├── LICENSE ├── README.md ├── db └── zeus.db └── src ├── .vs └── Zeus_File_Identifier │ ├── FileContentIndex │ ├── 8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx │ └── a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx │ └── v17 │ └── .suo ├── App.config ├── Main.vb ├── My Project ├── Application.Designer.vb ├── Application.myapp ├── AssemblyInfo.vb ├── Resources.Designer.vb ├── Resources.resx ├── Settings.Designer.vb └── Settings.settings ├── SignatureType.vb ├── Zeus_File_Identifier.sln ├── Zeus_File_Identifier.vbproj └── Zeus_File_Identifier.vbproj.user /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 DosX 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 🔮 Zeus File Identifier (ZFI) 2 | This program is designed to determine the file type using signatures according to certain rules. Can be used by antiviruses. 3 | 4 | ## 📑 About 5 | This console program takes an argument `--file` which specifies the path to the file that needs to be examined. The output will contain the resulting format, description and some technical data (for example, the presence of compressed entropy data) 6 | 7 | ## 💼 Database rules format 8 | ``` 9 | {STRING_NAME}|{STRING_FILE_TYPE}|{STRING_DESCRIPTION}|{MASK_SIGNATURE} 10 | ``` 11 | * Use ".."/"??" to indicate an unknown byte (like "0000..29..11...00") 12 | * Use the ' character to wrap an ASCII string (like "000000'String in the file!'000029") 13 | 14 | The signature is read only from the beginning of the file. 15 | 16 | Example of rule: 17 | ``` 18 | Lua Bytecode|Script|Lua machine code|1B'Lua'..00 19 | ``` 20 | 21 | ## 🐧 Run on Linux 22 | Use the `mono-complete` package to use the program on Linux: 23 | ``` 24 | mono Zeus_File_Identifier.app --file "application.exe" 25 | ``` 26 | 27 | ## ✨ What about... 28 | [Detect It Easy](https://github.com/horsicq/DIE-engine) will soon support Zeus File Identifier formats 29 | -------------------------------------------------------------------------------- /db/zeus.db: -------------------------------------------------------------------------------- 1 | # Zeus File Identifier file format version 1.X 2 | # 3 | # Standart "zeus.db" database 4 | # Author is DosX 5 | # 6 | # Format: 7 | # {STRING_NAME}|{STRING_FILE_TYPE}|{STRING_DESCRIPTION}|{MASK_SIGNATURE} 8 | # 9 | # Hint for signatures writing: 10 | # * Use ".."/"??" to indicate an unknown byte (like "0000..29..11...00") 11 | # * Use the ' character to wrap an ASCII string (like "000000'String in the file!'000029") 12 | # 13 | # The signature is read only from the beginning of the file. 14 | 15 | 7z|Archive||'7z' 16 | ARCV 2|Archive||'ARCV'0002 17 | Adobe Font Metrics|Font|Contains the font and its parameters|'StartFontMetrics ' 18 | Adobe Photoshop|Project|'8BPS' 19 | ArcFS|Archive||'Archive'00................2800000064 20 | Asar (Electron)|Archive|Electron Application package (NodeJS)|04..............................'{"files":{' 21 | Asymetrix|Archive||602213636c00 22 | BAGF|Archive||'BAGF'02 23 | BFF|Archive||09006bea 24 | BIGF|Archive||'BIGF'00 25 | BMF|Font|Contains the font and its parameters|'BMF' 26 | Basis Universal GPU Texture|Image||734213004D00 27 | BeOS package|Archive||'AlB'1a 28 | BulkZip|Archive||'blkzip'00 29 | CRAMFS|Archive||453dcd28........................'Compressed ROMFS' 30 | CRX|Archive||'Cr24'02 31 | DCL|Archive||00069a68 32 | Device Independent Document|Document||f702018392c01c3b 33 | DirectDraw Surface|Image||'DDS '7C000000 