├── LICENSE
├── README.md
├── db
└── zeus.db
└── src
├── .vs
└── Zeus_File_Identifier
│ ├── FileContentIndex
│ ├── 8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx
│ └── a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx
│ └── v17
│ └── .suo
├── App.config
├── Main.vb
├── My Project
├── Application.Designer.vb
├── Application.myapp
├── AssemblyInfo.vb
├── Resources.Designer.vb
├── Resources.resx
├── Settings.Designer.vb
└── Settings.settings
├── SignatureType.vb
├── Zeus_File_Identifier.sln
├── Zeus_File_Identifier.vbproj
└── Zeus_File_Identifier.vbproj.user
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2024 DosX
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # 🔮 Zeus File Identifier (ZFI)
2 | This program is designed to determine the file type using signatures according to certain rules. Can be used by antiviruses.
3 |
4 | ## 📑 About
5 | This console program takes an argument `--file` which specifies the path to the file that needs to be examined. The output will contain the resulting format, description and some technical data (for example, the presence of compressed entropy data)
6 |
7 | ## 💼 Database rules format
8 | ```
9 | {STRING_NAME}|{STRING_FILE_TYPE}|{STRING_DESCRIPTION}|{MASK_SIGNATURE}
10 | ```
11 | * Use ".."/"??" to indicate an unknown byte (like "0000..29..11...00")
12 | * Use the ' character to wrap an ASCII string (like "000000'String in the file!'000029")
13 |
14 | The signature is read only from the beginning of the file.
15 |
16 | Example of rule:
17 | ```
18 | Lua Bytecode|Script|Lua machine code|1B'Lua'..00
19 | ```
20 |
21 | ## 🐧 Run on Linux
22 | Use the `mono-complete` package to use the program on Linux:
23 | ```
24 | mono Zeus_File_Identifier.app --file "application.exe"
25 | ```
26 |
27 | ## ✨ What about...
28 | [Detect It Easy](https://github.com/horsicq/DIE-engine) will soon support Zeus File Identifier formats
29 |
--------------------------------------------------------------------------------
/db/zeus.db:
--------------------------------------------------------------------------------
1 | # Zeus File Identifier file format version 1.X
2 | #
3 | # Standart "zeus.db" database
4 | # Author is DosX
5 | #
6 | # Format:
7 | # {STRING_NAME}|{STRING_FILE_TYPE}|{STRING_DESCRIPTION}|{MASK_SIGNATURE}
8 | #
9 | # Hint for signatures writing:
10 | # * Use ".."/"??" to indicate an unknown byte (like "0000..29..11...00")
11 | # * Use the ' character to wrap an ASCII string (like "000000'String in the file!'000029")
12 | #
13 | # The signature is read only from the beginning of the file.
14 |
15 | 7z|Archive||'7z'
16 | ARCV 2|Archive||'ARCV'0002
17 | Adobe Font Metrics|Font|Contains the font and its parameters|'StartFontMetrics '
18 | Adobe Photoshop|Project|'8BPS'
19 | ArcFS|Archive||'Archive'00................2800000064
20 | Asar (Electron)|Archive|Electron Application package (NodeJS)|04..............................'{"files":{'
21 | Asymetrix|Archive||602213636c00
22 | BAGF|Archive||'BAGF'02
23 | BFF|Archive||09006bea
24 | BIGF|Archive||'BIGF'00
25 | BMF|Font|Contains the font and its parameters|'BMF'
26 | Basis Universal GPU Texture|Image||734213004D00
27 | BeOS package|Archive||'AlB'1a
28 | BulkZip|Archive||'blkzip'00
29 | CRAMFS|Archive||453dcd28........................'Compressed ROMFS'
30 | CRX|Archive||'Cr24'02
31 | DCL|Archive||00069a68
32 | Device Independent Document|Document||f702018392c01c3b
33 | DirectDraw Surface|Image||'DDS '7C000000
34 | Embedded OpenType Font|Font|Contains the font and its parameters|......00..........000200
35 | Encapsulated PostScript|Image||'%!PS-Adobe-'
36 | FTCOMP|Archive||a596fdff
37 | Facebook Zstandard/ZSTD compressed data|Archive||28B52FFD
38 | GIF|Image|Animated image|'GIF8'
39 | GNU Gettext Machine Object|Binary||950412de00000000
40 | GNU Gettext Machine Object|Binary||de12049500000000
41 | GXL|Archive||01ca'Copyright (c) Genus Microprogramming, Inc.'
