• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Geej

TrID - File Identifier (console tool)

16 posts in this topic

Homepage

TrID is an utility designed to identify file types from their binary signatures. While there are similar utilities with hard coded logic, TrID has no fixed rules. Instead, it's extensible and can be trained to recognize new formats in a fast and automatic way.

TrID has many uses: identify what kind of file was sent to you via e-mail, aid in forensic analysis, support in file recovery, etc.

TrID uses a database of definitions which describe recurring patterns for supported file types. As this is subject to very frequent update, it's made available as a separate package. Just download both TrID and this archive and unpack in the same folder.

The database of definitions is constantly expanding; the more that are available, the more accurate an analysis of an unknown file can be. You can help! Use the program to both recognize unknown file types and develop new definitions that can be added to the library. See the TrIDScan page for information about how you can help. Just run the TrIDScan module against a number of files of a given type. The program will do the rest.

Because TrID uses an expandable database it will never be out of date. As new file types become available you can run the scan module against them and help keep the program up to date. Other people around the world will be doing the same thing making the database a dynamic and living thing. If you have special file formats that only you use, you can also add them to your local database, making their identification easier.

TrID is simple to use. Just run TrID and point it to the file to be analyzed. The file will be read and compared with the definitions in the database. Results are presented in order of highest probability.

This addon includes:

Start menu shortcut + Uninstallable in Add/Remove Panel

Current library of definitions is up to 4320 file types.

My humble batch file for you to perfrom drag and drop. * thanks to jaclaz for code improvement! - now can drag into batch file too.

(Utilise nircmd.exe to keep "console always on top" for drag & drop operation. Nircmd is excluded in the addon. It is preferred to be in %path% environment)

TrID_File_Identifier_inf_addon.cab

Size: 463.15 Kb (474,261 bytes)

MD5: 8FC00A895CF06902E5BAC6DE61C016A1

You can test as follow: Just rename bliss.bmp to bliss.exe and drag bliss.exe to the console box and see it's binary signature.

**edit: Re-updated base on #16

Edited by Geej
0

Share this post


Link to post
Share on other sites

I just tried it. You could also add that if empty spaces are used in the file path one should use ""

e.g. "D:\My Documents\....."

Also, I changed a small typo in the .cmd file: it's to its :rolleyes:

Cheers

0

Share this post


Link to post
Share on other sites

Everything needed should be to add a couple of double quotes around "%file2check%" (that is for "drag 'n drop, besides typing)

@echo off
Title TrID File Identifier
nircmd win settopmost title "TrID File Identifier" 1 2> nul
Echo Pls enter (full file path) / filename including it's extension below.
Echo.
Set /P file2check=File to check :
Cls
color A5
trid "%file2check%" -w

jaclaz

0

Share this post


Link to post
Share on other sites

jaclaz, can you re-check that script, because now it shows the file path correctly, but after pressing Enter, I get the error "No file found". It could also be the forum display being just a bit off, like it has happened before.

Edit (10 seconds later): I see the only change are the added quotes, so I removed the quotes and did a drag&drop. The file is added to the screen WITH quotes and the file is found and analyzed. However, if you enter the path manually, you will still need to add the quotes.

Cheers

0

Share this post


Link to post
Share on other sites

jaclaz, can you re-check that script, because now it shows the file path correctly, but after pressing Enter, I get the error "No file found". It could also be the forum display being just a bit off, like it has happened before.

Edit (10 seconds later): I see the only change are the added quotes, so I removed the quotes and did a drag&drop. The file is added to the screen WITH quotes and the file is found and analyzed. However, if you enter the path manually, you will still need to add the quotes.

Cheers

Try this way:

@echo off 
SETLOCAL ENABLEEXTENSIONS
Title TrID File Identifier
nircmd win settopmost title "TrID File Identifier" 1 2> nul
Echo Pls enter (full file path) / filename including it's extension below.
Echo.
Set /P file2check=File to check :
Cls
color A5
SET file2check=%file2check:"=%
trid "%file2check%" -w

this should strip double quotes (if any) and re-add them when they are needed (and you need not type them on command line.

jaclaz

0

Share this post


Link to post
Share on other sites

SET file2check=%file2check:"=%

It looks like this line does what it should. In lack of a more appropriate symbol, I offer you this :thumbup and my gratitude.

Cheers

0

Share this post


Link to post
Share on other sites

Updated #1 to reflect improved batch code.

Thanks to the code improvement jaclaz.

Sp0iLedBrAt for giving feedback on spelling error

Credit due to you (in the batch file). Cheers :thumbup

Edited by Geej
0

Share this post


Link to post
Share on other sites

Thanks to the code improvement jaclaz.

No prob. :)

What I would do (if the idea is that of using drag 'n drop) would be to add provision for "real" drag 'n drop.