34 | Embedded OpenType Font|Font|Contains the font and its parameters|......00..........000200 35 | Encapsulated PostScript|Image||'%!PS-Adobe-' 36 | FTCOMP|Archive||a596fdff 37 | Facebook Zstandard/ZSTD compressed data|Archive||28B52FFD 38 | GIF|Image|Animated image|'GIF8' 39 | GNU Gettext Machine Object|Binary||950412de00000000 40 | GNU Gettext Machine Object|Binary||de12049500000000 41 | GXL|Archive||01ca'Copyright (c) Genus Microprogramming, Inc.' 42 | GZIP|Archive||1F8B 43 | HUFF|Archive||bd01..00..00..000000 44 | INSA|Archive||0100......00ecf9 45 | InstallShield INST v3|Archive||2aab79d800010000 46 | InstallShield INX v7|Archive||74c42c84e1e5d428 47 | InstallShield ISN|Archive||..0fd28ccc1f..3c0d8e830dd88f25ac 48 | InstallShield v3|Archive||135d658c3a010200 49 | IzPack|Archive||aced00057704 50 | JNG|Image|Contains raster graphics|8B'JNG' 51 | JPEG (EXIF)|Image|Contains raster graphics|FFD8FFE1....'Exif'00 52 | JPEG (OLD)|Image|Contains raster graphics|FFD8FFDB 53 | JPEG|Image|Contains raster graphics|FFD8FFE0....'JFIF'00 54 | KWAJ by Microsoft|Archive||'KWAJ'88 55 | Khronos Texture (KTX1)|Image||'«KTX 11»'0D0A1A0A 56 | Khronos Texture (KTX2)|Image||'«KTX 20»'0D0A1A0A 57 | LHA|Archive||....'-lh'..2d 58 | LZFSE|Archive||'bvxn' 59 | LZK00|Archive||'LZK00'000000 60 | LZMA|Archive||5d0000....ffffffffffffffff00180ddd04 61 | LZOP Compressed data|Archive||89'LZO'000D0A1A0A 62 | Long Range ZIP|Archive||'LRZI' 63 | Lua Bytecode|Script|Lua machine code|1B'Lua'..00 64 | MDCD|Archive||'MDmd' 65 | MP3|Audio|Music or sounds|'ID3'??00 66 | MP4|Video|The most common way to record video|000000..'ftyp' 67 | MPQ by Blizzard|Archive||'MPQ'1a 68 | MSKN 2 (zlib)|Archive||'_MCT'00'KSLZ'789c 69 | MVA|Archive||'mflh'0100 70 | MZIP|Archive||'MZIP' 71 | Microsoft Access Workgroup Information|Binary||00010000'Jet System DB '00 72 | Microsoft Compound|Archive||D0CF11E0A1B11AE1 73 | Microsoft Program Information|Binary||'MICROSOFT PIFEX'0087010000 74 | Microsoft Word 2 document|Document|Old Microsoft Word format|dca5..00..................00000000 75 | Microsoft Word 2 document|Document|Old Microsoft Word format|eca5c100..................00000000 76 | Microsoft XNA Game Studio Binary Package|Binary||'XNB' 77 | Microsoft compiled HTML|Binary||'ITSF'..000000 78 | NanoZip v0.09|Archive||AE01'NanoZip 0.09 alpha' 79 | OpenType - CFF compact Font|Font|Contains the font and its parameters|'OTTO'................'CFF ' 80 | PAC by BVRP Software|Archive||'PAC - 'a9' BVRP Software 1990-2000' 81 | PACK|Archive||'PACK'............0000 82 | PCInstall|Archive||00000000000000000000000000007400010074000500 83 | PDF|Document||'%PDF' 84 | PP20|Archive||'PP20'09 85 | Package Data|Archive||0500000001000000??????????00???? 86 | PaperPort|Archive||'ViG'....1a 87 | Program Debug Database|Database|Contains program debugging information|'BSJB'01 88 | Program Debug Database|Database|Contains program debugging information|'Microsoft C/C++ MSF 7.00'0d 89 | PNG|Image|Raster graphics with transparency|89'PNG' 90 | Qt message|Binary|File containing text information of the Qt framework|3cb86418caef9c95 91 | Quick Help|Binary||'LN'0200 92 | RAR|Archive|Commercial WinRAR format|'Rar!'1a 93 | RAZOR Archive|Archive||'CM'2805060000 94 | RPM package|Archive||edabeedb0300 95 | Rich Text|Document|Formatted rich text data (.rtf)|'{\rtf1\' 96 | Rockstar Advanced Game resources|Archive|Used in the GTA series of games|'7FPR'????00 97 | SCO|Archive||1fa0 98 | SIT|Archive||'SIT!' 99 | SKF|Archive||06'SKF3.0' 100 | SQZE|Archive||'SQZE'010000 101 | SW|Archive||'im001V'......50....0000 102 | SZ by Microsoft|Archive||'SZ '88 103 | SZDD by Microsoft|Archive||'SZDD'88 104 | SaveDskF|Archive||aa59f0000002 105 | Snappy compressed data|Archive||FF060000'sNaPpY' 106 | Solaris Package|Archive||'# PaCkAgE DaTaStReAm' 107 | SquashFS (Big Endian)|Archive||'sqsh'0000 108 | SquashFS (Little Endian)|Archive||'hsqs'0300 109 | SQLite|Database||'SQLite format 3'00 110 | Security Catalog Files|Archive||3082....06092A864886F70D010702A0 111 | TAR|Archive|Archive without encryption or compression|................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................00'ustar' 112 | TPWM (BlueByte)|Archive||'TPWM' 113 | TsiLang binary translation data|Binary||'SIB file: TsiLang binary translation data' 114 | Universal Binary|Image||CAFEBABE 115 | UnrealEngine|Binary|Game engine format|C1832A9E 116 | VMS SaveSet|Archive||0001000401000100010000000000000000000000000000000000000000000000010101 117 | WAV|Audio||'RIFF' 118 | WPK|Archive||032401010100 119 | Windows Animated Cursor|Image||'RIFF'........'ACON' 120 | Windows Bitmap|Image|.bmp picture|'BM' 121 | Windows Cursor|Image|.cur cursor|00000200 122 | Windows Icon|Image|.ico icon|00000100 123 | Windows Imaging|Archive||'MSWIM'000000 124 | Windows Minidump|Binary|.dmp (process dump)|'MDMP'93a7 125 | Windows PE|Executable|Can be run on Windows OS|'MZ' 126 | Windows Shortcut|Binary||4c0000000114020000000000c000000000000046 127 | Windows Write document|Document|Microsoft Write format|31be000000ab0000 128 | Windows Write document|Document|Microsoft Write format|32be000000ab0000 129 | XAR|Archive||'xar!'001c00010000 130 | XFL game resources|Archive||'LB'0100 131 | XZ|Archive||fd'7zXZ'0000 132 | ZIP|Archive|Regular ZIP format|'PK'03 133 | ZOO|Archive||'ZOO'............'Archive' 134 | ZPAQ Compressed data|Archive||'7kSt' 135 | Zinc data|Binary||'Zinc Data File Version' 136 | Zipped ISO disk Image|Archive||'IsZ!@'01 137 | Z|Archive||1f9d 138 | WebM|Video|Is a royalty-free video format that supports VP8, VP9, and AV1 codecs|1A45DFA3........................................'webmB'87 139 | WebM|Video|Is a royalty-free video format that supports VP8, VP9, and AV1 codecs|1A45DFA3......................................................'webmB'87 140 | Resources|Archive|.NET resources format|CECAEFBE01000000910000006C'System.Resources.' 141 | Boot Image|Archive||'DCS'01 142 | Custom Application Compatibility Database|Database||0300000000000000'sdbf' 143 | Encrypted WSH (VBE/JSE)|Script|Encrypted VBScript/JScript|'#@~^' 144 | 145 | 146 | # Unknown result 147 | Unknown|Binary|Looks like a custom file format|?? -------------------------------------------------------------------------------- /src/.vs/Zeus_File_Identifier/FileContentIndex/8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/FileContentIndex/8a35768e-fe8a-4b7d-b13e-46ac25955983.vsidx -------------------------------------------------------------------------------- /src/.vs/Zeus_File_Identifier/FileContentIndex/a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/FileContentIndex/a38a3490-7af2-4900-ace0-d27ecc8e9dd5.vsidx -------------------------------------------------------------------------------- /src/.vs/Zeus_File_Identifier/v17/.suo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/DosX-dev/Zeus-File-Identifier/6953f3b500801926e58c6f942972c48edfa991b8/src/.vs/Zeus_File_Identifier/v17/.suo -------------------------------------------------------------------------------- /src/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /src/Main.vb: -------------------------------------------------------------------------------- 1 | ' Source code at GitHub: https://github.com/DosX-dev/Zeus-File-Identifier 2 | ' Coded by DosX 3 | 4 | Imports System.Security.Cryptography 5 | 6 | Module Main 7 | Sub Main(args As String()) 8 | Console.WriteLine(" 9 | ███████ ███████ ██ ██ ███████ 10 | ███ ██ ██ ██ ██ 11 | ███ █████ ██ ██ ███████ 12 | ███ ██ ██ ██ ██ 13 | ███████ ███████ ██████ ███████ 14 | FILE IDENTIFIER, (С) DosX 15 | ") 16 | 17 | Try 18 | Dim filePath As String = GetFilePathFromArgs(args) 19 | 20 | If String.IsNullOrEmpty(filePath) Then 21 | Console.Out.WriteLine("Missing --file argument") 22 | Return 23 | End If 24 | 25 | Dim fileChecker As New ZeusFileIdentifier.FileScanner("zeus.db"), 26 | result As ZeusFileIdentifier.Signature = fileChecker.CheckFile(filePath) 27 | 28 | Console.Out.WriteLine("[ ANALYSIS ]") 29 | Console.Out.WriteLine("File type name: " & result.FileTypeName) 30 | 31 | Dim fileTypeDescription As String = result.FileTypeDescription 32 | Console.Out.WriteLine("File type description: " & (If(fileTypeDescription.Length = 0, "-", fileTypeDescription))) 33 | 34 | Console.Out.WriteLine("File format: " & result.FormatType) 35 | 36 | Console.Out.WriteLine(vbLf & "[ GENERIC ]") 37 | 38 | Dim fileSize As Long = fileChecker.GetFileSize(filePath) 39 | Console.Out.WriteLine("File size: " & fileSize & " bytes or ~" & (fileSize / 1024) & " kilobytes or ~" & Math.Round(fileSize / 1024 / 1024 / 1024, 4) & " gigabytes") 40 | 41 | Dim fileEntropy As Double = fileChecker.CalculateEntropy(filePath) 42 | Console.Out.WriteLine("File entropy: " & Math.Round(fileEntropy, 2) & " out of 8 " & If(fileEntropy > 7.0, "[high; like compressed]", "[normal]")) 43 | 44 | Console.Out.WriteLine(vbLf & "[ HASHES ]") 45 | 46 | Dim md5Hash As String = fileChecker.GetFileHash(filePath, New MD5CryptoServiceProvider()) 47 | Console.Out.WriteLine($"MD5 hash: {md5Hash}") 48 | 49 | Dim sha1Hash As String = fileChecker.GetFileHash(filePath, New SHA1CryptoServiceProvider()) 50 | Console.Out.WriteLine($"SHA-1 hash: {sha1Hash}") 51 | 52 | Dim sha256Hash As String = fileChecker.GetFileHash(filePath, New SHA256CryptoServiceProvider()) 53 | Console.Out.WriteLine($"SHA-256 hash: {sha256Hash}") 54 | Catch ex As Exception 55 | Console.Out.WriteLine(ex.Message) 56 | End Try 57 | Console.WriteLine() 58 | End Sub 59 | 60 | Function GetFilePathFromArgs(args As String()) As String 61 | For i As Integer = 0 To args.Length - 2 62 | If args(i).ToLower() = "--file" Then 63 | Return args(i + 1) 64 | End If 65 | Next 66 | Return String.Empty 67 | End Function 68 | End Module -------------------------------------------------------------------------------- /src/My Project/Application.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | -------------------------------------------------------------------------------- /src/My Project/Application.myapp: -------------------------------------------------------------------------------- 1 |  2 | 3 | false 4 | false 5 | 0 6 | true 7 | 0 8 | 2 9 | true 10 | 11 | -------------------------------------------------------------------------------- /src/My Project/AssemblyInfo.vb: -------------------------------------------------------------------------------- 1 | Imports System 2 | Imports System.Reflection 3 | Imports System.Runtime.InteropServices 4 | 5 | ' Общие сведения об этой сборке предоставляются следующим набором 6 | ' набора атрибутов. Измените значения этих атрибутов, чтобы изменить сведения, 7 | ' связанные со сборкой. 