42 | GZIP|Archive||1F8B
43 | HUFF|Archive||bd01..00..00..000000
44 | INSA|Archive||0100......00ecf9
45 | InstallShield INST v3|Archive||2aab79d800010000
46 | InstallShield INX v7|Archive||74c42c84e1e5d428
47 | InstallShield ISN|Archive||..0fd28ccc1f..3c0d8e830dd88f25ac
48 | InstallShield v3|Archive||135d658c3a010200
49 | IzPack|Archive||aced00057704
50 | JNG|Image|Contains raster graphics|8B'JNG'
51 | JPEG (EXIF)|Image|Contains raster graphics|FFD8FFE1....'Exif'00
52 | JPEG (OLD)|Image|Contains raster graphics|FFD8FFDB
53 | JPEG|Image|Contains raster graphics|FFD8FFE0....'JFIF'00
54 | KWAJ by Microsoft|Archive||'KWAJ'88
55 | Khronos Texture (KTX1)|Image||'«KTX 11»'0D0A1A0A
56 | Khronos Texture (KTX2)|Image||'«KTX 20»'0D0A1A0A
57 | LHA|Archive||....'-lh'..2d
58 | LZFSE|Archive||'bvxn'
59 | LZK00|Archive||'LZK00'000000
60 | LZMA|Archive||5d0000....ffffffffffffffff00180ddd04
61 | LZOP Compressed data|Archive||89'LZO'000D0A1A0A
62 | Long Range ZIP|Archive||'LRZI'
63 | Lua Bytecode|Script|Lua machine code|1B'Lua'..00
64 | MDCD|Archive||'MDmd'
65 | MP3|Audio|Music or sounds|'ID3'??00
66 | MP4|Video|The most common way to record video|000000..'ftyp'
67 | MPQ by Blizzard|Archive||'MPQ'1a
68 | MSKN 2 (zlib)|Archive||'_MCT'00'KSLZ'789c
69 | MVA|Archive||'mflh'0100
70 | MZIP|Archive||'MZIP'
71 | Microsoft Access Workgroup Information|Binary||00010000'Jet System DB '00
72 | Microsoft Compound|Archive||D0CF11E0A1B11AE1
73 | Microsoft Program Information|Binary||'MICROSOFT PIFEX'0087010000
74 | Microsoft Word 2 document|Document|Old Microsoft Word format|dca5..00..................00000000
75 | Microsoft Word 2 document|Document|Old Microsoft Word format|eca5c100..................00000000
76 | Microsoft XNA Game Studio Binary Package|Binary||'XNB'
77 | Microsoft compiled HTML|Binary||'ITSF'..000000
78 | NanoZip v0.09|Archive||AE01'NanoZip 0.09 alpha'
79 | OpenType - CFF compact Font|Font|Contains the font and its parameters|'OTTO'................'CFF '
80 | PAC by BVRP Software|Archive||'PAC - 'a9' BVRP Software 1990-2000'
81 | PACK|Archive||'PACK'............0000
82 | PCInstall|Archive||00000000000000000000000000007400010074000500
83 | PDF|Document||'%PDF'
84 | PP20|Archive||'PP20'09
85 | Package Data|Archive||0500000001000000??????????00????
