Saved Bookmarks
| 1. |
Solve : Encryption detection? |
|
Answer» Hello, Hello, for a start , you could download the fciv utility from microsoft and play with it. here's a link http://support.microsoft.com/?kbid=841290Thanks it helps But it still doesn't tell me how to search my computer for a specific MD5 Hash,however I wonder if it would be possible to create a list of file with the hash and then save it into a txt file,then finaly look for the string (which would be the hash ) in the txt file. Any help apreciated AlmnAll of the programs that I found for computing MD5 values do just that ... compute. You would have to write a batch or any other kind of script or even a whole program to search for a specific value. FCIV has a recursion switch, which should allow you to scan a whole logical disk. You might be able to get away with a simple batch file, filter the MD5 value from FCIV thru FIND and use a few IF statements to determine if you found the one you're looking for. Just a thought. 8-)Quote Thanks it helpsif you have read the link i provided, it shows how to use fciv. First, get a base line of the MD5 of the files you want to check into an xml database... eg fciv -xml baseline.xml baseline.xml will contain all the "good" hashes of your files. then, you can do up a batch to periodically verify the files against this database eg fciv -V -xml baseline.xml something like that.....play around with fciv, PURPOSELY do some changes to the files and use fciv -v to verify ... i am sure you can come up with something .... So far I haven't came up with anything I didn't get what you said in your previous post ,can you clarify it ? Thanks AlmnAlso the thing is I am not only looking for one MD5 Hash it more of a list. : :-/ AlmnQuote So far I haven't came up with anything MD5 is used to check the integrity of files and directories to see if there are changes to it. I suppose what you want to do is to check integrity of your files/dir? if it is, you can use fciv. fciv does the comparison for you...saving you the trouble of writing ur own comparison routine.. eg fciv C:\somedirectory -xml baseline.xml the above will save a copy of all the hash values of the files in C:\somedirectory into an xml file called baseline.xml then you can create a batch file to run the verification check eg fciv -v -xml baseline.xml If a file in the directory is modified since the last time its MD5 is saved, the command above will flag out something like this List of modified files: ----------------------- C:\somedirectory\file.txt Hash is : c5b50031e07ba7584a475b1dadc92236 It should be : 692dd3d38ab57537e41492833cd0f261 So by looking at this output, you know that file.txt has changed. Well not in my CASE, I am suing MD5 only to look for a certain file for which I have the Hash. AlmnQuote Well not in my case, I am suing MD5 only to look for a certain file for which I have the Hash.your previous post said you have a list of files that you want to check the md5 for...or am i misinterpreting your question...anyway...so since you have the hash of the file, you can verify whether its the same as the hash you have. using fciv: c:\> fciv yourfile.txt // // File Checksum Integrity Verifier version 2.05. // 4e28d665adb6c66e52a213307de50069 yourfile.txt you can use the above results to check against the hash that you said you have.. if they are the same, then the file's integrity is intact. just an example on checking a file: @echo off set yourmd5hash=df0531fe956952da64ae6972ad2330f6 for /F "tokens=1 delims= " %%i in ('fciv yourfile.txt ^| findstr yourfile.txt') do ( set md5hash=%%i if not %md5hash% == %yourmd5hash% echo "Integrity compromised!" ) ok ,now how about just LOADING the hash into a variable like "md5" then I can compare ,on the other hand I would like to check the hash of the next file after I am done checking the first. Rem getting the hash into a variable rem comparing it if %md5%=5d41402abc4b2a76b9719d911017c592 ( echo found a %the file corresponding to the hash% ,including the directory rem there load the next file and start the process over. ) else ( rem start the process over again with an other file ) Little confusing but I have faith Thanks Almnit's not confusing at all... what you are trying to do is what the fciv command can do for you..you want to check the hashes of files one by one against a set of hashes that you already have. And where do you get these set of hashes that you have in the first place? you have to generate the hashes of those files and then save it for future checking . so that's where the following command c:\> fciv -xml comes in.... It helps you to generate a set of hashes of your files and save it somewhere (database.xml) then Code: [Select]if %md5%=5d41402abc4b2a76b9719d911017c592 ( echo found a %the file corresponding to the hash% ,including the directory rem there load the next file and start the process over. ) else ( rem start the process over again with an other file ) the above part of your code can be done by fciv too.. c:\> fciv -v -xml database.xml It goes over the files in the database and check the hashes for you...you do not need to code your own comparison routine... Unless your purpose is to improve your skills in batch progamming ghostdog74 the set of hash I got from my computer with the file but the batch is going to run on an other computer and probably changed names But thanks anyway Almn |
|