Permalink
Find file
18873fe Nov 16, 2014
101 lines (74 sloc) 2.11 KB
function Get-Entropy
{
<#
.SYNOPSIS
Calculates the entropy of a file or byte array.
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.PARAMETER ByteArray
Specifies the byte array containing the data from which entropy will be calculated.
.PARAMETER FilePath
Specifies the path to the input file from which entropy will be calculated.
.EXAMPLE
Get-Entropy -FilePath C:\Windows\System32\kernel32.dll
.EXAMPLE
ls C:\Windows\System32\*.dll | % { Get-Entropy -FilePath $_ }
.EXAMPLE
C:\PS>$RandArray = New-Object Byte[](10000)
C:\PS>foreach ($Offset in 0..9999) { $RandArray[$Offset] = [Byte] (Get-Random -Min 0 -Max 256) }
C:\PS>$RandArray | Get-Entropy
Description
-----------
Calculates the entropy of a large array containing random bytes.
.EXAMPLE
0..255 | Get-Entropy
Description
-----------
Calculates the entropy of 0-255. This should equal exactly 8.
.OUTPUTS
System.Double
Get-Entropy outputs a double representing the entropy of the byte array.
#>
[CmdletBinding()] Param (
[Parameter(Mandatory = $True, Position = 0, ValueFromPipeline = $True, ParameterSetName = 'Bytes')]
[ValidateNotNullOrEmpty()]
[Byte[]]
$ByteArray,
[Parameter(Mandatory = $True, Position = 0, ParameterSetName = 'File')]
[ValidateNotNullOrEmpty()]
[IO.FileInfo]
$FilePath
)
BEGIN
{
$FrequencyTable = @{}
$ByteArrayLength = 0
}
PROCESS
{
if ($PsCmdlet.ParameterSetName -eq 'File')
{
$ByteArray = [IO.File]::ReadAllBytes($FilePath.FullName)
}
foreach ($Byte in $ByteArray)
{
$FrequencyTable[$Byte]++
$ByteArrayLength++
}
}
END
{
$Entropy = 0.0
foreach ($Byte in 0..255)
{
$ByteProbability = ([Double] $FrequencyTable[[Byte]$Byte]) / $ByteArrayLength
if ($ByteProbability -gt 0)
{
$Entropy += -$ByteProbability * [Math]::Log($ByteProbability, 2)
}
}
Write-Output $Entropy
}
}