86 | PaperPort|Archive||'ViG'....1a
87 | Program Debug Database|Database|Contains program debugging information|'BSJB'01
88 | Program Debug Database|Database|Contains program debugging information|'Microsoft C/C++ MSF 7.00'0d
89 | PNG|Image|Raster graphics with transparency|89'PNG'
90 | Qt message|Binary|File containing text information of the Qt framework|3cb86418caef9c95
91 | Quick Help|Binary||'LN'0200
92 | RAR|Archive|Commercial WinRAR format|'Rar!'1a
93 | RAZOR Archive|Archive||'CM'2805060000
94 | RPM package|Archive||edabeedb0300
95 | Rich Text|Document|Formatted rich text data (.rtf)|'{\rtf1\'
96 | Rockstar Advanced Game resources|Archive|Used in the GTA series of games|'7FPR'????00
97 | SCO|Archive||1fa0
98 | SIT|Archive||'SIT!'
99 | SKF|Archive||06'SKF3.0'
100 | SQZE|Archive||'SQZE'010000
101 | SW|Archive||'im001V'......50....0000
102 | SZ by Microsoft|Archive||'SZ '88
103 | SZDD by Microsoft|Archive||'SZDD'88
104 | SaveDskF|Archive||aa59f0000002
105 | Snappy compressed data|Archive||FF060000'sNaPpY'
106 | Solaris Package|Archive||'# PaCkAgE DaTaStReAm'
107 | SquashFS (Big Endian)|Archive||'sqsh'0000
108 | SquashFS (Little Endian)|Archive||'hsqs'0300
109 | SQLite|Database||'SQLite format 3'00
110 | Security Catalog Files|Archive||3082....06092A864886F70D010702A0
111 | TAR|Archive|Archive without encryption or compression|................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................00'ustar'
112 | TPWM (BlueByte)|Archive||'TPWM'
113 | TsiLang binary translation data|Binary||'SIB file: TsiLang binary translation data'
114 | Universal Binary|Image||CAFEBABE
115 | UnrealEngine|Binary|Game engine format|C1832A9E
116 | VMS SaveSet|Archive||0001000401000100010000000000000000000000000000000000000000000000010101
117 | WAV|Audio||'RIFF'
118 | WPK|Archive||032401010100
119 | Windows Animated Cursor|Image||'RIFF'........'ACON'
120 | Windows Bitmap|Image|.bmp picture|'BM'
121 | Windows Cursor|Image|.cur cursor|00000200
122 | Windows Icon|Image|.ico icon|00000100
123 | Windows Imaging|Archive||'MSWIM'000000
124 | Windows Minidump|Binary|.dmp (process dump)|'MDMP'93a7
125 | Windows PE|Executable|Can be run on Windows OS|'MZ'
126 | Windows Shortcut|Binary||4c0000000114020000000000c000000000000046
127 | Windows Write document|Document|Microsoft Write format|31be000000ab0000
128 | Windows Write document|Document|Microsoft Write format|32be000000ab0000
129 | XAR|Archive||'xar!'001c00010000
130 | XFL game resources|Archive||'LB'0100
131 | XZ|Archive||fd'7zXZ'0000
132 | ZIP|Archive|Regular ZIP format|'PK'03
133 | ZOO|Archive||'ZOO'............'Archive'
134 | ZPAQ Compressed data|Archive||'7kSt'
135 | Zinc data|Binary||'Zinc Data File Version'
136 | Zipped ISO disk Image|Archive||'IsZ!@'01
137 | Z|Archive||1f9d
138 | WebM|Video|Is a royalty-free video format that supports VP8, VP9, and AV1 codecs|1A45DFA3........................................'webmB'87
139 | WebM|Video|Is a royalty-free video format that supports VP8, VP9, and AV1 codecs|1A45DFA3......................................................'webmB'87
140 | Resources|Archive|.NET resources format|CECAEFBE01000000910000006C'System.Resources.'
141 | Boot Image|Archive||'DCS'01
142 | Custom Application Compatibility Database|Database||0300000000000000'sdbf'
143 | Encrypted WSH (VBE/JSE)|Script|Encrypted VBScript/JScript|'#@~^'
144 |
145 |
146 | # Unknown result
147 | Unknown|Binary|Looks like a custom file format|??
