| Meet Miss Identify |
[Feb. 19th, 2008|09:34 pm] |
After several months of testing and refinement I am proud to release Miss Identify. Miss Identify is a program to find Win32 applications. In it's default mode it displays the filename of any executable that does not have an executable extension (i.e. exe, dll, com, sys, cpl, hxs, hxi, olb, rll, or tlb). In other words, it looks for executables hidden as other file types.
The program can also be run to display all of the executables encountered, regardless of their extensions. This is handy when you're looking for all of the executables on a drive. Other options allow the user to record the strings found in an executable and to work recursively. The manual page has more details.
Here's some sample output. First, we'll search for mislabeled executables:
C:\> missidentify *
C:\missidentify-1.0\sample.jpg Next, a search for all executables in a given directory:C:\> missidentify -a *
C:\missidentify-1.0\sample.jpg
C:\missidentify-1.0\missidentify.exe And finally, searching for all executables in the System directory:C:\> missidentify -ar c:\windows\system32
...
C:\WINDOWS\System32\ntdll.dll
C:\WINDOWS\System32\ntoskrnl.exe
C:\WINDOWS\System32\NEVER-GONNA-CATCH-ME.EXE
C:\WINDOWS\System32\ntver.dll
...
You can download a Windows executable or the source code. The code has been tested on Linux, FreeBSD, Open Solaris, and Mac OS X, but should work on most platforms that support the GNU build tools (e.g. OpenBSD, SunOS, VMS, Amiga, Cray XMP, XBox, etc.) Enjoy! |
|
|