I mean right now you need to:

  1. double click on the actual cmd file
  2. drag 'n drop the file on the actual cmd prompt window
  3. press [ENTER] to input the dropped filename

What about a "dual usage" one, that still works like it does currently but that you can drag 'n drop a file to the actual .cmd file?

Either of these would do:

@echo off 
SETLOCAL ENABLEEXTENSIONS
Title TrID File Identifier
nircmd win settopmost title "TrID File Identifier" 1 2> nul
IF %1.==. (
Echo Pls enter [full file path] / filename including it's extension below.
Echo.
Set /P file2check=File to check :
) ELSE (
Set file2check=%*
)
Cls
color A5
SET file2check=%file2check:"=%
trid "%file2check%" -w

@echo off 
SETLOCAL ENABLEEXTENSIONS
Title TrID File Identifier
nircmd win settopmost title "TrID File Identifier" 1 2> nul
SET file2check=%*
IF NOT DEFINED file2check CALL :Input
Cls
color A5
SET file2check=%file2check:"=%
trid "%file2check%" -w
GOTO :EOF

:Input
Echo Pls enter (full file path) / filename including it's extension below.
Echo.
Set /P file2check=File to check :
GOTO :EOF

;)

jaclaz

0

Share this post


Link to post
Share on other sites

Thanks for going the extra mile to further enhance this batch file, jaclaz

The first piece of code is better. (Really dual usage)

The 2nd piece only support drag and drop. If manual launch it, it can't analyse file.

3 lines I don't fully comprehend in the 1st piece of code.

IF %1.==. ( <-- %1 is the file full path but what does .==. means

Set file2check=%* <-- What is %* means? Can only partial understand: * generally means all characters

SET file2check=%file2check:"=% <-- I think it is stripping " but then what does it set to?

0

Share this post


Link to post
Share on other sites

IF %1.==. ( <-- %1 is the file full path but what does .==. means

This checks if %1 (the first parameter given when the file is run) is null.

Technically, to avoid an error if there is no parameter, one adds a charcter (the dot is just a commonly used one) on both side of the equal sign.

Set file2check=%* <-- What is %* means? Can only partial understand: * generally means all characters

%* means ALL parameters given to the batch, since it is possible that - for any reason - a string containing a space is given as parameter, we use the "whole" set.

This does not really apply to drag 'n drop, since if the dropped filepath/name contains a space, it will always be surrounded by double quotes, you can replace in your case %* with %1 allright

SET file2check=%file2check:"=% <-- I think it is stripping " but then what does it set to?

This sintax that means:

find in variable file2check the characters after the : and to the left of the = and replace it with the characters on the right of the = (which in this case is "nothing")

More details here:

http://www.robvanderwoude.com/ntset.php

String substitution

Are you sure the second example doesn't work? :unsure:

It does work here.

jaclaz

0

Share this post


Link to post
Share on other sites

Thanks for the explanation. I think I got it but frankly, this kind of code is 'not natural' for me to code. Kinda strange coding and hard to remember. Unless code regularly....

Are you sure the second example doesn't work? :unsure:

It does work here.

jaclaz

I look harder and got it working. It is due to copy and paste from the board and

SET file2check=%*      

has some trailing space that cause it to display "found no file(s) to analyze!" Removing all trailing space solve the problem.

Much thanks. Now I updated this new version to #1

Cheers :D

0

Share this post


Link to post
Share on other sites

You are right. :yes:

My sincere compliments to the good IPB guys that managed to **** (four letter word asterisked to protect the innocents) yet another feature of the board software. :(

Happy everything is fine, now, thanks for noticing. :thumbup

jaclaz

0

Share this post


Link to post
Share on other sites

Thanks for this.

But, since you are trying to make this perfect, I'm afraid that the spelling error that Sp0iLedBrAt pointed out has crept back in. The correct line should be:

Echo Pls enter [full file path] / filename including its extension below.

its == the possessive form

it's == a contraction of either it is or it has

One of many references - http://www.elearnenglishlanguage.com/difficulties/its.html

Cheers and Regards

0

Share this post


Link to post
Share on other sites

But, since you are trying to make this perfect, I'm afraid that the spelling error that Sp0iLedBrAt pointed out has crept back in. The correct line should be:

Echo Pls enter [full file path] / filename including its extension below.

That's my bad :blushing: , I used as "base" the original batch.

But isn't anyway the "its" redundant? :unsure:

Like:

Echo Pls enter [full file path] / filename including extension below.

;)

jaclaz

0

Share this post


Link to post
Share on other sites

Probably the best approach jaclaz. :)

Cheers and Regards

0

Share this post


Link to post
Share on other sites

Since now can drag & drop, might as well change it to

Echo Please drag ^& drop your file below

Much simpler and more convenient. Thanks

Edit

Will upload maybe 14 hrs later (now @work)

Updated to #1

Edited by Geej
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.