--------------------------------------------------------------------------------
/src/.vs/Zeus_File_Identifier/FileContentIndex/8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/FileContentIndex/8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx
--------------------------------------------------------------------------------
/src/.vs/Zeus_File_Identifier/FileContentIndex/a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/FileContentIndex/a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx
--------------------------------------------------------------------------------
/src/.vs/Zeus_File_Identifier/v17/.suo:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/v17/.suo
--------------------------------------------------------------------------------
/src/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/src/Main.vb:
--------------------------------------------------------------------------------
1 | ' Source code at GitHub: https://github.com/DosX-dev/Zeus-File-Identifier
2 | ' Coded by DosX
3 |
4 | Imports System.Security.Cryptography
5 |
6 | Module Main
7 | Sub Main(args As String())
8 | Console.WriteLine("
9 | ███████ ███████ ██ ██ ███████
10 | ███ ██ ██ ██ ██
11 | ███ █████ ██ ██ ███████
12 | ███ ██ ██ ██ ██
13 | ███████ ███████ ██████ ███████
14 | FILE IDENTIFIER, (С) DosX
15 | ")
16 |
17 | Try
18 | Dim filePath As String = GetFilePathFromArgs(args)
19 |
20 | If String.IsNullOrEmpty(filePath) Then
21 | Console.Out.WriteLine("Missing --file argument")
22 | Return
23 | End If
24 |
25 | Dim fileChecker As New ZeusFileIdentifier.FileScanner("zeus.db"),
26 | result As ZeusFileIdentifier.Signature = fileChecker.CheckFile(filePath)
27 |
28 | Console.Out.WriteLine("[ ANALYSIS ]")
29 | Console.Out.WriteLine("File type name: " & result.FileTypeName)
30 |
31 | Dim fileTypeDescription As String = result.FileTypeDescription
32 | Console.Out.WriteLine("File type description: " & (If(fileTypeDescription.Length = 0, "-", fileTypeDescription)))
33 |
34 | Console.Out.WriteLine("File format: " & result.FormatType)
35 |
36 | Console.Out.WriteLine(vbLf & "[ GENERIC ]")
37 |
38 | Dim fileSize As Long = fileChecker.GetFileSize(filePath)
39 | Console.Out.WriteLine("File size: " & fileSize & " bytes or ~" & (fileSize / 1024) & " kilobytes or ~" & Math.Round(fileSize / 1024 / 1024 / 1024, 4) & " gigabytes")
40 |
41 | Dim fileEntropy As Double = fileChecker.CalculateEntropy(filePath)
42 | Console.Out.WriteLine("File entropy: " & Math.Round(fileEntropy, 2) & " out of 8 " & If(fileEntropy > 7.0, "[high; like compressed]", "[normal]"))
43 |
44 | Console.Out.WriteLine(vbLf & "[ HASHES ]")
45 |
46 | Dim md5Hash As String = fileChecker.GetFileHash(filePath, New MD5CryptoServiceProvider())
47 | Console.Out.WriteLine($"MD5 hash: {md5Hash}")
48 |
49 | Dim sha1Hash As String = fileChecker.GetFileHash(filePath, New SHA1CryptoServiceProvider())
50 | Console.Out.WriteLine($"SHA-1 hash: {sha1Hash}")
51 |
52 | Dim sha256Hash As String = fileChecker.GetFileHash(filePath, New SHA256CryptoServiceProvider())
53 | Console.Out.WriteLine($"SHA-256 hash: {sha256Hash}")
54 | Catch ex As Exception
55 | Console.Out.WriteLine(ex.Message)
56 | End Try
57 | Console.WriteLine()
58 | End Sub
59 |
60 | Function GetFilePathFromArgs(args As String()) As String
61 | For i As Integer = 0 To args.Length - 2
62 | If args(i).ToLower() = "--file" Then
63 | Return args(i + 1)
64 | End If
65 | Next
66 | Return String.Empty
67 | End Function
68 | End Module
--------------------------------------------------------------------------------
/src/My Project/Application.Designer.vb:
--------------------------------------------------------------------------------
1 | '------------------------------------------------------------------------------
2 | '
3 | ' This code was generated by a tool.
