I want to traverse a given directory and find if a given file signature is present in any regular files of that directory.
Here’s my code:
char* given_signature = "981d0000ec33fffffb06000000460e10";
int file_sign(char* path){
FILE* file = fopen(path, "rb");
if(!file){
printf("error with file opening");
return -1;
}
fseek(file, 0, SEEK_END);
long filelen = ftell(file);
fseek(file, 0, SEEK_SET);
char* buffer = malloc(filelen);
if(buffer)
fread(buffer, 1, filelen, file);
fclose(file);
for(int i = 0; i < filelen - 16; i++){
if(memcmp(buffer + i, given_signature, 16) == 0){
printf("Signature found in %s\n", path);
}
}
free(buffer);
return 0;
}
void traverse_dirs(char* base_path){
char path[_MAX_LINE_];
struct dirent* dp;
DIR* dir = opendir(base_path);
if(!dir)
return;
while((dp = readdir(dir)) != NULL){
if(strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0)
continue;
strcpy(path, base_path);
strcat(path, "/");
strcat(path, dp->d_name);
if(dp->d_type == DT_REG){
file_sign(path);
}
traverse_dirs(path);
}
closedir(dir);
}
The traversal is done correctly as it works for some other functions. So the problem is in the file_sign() function but I cannot find what I did wrong.
Could it be that I’m implementing the given signature wrong? e.g: can I do it like this:
char* given_signature[] = {"98", "1d", "00", "00", "ec", "33", "ff", "ff", "fb", "06", "00", "00", "00", "46", "0e", "10"};
and parse the file byte by byte? If yes how do I do that?
Any ideas?
>Solution :
You’re clearly confused between a string and binary data.
The string literal you showed is 33 bytes long (including null terminator) and consists of purely hex digits. These have nothing to do with the bytes that you’re trying to represent.
Similarly, the array you showed is 16 pointers to 3-byte string literals. Also nothing to do with the binary data you’re trying to find.
What you wanted is this:
char given_signature[] = {
0x98, 0x1d, 0x00, 0x00,
0xec, 0x33, 0xff, 0xff,
0xfb, 0x06, 0x00, 0x00,
0x00, 0x46, 0x0e, 0x10
};