|md5deep 4.1 with Windows executable identification
||[Feb. 14th, 2012|11:23 am]
This morning I have published md5deep version 4.1. There is one new feature, an expert mode which processes Windows PE (executable) files. Traditionally expert mode has been used to include or exclude symbolic links, block files, etc. But a recent feature request asked for the ability to recognize and hash PE files. Using the functionality I wrote for Miss Identify, I've added the feature to md5deep and hashdeep.
Here's an example of the new feature in action. First, we recursively hash a directory tree without any restrictions:
C:\temp>md5deep -r .
Note the two "text" files, foo.txt and EVILEVIL.txt. When we request that md5deep only hash Windows executables, we see the latter was mislabeled! The program displays a warning about this file and hashes it:
C:\temp>md5deep -r -o e .
C:\temp\bar\EVILEVIL.txt: Is Windows executable but does not have executable extension
There is also one bug fix in this release, better handling of junction points on Windows. As usual you can download a Windows executable or the *nix source code.