4 | ' Runtime Version:4.0.30319.42000
5 | '
6 | ' Changes to this file may cause incorrect behavior and will be lost if
7 | ' the code is regenerated.
8 | '
9 | '------------------------------------------------------------------------------
10 |
11 | Option Strict On
12 | Option Explicit On
13 |
14 |
--------------------------------------------------------------------------------
/src/My Project/Application.myapp:
--------------------------------------------------------------------------------
1 |
2 |
3 | false
4 | false
5 | 0
6 | true
7 | 0
8 | 2
9 | true
10 |
11 |
--------------------------------------------------------------------------------
/src/My Project/AssemblyInfo.vb:
--------------------------------------------------------------------------------
1 | Imports System
2 | Imports System.Reflection
3 | Imports System.Runtime.InteropServices
4 |
5 | ' Общие сведения об этой сборке предоставляются следующим набором
6 | ' набора атрибутов. Измените значения этих атрибутов, чтобы изменить сведения,
7 | ' связанные со сборкой.
8 |
9 | ' Проверьте значения атрибутов сборки
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 | 'Следующий GUID служит для идентификации библиотеки типов, если этот проект будет видимым для COM
21 |
22 |
23 | ' Сведения о версии сборки состоят из следующих четырех значений:
24 | '
25 | ' Основной номер версии
26 | ' Дополнительный номер версии
27 | ' Номер сборки
28 | ' Редакция
29 | '
30 | ' Можно задать все значения или принять номера сборки и редакции по умолчанию
31 | ' используя "*", как показано ниже:
32 | '
33 |
34 |
35 |
36 |
--------------------------------------------------------------------------------
/src/My Project/Resources.Designer.vb:
--------------------------------------------------------------------------------
1 | '------------------------------------------------------------------------------
2 | '
3 | ' This code was generated by a tool.
4 | ' Runtime Version:4.0.30319.42000
5 | '
6 | ' Changes to this file may cause incorrect behavior and will be lost if
7 | ' the code is regenerated.
8 | '
9 | '------------------------------------------------------------------------------
10 |
11 | Option Strict On
12 | Option Explicit On
13 |
14 |
15 | Namespace My.Resources
16 |
17 | 'This class was auto-generated by the StronglyTypedResourceBuilder
18 | 'class via a tool like ResGen or Visual Studio.
19 | 'To add or remove a member, edit your .ResX file then rerun ResGen
20 | 'with the /str option, or rebuild your VS project.
21 | '''
22 | ''' A strongly-typed resource class, for looking up localized strings, etc.
23 | '''
24 | _
28 | Friend Module Resources
29 |
30 | Private resourceMan As Global.System.Resources.ResourceManager
31 |
32 | Private resourceCulture As Global.System.Globalization.CultureInfo
33 |
34 | '''
35 | ''' Returns the cached ResourceManager instance used by this class.
36 | '''
37 | _
38 | Friend ReadOnly Property ResourceManager() As Global.System.Resources.ResourceManager
39 | Get
40 | If Object.ReferenceEquals(resourceMan, Nothing) Then
41 | Dim temp As Global.System.Resources.ResourceManager = New Global.System.Resources.ResourceManager("Zeus_File_Identifier.Resources", GetType(Resources).Assembly)
42 | resourceMan = temp
43 | End If
44 | Return resourceMan
45 | End Get
46 | End Property
47 |
48 | '''
49 | ''' Overrides the current thread's CurrentUICulture property for all
50 | ''' resource lookups using this strongly typed resource class.
51 | '''
52 | _
53 | Friend Property Culture() As Global.System.Globalization.CultureInfo
54 | Get
55 | Return resourceCulture
56 | End Get
57 | Set(ByVal value As Global.System.Globalization.CultureInfo)
58 | resourceCulture = value
59 | End Set
60 | End Property
61 | End Module
62 | End Namespace
63 |
--------------------------------------------------------------------------------
/src/My Project/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/src/My Project/Settings.Designer.vb:
--------------------------------------------------------------------------------
1 | '------------------------------------------------------------------------------
2 | '
3 | ' This code was generated by a tool.