8 | 9 | ' Проверьте значения атрибутов сборки 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 'Следующий GUID служит для идентификации библиотеки типов, если этот проект будет видимым для COM 21 | 22 | 23 | ' Сведения о версии сборки состоят из следующих четырех значений: 24 | ' 25 | ' Основной номер версии 26 | ' Дополнительный номер версии 27 | ' Номер сборки 28 | ' Редакция 29 | ' 30 | ' Можно задать все значения или принять номера сборки и редакции по умолчанию 31 | ' используя "*", как показано ниже: 32 | ' 33 | 34 | 35 | 36 | -------------------------------------------------------------------------------- /src/My Project/Resources.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | 15 | Namespace My.Resources 16 | 17 | 'This class was auto-generated by the StronglyTypedResourceBuilder 18 | 'class via a tool like ResGen or Visual Studio. 19 | 'To add or remove a member, edit your .ResX file then rerun ResGen 20 | 'with the /str option, or rebuild your VS project. 21 | ''' 22 | ''' A strongly-typed resource class, for looking up localized strings, etc. 23 | ''' 24 | _ 28 | Friend Module Resources 29 | 30 | Private resourceMan As Global.System.Resources.ResourceManager 31 | 32 | Private resourceCulture As Global.System.Globalization.CultureInfo 33 | 34 | ''' 35 | ''' Returns the cached ResourceManager instance used by this class. 36 | ''' 37 | _ 38 | Friend ReadOnly Property ResourceManager() As Global.System.Resources.ResourceManager 39 | Get 40 | If Object.ReferenceEquals(resourceMan, Nothing) Then 41 | Dim temp As Global.System.Resources.ResourceManager = New Global.System.Resources.ResourceManager("Zeus_File_Identifier.Resources", GetType(Resources).Assembly) 42 | resourceMan = temp 43 | End If 44 | Return resourceMan 45 | End Get 46 | End Property 47 | 48 | ''' 49 | ''' Overrides the current thread's CurrentUICulture property for all 50 | ''' resource lookups using this strongly typed resource class. 51 | ''' 52 | _ 53 | Friend Property Culture() As Global.System.Globalization.CultureInfo 54 | Get 55 | Return resourceCulture 56 | End Get 57 | Set(ByVal value As Global.System.Globalization.CultureInfo) 58 | resourceCulture = value 59 | End Set 60 | End Property 61 | End Module 62 | End Namespace 63 | -------------------------------------------------------------------------------- /src/My Project/Resources.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | text/microsoft-resx 107 | 108 | 109 | 2.0 110 | 111 | 112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 113 | 114 | 115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | -------------------------------------------------------------------------------- /src/My Project/Settings.Designer.vb: -------------------------------------------------------------------------------- 1 | '------------------------------------------------------------------------------ 2 | ' 3 | ' This code was generated by a tool. 4 | ' Runtime Version:4.0.30319.42000 5 | ' 6 | ' Changes to this file may cause incorrect behavior and will be lost if 7 | ' the code is regenerated. 