- return should_hash_expert(fn,link_type);
- }
+ case stat_directory:
+ // This case should be handled above. This statement is
+ // here to avoid compiler warnings
+ ocb.internal_error("Did not handle directory entry in should_hash_expert()");
+
+ case stat_regular: RETURN_IF_MODE(mode_regular);
+ case stat_block: RETURN_IF_MODE(mode_block);
+ case stat_character: RETURN_IF_MODE(mode_character);
+ case stat_pipe: RETURN_IF_MODE(mode_pipe);
+ case stat_socket: RETURN_IF_MODE(mode_socket);
+ case stat_door: RETURN_IF_MODE(mode_door);
+ case stat_symlink:
+
+ // Although it might appear that we need nothing more than
+ // return (s->mode & mode_symlink);
+ // that doesn't work. That logic gets into trouble when we're
+ // running in recursive mode on a symlink to a directory.
+ // The program attempts to open the directory entry itself
+ // and gets into an infinite loop.
+
+ if (!(mode_symlink))
return false;
+ if (should_hash_symlink(fn,&link_type))
+ {
+ return should_hash_expert(fn,link_type);
+ }
+ return false;
case stat_unknown:
ocb.error_filename(fn,"unknown file type");
return false;
View
2  src/display.cpp
@@ -2,6 +2,8 @@
#include "utf8.h"
#include <stdarg.h>
+// $Id$
+
/**
*
* display.cpp:
View
18 src/main.cpp
@@ -557,23 +557,23 @@ void state::setup_expert_mode(char *arg)
for(unsigned int i=0;i<strlen(arg);i++){
switch(arg[i]){
case 'e': // Windows PE executables
- mode_winpe = true; break;
+ mode_winpe = true; break;
case 'b': // Block Device
- mode_block = true; break;
+ mode_block = true; break;
case 'c': // Character Device
- mode_character = true; break;
+ mode_character = true; break;
case 'p': // Named Pipe
- mode_pipe=true; break;
+ mode_pipe=true; break;
case 'f': // Regular File
- mode_regular=true; break;
+ mode_regular=true; break;
case 'l': // Symbolic Link
- mode_symlink=true; break;
+ mode_symlink=true; break;
case 's': // Socket
- mode_socket=true; break;
+ mode_socket=true; break;
case 'd': // Door (Solaris)
- mode_door=true; break;
+ mode_door=true; break;
default:
- ocb.error("%s: Unrecognized file type: %c", progname.c_str(),arg[i]);
+ ocb.error("%s: Unrecognized file type: %c", progname.c_str(),arg[i]);
}
}
}
View
2  src/threadpool.cpp
@@ -2,6 +2,8 @@
*** THREADING SUPPORT
****************************************************************/
+// $Id$
+
#include "main.h"
#ifdef HAVE_PTHREAD
View
15 src/winpe.cpp
@@ -46,7 +46,9 @@ bool has_executable_extension(const tstring &fn)
bool is_pe_file(const unsigned char * buffer, size_t size)
{
- if (NULL == buffer or size < 2)
+ // We need at least 0x40 bytes to hold an IMAGE_DOS_HEADER
+ // and the signature of a PE header.
+ if (NULL == buffer or size < 0x40)
return false;
// Is the MZ header's signature 'MZ'?
@@ -56,7 +58,13 @@ bool is_pe_file(const unsigned char * buffer, size_t size)
// Find the PE header. It's the e_lfanew field in the IMAGE_DOS_HEADER
// structure, which is at offset 0x3c.
- uint16_t pe_offset = buffer[0x3c] | (buffer[0x3d] << 8);
+ // This line is equivalent to:
+ // uint16_t pe_offset = *(uint16_t *)(buffer + 0x3c);
+ // but is not affected by the endianness of the system.
+ // This value should be a uint16_t according to the IMAGE_DOS_HEADER
+ // but that merits us a compiler warning. size_t *should* be wider than
+ // 16 bits on your platform. Or else you need a better platform. Just sayin'.
+ size_t pe_offset = buffer[0x3c] | (buffer[0x3d] << 8);
// Do we have enough data to do this check?
if (pe_offset + 4 > size)
@@ -64,6 +72,9 @@ bool is_pe_file(const unsigned char * buffer, size_t size)
// Is the PE header's signature 'PE '? The PE signature should begin
// at the location specified by the PE offset in the DOS header
+ // This line is equivalent to:
+ // uint32_t signature = *(uint32_t *)(buffer + pe_offset);
+ // but is not affected by the endianness of the system.
const unsigned char * tmp = buffer+pe_offset;
uint32_t signature=tmp[0] | (tmp[1] << 8) | (tmp[2] << 16) | (tmp[3] << 24);
if (signature != 0x4550)
View
1  src/xml.cpp
@@ -16,6 +16,7 @@
* not subject to copyright.
*/
+// $Id$
#include "common.h" // normally you remove this
Please sign in to comment.
Something went wrong with that request. Please try again.