4 | ' Runtime Version:4.0.30319.42000
5 | '
6 | ' Changes to this file may cause incorrect behavior and will be lost if
7 | ' the code is regenerated.
8 | '
9 | '------------------------------------------------------------------------------
10 |
11 | Option Strict On
12 | Option Explicit On
13 |
14 |
15 | Namespace My
16 |
17 | _
20 | Partial Friend NotInheritable Class MySettings
21 | Inherits Global.System.Configuration.ApplicationSettingsBase
22 |
23 | Private Shared defaultInstance As MySettings = CType(Global.System.Configuration.ApplicationSettingsBase.Synchronized(New MySettings), MySettings)
24 |
25 | #Region "My.Settings Auto-Save Functionality"
26 | #If _MyType = "WindowsForms" Then
27 | Private Shared addedHandler As Boolean
28 |
29 | Private Shared addedHandlerLockObject As New Object
30 |
31 | _
32 | Private Shared Sub AutoSaveSettings(ByVal sender As Global.System.Object, ByVal e As Global.System.EventArgs)
33 | If My.Application.SaveMySettingsOnExit Then
34 | My.Settings.Save()
35 | End If
36 | End Sub
37 | #End If
38 | #End Region
39 |
40 | Public Shared ReadOnly Property [Default]() As MySettings
41 | Get
42 |
43 | #If _MyType = "WindowsForms" Then
44 | If Not addedHandler Then
45 | SyncLock addedHandlerLockObject
46 | If Not addedHandler Then
47 | AddHandler My.Application.Shutdown, AddressOf AutoSaveSettings
48 | addedHandler = True
49 | End If
50 | End SyncLock
51 | End If
52 | #End If
53 | Return defaultInstance
54 | End Get
55 | End Property
56 | End Class
57 | End Namespace
58 |
59 | Namespace My
60 |
61 | _
64 | Friend Module MySettingsProperty
65 |
66 | _
67 | Friend ReadOnly Property Settings() As Global.Zeus_File_Identifier.My.MySettings
68 | Get
69 | Return Global.Zeus_File_Identifier.My.MySettings.Default
70 | End Get
71 | End Property
72 | End Module
73 | End Namespace
74 |
--------------------------------------------------------------------------------
/src/My Project/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/src/SignatureType.vb:
--------------------------------------------------------------------------------
1 | ' Source code at GitHub: https://github.com/DosX-dev/Zeus-File-Identifier
2 | ' Coded by DosX
3 |
4 | Imports System.IO
5 | Imports System.Security.Cryptography
6 | Imports System.Text
7 | Imports System.Text.RegularExpressions
8 |
9 | Namespace ZeusFileIdentifier
10 | Class FileScanner
11 | Private database = String.Empty
12 |
13 | Sub New(databasePath)
14 | database = databasePath
15 | End Sub
16 |
17 | Public Function CheckFile(filePath As String)
18 | If File.Exists(filePath) Then
19 | If New FileInfo(filePath).Length = 0 Then
20 | Return New Signature("Empty file", "-", "", "")
21 | Else
22 | If IsFileBinary(filePath) Then
23 | Return IdentifyFileType(filePath)
24 | Else
25 | Return New Signature("Simple text file", "Text", "", "")
26 | End If
27 | End If
28 | Else
29 | Throw New Exception("File not found.")
