http://www.garykessler.net/software/FileSigs_20110719.zipTo run it, with basic options, call the function like this, which returns a basic result:
If you want to pass pipelined objects to it as well, you can like this:Get-FileSignature -Fullname C:WindowsSystem32cmd.exeTrue
When you run it this way you get one of the three results listed above:Get-ChildItem "C:WindowsSystem32c*" |Where {!$_.PSIsContainer} |% { Get-FileSignature -Fullname $_.fullname}
A more useful example would be:TrueTrueTrueTrueTrueTrueTrueTrueTrueTrueTrueTrueNo match in database
Get-ChildItem "C:WindowsSystem32c*" |Where {!$_.PSIsContainer} |which returns:% { Get-FileSignature -Fullname $_.fullname}
Some of the more "advanced" features arecabinet.dll - Truecabview.dll - Truecacls.exe - Truecalc.exe - Truecapiprovider.dll - Truecapisp.dll - Truecatsrv.dll - Truecatsrvps.dll - Truecatsrvut.dll - Truecca.dll - Truecdd.dll - Truecdosys.dll - Truecero.rs - No match in database
- -UpdateSignatures: update the database
- -Suggestion: predictive analysis which returns possible matches based on file signatures
In my case, I define the Signature database against a directory I have location on my machine. If the location does not exist the first time you run the script, it will be created for you. This option is best run not as a part of a pipelined command as it will continuously prompt you to test, download, and, update the .zip. Below is an example of how to run it:
To run the suggestions (useful if you are not sure about a given extensions validity) you can use this:Get-FileSignature -UpdateSignatures
This is a VERY chatty option unless you are dealing with obscure directories. In this case, here is a "small" sample output:Get-ChildItem "C:WindowsSystem32c*" |Where {!$_.PSIsContainer} |% { Get-FileSignature -Fullname $_.fullname -Suggestion} |select filename, fileextensions
FileName FileExtensions-------- --------------cabinet.dll COM|DLL|DRV|EXE|PIF|QTS|QTX|SYScabinet.dll ACMcabinet.dll AXcabinet.dll CPLcabinet.dll FONcabinet.dll OCXcabinet.dll OLBcabinet.dll SCRcabinet.dll VBXcabinet.dll VXD|386cabinet.dll APIcabinet.dll AXcabinet.dll FLTcabinet.dll ZAPcabview.dll COM|DLL|DRV|EXE|PIF|QTS|QTX|SYScabview.dll ACMcabview.dll AXcabview.dll CPLcabview.dll FONcabview.dll OCXcabview.dll OLBcabview.dll SCRcabview.dll VBXcabview.dll VXD|386cabview.dll APIcabview.dll AXcabview.dll FLTcabview.dll &Related Post:
0 comments:
Post a Comment