30 | End If
31 | End Function
32 |
33 | Private Function IdentifyFileType(filePath As String) As Signature
34 | Dim dataBaseLine As List(Of Signature) = LoadSignatures(database)
35 |
36 | Dim fileBytes(500) As Byte
37 | Using fs As New FileStream(filePath, FileMode.Open, FileAccess.Read)
38 | fs.Read(fileBytes, 0, 501)
39 | End Using
40 |
41 | Dim fileStartsWith As String = BitConverter.ToString(fileBytes).Replace("-", "").ToLower()
42 |
43 | For Each signature In dataBaseLine
44 | If CompareBytesStartFromMask(signature.HexSignature, fileStartsWith) Then
45 | Return signature
46 | End If
47 | Next
48 |
49 | Return New Signature("Unknown", "Unknown", "", "")
50 | End Function
51 |
52 | Private Function LoadSignatures(dbFilePath As String) As List(Of Signature)
53 | Dim signatures As New List(Of Signature)
54 | If File.Exists(dbFilePath) Then
55 | Dim lines As String() = File.ReadAllLines(dbFilePath)
56 | For Each line As String In lines
57 | Dim parts As String() = line.Split("|"c)
58 | If parts.Length = 4 AndAlso Not line.StartsWith("#") Then
59 | Dim signature As New Signature(parts(0), parts(1), parts(2), parts(3))
60 | signatures.Add(signature)
61 | End If
62 | Next
63 | End If
64 |
65 | Return signatures
66 | End Function
67 |
68 | Private Function IsFileBinary(filePath As String) As Long
69 | Dim bufferSize As Long = 1024
70 | Dim buffer(bufferSize - 1) As Byte
71 |
72 | Using fileStream As FileStream = New FileStream(filePath, FileMode.Open, FileAccess.Read)
73 | Dim bytesRead As Long = fileStream.Read(buffer, 0, bufferSize)
74 |
75 | For i As Long = 0 To bytesRead - 1
76 | If buffer(i) < 32 AndAlso buffer(i) <> 9 AndAlso buffer(i) <> 10 AndAlso buffer(i) <> 13 Then
77 | Return True
78 | End If
79 | Next
80 | End Using
81 |
82 | Return False
83 | End Function
84 |
85 | Private Function CompareBytesStartFromMask(stringMask As String, bytesSample As String) As Boolean
86 | Dim regex As New Regex("'(.*?)'"),
87 | matches As MatchCollection = regex.Matches(stringMask)
88 |
89 | For Each match As Match In matches
90 | Dim dynamicBytes As String = match.Groups(1).Value,
91 | dynamicBytesHex As String = BitConverter.ToString(Encoding.ASCII.GetBytes(dynamicBytes)).Replace("-", "")
92 |
93 | stringMask = stringMask.Replace("'" & dynamicBytes & "'", dynamicBytesHex)
94 | Next
95 |
96 | stringMask = stringMask.ToLower()
97 |
98 | Dim maskPattern As String = Regex.Replace(stringMask, "\?\?", ".."),
99 | regexPattern As New Regex("^" & maskPattern)
100 |
101 | Return regexPattern.IsMatch(bytesSample)
102 | End Function
103 |
104 | Public Function CalculateEntropy(filePath As String) As Double
105 | Dim byteFrequency As New Dictionary(Of Byte, Long)()
106 | Using fs As New FileStream(filePath, FileMode.Open, FileAccess.Read)
107 | Dim bufferSize As Integer = 4096,
108 | buffer(bufferSize - 1) As Byte,
109 | bytesRead As Integer
110 | Do
111 | bytesRead = fs.Read(buffer, 0, bufferSize)
112 |
113 | For i As Integer = 0 To bytesRead - 1
114 | Dim b As Byte = buffer(i)
115 |
116 | If byteFrequency.ContainsKey(b) Then
117 | byteFrequency(b) += 1
118 | Else
119 | byteFrequency(b) = 1
120 | End If
121 | Next
122 |
123 | Loop While bytesRead > 0
124 | End Using
125 |
126 | Dim totalBytes As Long = New FileInfo(filePath).Length
127 | Dim entropy As Double = 0.0
128 |
129 | For Each count As Long In byteFrequency.Values
130 | Dim probability As Double = count / totalBytes
131 | entropy -= probability * Math.Log(probability, 2)
132 | Next
133 |
134 | Return entropy
135 | End Function
136 |
137 | Function GetFileHash(filePath As String, hashAlgorithm As HashAlgorithm) As String
138 | Try
139 | Using fileStream As FileStream = File.OpenRead(filePath)
140 | Dim hashBytes() As Byte = hashAlgorithm.ComputeHash(fileStream)
141 | Return BitConverter.ToString(hashBytes).Replace("-", "").ToLower()
142 | End Using
143 | Catch ex As Exception
144 | Console.WriteLine($"Ошибка при вычислении хеша: {ex.Message}")
145 | Return String.Empty
146 | End Try
147 | End Function
148 |
149 | Function GetFileSize(filePath) As Long
150 | Return New FileInfo(filePath).Length
151 | End Function
152 | End Class
153 |
154 | Class Signature
155 | Public Property FileTypeName As String
156 | Public Property FormatType As String
157 | Public Property FileTypeDescription As String
158 | Public Property HexSignature As String
159 |
160 | Public Sub New(FormatType As String, signatureType As String, fileTypeDescription As String, hexSignature As String)
161 | Me.FileTypeName = FormatType
162 | Me.FormatType = signatureType
163 | Me.FileTypeDescription = fileTypeDescription
164 | Me.HexSignature = hexSignature
165 | End Sub
166 | End Class
167 |
168 | End Namespace
--------------------------------------------------------------------------------
/src/Zeus_File_Identifier.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 17
4 | VisualStudioVersion = 17.7.34031.279
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "Zeus_File_Identifier", "Zeus_File_Identifier.vbproj", "{0732049E-7FC4-4B46-B946-0A8B4A1A81C3}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x64 = Debug|x64
12 | Release|Any CPU = Release|Any CPU
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|x64.ActiveCfg = Debug|x64
19 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|x64.Build.0 = Debug|x64
20 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|x64.ActiveCfg = Release|x64
23 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|x64.Build.0 = Release|x64
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {D4DAA110-F157-41FB-AB6F-2343CFBD3B5B}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/src/Zeus_File_Identifier.vbproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}
8 | Exe
9 | Zeus_File_Identifier.Main
10 | Zeus_File_Identifier
11 | Zeus_File_Identifier
12 | 512
13 | Console
14 | v4.7.2
15 | true
16 | true
17 |
18 |
19 | AnyCPU
20 | true
21 | full
22 | true
23 | true
24 | bin\Debug\
25 | Zeus_File_Identifier.xml
26 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022
27 |
28 |
29 | x64
30 | pdbonly
31 | false
32 | true
33 | true
34 | bin\Release\
35 | Zeus_File_Identifier.xml
36 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022
37 | false
38 |
39 |
40 | On
41 |
42 |
43 | Binary
44 |
45 |
46 | Off
47 |
48 |
49 | On
50 |
51 |
52 | true
53 | true
54 | true
55 | bin\x64\Debug\
56 | Zeus_File_Identifier.xml
57 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022
58 | full
59 | x64
60 | true
61 |
62 |
63 | true
64 | bin\Release\
65 | Zeus_File_Identifier.xml
66 | true
67 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022
68 | pdbonly
69 | x64
70 | true
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 | True
98 | Application.myapp
99 |
100 |
101 | True
102 | True
103 | Resources.resx
104 |
105 |
106 | True
107 | Settings.settings
108 | True
109 |
110 |
111 |
112 |
113 |
114 | VbMyResourcesResXFileCodeGenerator
115 | Resources.Designer.vb
116 | My.Resources
117 | Designer
118 |
119 |
120 |
121 |
122 | MyApplicationCodeGenerator
123 | Application.Designer.vb
124 |
125 |
126 | SettingsSingleFileGenerator
127 | My
128 | Settings.Designer.vb
129 |
130 |
131 |
132 |
133 |
--------------------------------------------------------------------------------
/src/Zeus_File_Identifier.vbproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Zeus_File_Identifier.exe --file Zeus_File_Identifier.exe
5 |
6 |
7 | Zeus_File_Identifier.exe --file Zeus_File_Identifier.exe
8 |
9 |
--------------------------------------------------------------------------------