8 | ' 9 | '------------------------------------------------------------------------------ 10 | 11 | Option Strict On 12 | Option Explicit On 13 | 14 | 15 | Namespace My 16 | 17 | _ 20 | Partial Friend NotInheritable Class MySettings 21 | Inherits Global.System.Configuration.ApplicationSettingsBase 22 | 23 | Private Shared defaultInstance As MySettings = CType(Global.System.Configuration.ApplicationSettingsBase.Synchronized(New MySettings), MySettings) 24 | 25 | #Region "My.Settings Auto-Save Functionality" 26 | #If _MyType = "WindowsForms" Then 27 | Private Shared addedHandler As Boolean 28 | 29 | Private Shared addedHandlerLockObject As New Object 30 | 31 | _ 32 | Private Shared Sub AutoSaveSettings(ByVal sender As Global.System.Object, ByVal e As Global.System.EventArgs) 33 | If My.Application.SaveMySettingsOnExit Then 34 | My.Settings.Save() 35 | End If 36 | End Sub 37 | #End If 38 | #End Region 39 | 40 | Public Shared ReadOnly Property [Default]() As MySettings 41 | Get 42 | 43 | #If _MyType = "WindowsForms" Then 44 | If Not addedHandler Then 45 | SyncLock addedHandlerLockObject 46 | If Not addedHandler Then 47 | AddHandler My.Application.Shutdown, AddressOf AutoSaveSettings 48 | addedHandler = True 49 | End If 50 | End SyncLock 51 | End If 52 | #End If 53 | Return defaultInstance 54 | End Get 55 | End Property 56 | End Class 57 | End Namespace 58 | 59 | Namespace My 60 | 61 | _ 64 | Friend Module MySettingsProperty 65 | 66 | _ 67 | Friend ReadOnly Property Settings() As Global.Zeus_File_Identifier.My.MySettings 68 | Get 69 | Return Global.Zeus_File_Identifier.My.MySettings.Default 70 | End Get 71 | End Property 72 | End Module 73 | End Namespace 74 | -------------------------------------------------------------------------------- /src/My Project/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /src/SignatureType.vb: -------------------------------------------------------------------------------- 1 | ' Source code at GitHub: https://github.com/DosX-dev/Zeus-File-Identifier 2 | ' Coded by DosX 3 | 4 | Imports System.IO 5 | Imports System.Security.Cryptography 6 | Imports System.Text 7 | Imports System.Text.RegularExpressions 8 | 9 | Namespace ZeusFileIdentifier 10 | Class FileScanner 11 | Private database = String.Empty 12 | 13 | Sub New(databasePath) 14 | database = databasePath 15 | End Sub 16 | 17 | Public Function CheckFile(filePath As String) 18 | If File.Exists(filePath) Then 19 | If New FileInfo(filePath).Length = 0 Then 20 | Return New Signature("Empty file", "-", "", "") 21 | Else 22 | If IsFileBinary(filePath) Then 23 | Return IdentifyFileType(filePath) 24 | Else 25 | Return New Signature("Simple text file", "Text", "", "") 26 | End If 27 | End If 28 | Else 29 | Throw New Exception("File not found.") 30 | End If 31 | End Function 32 | 33 | Private Function IdentifyFileType(filePath As String) As Signature 34 | Dim dataBaseLine As List(Of Signature) = LoadSignatures(database) 35 | 36 | Dim fileBytes(500) As Byte 37 | Using fs As New FileStream(filePath, FileMode.Open, FileAccess.Read) 38 | fs.Read(fileBytes, 0, 501) 39 | End Using 40 | 41 | Dim fileStartsWith As String = BitConverter.ToString(fileBytes).Replace("-", "").ToLower() 42 | 43 | For Each signature In dataBaseLine 44 | If CompareBytesStartFromMask(signature.HexSignature, fileStartsWith) Then 45 | Return signature 46 | End If 47 | Next 48 | 49 | Return New Signature("Unknown", "Unknown", "", "") 50 | End Function 51 | 52 | Private Function LoadSignatures(dbFilePath As String) As List(Of Signature) 53 | Dim signatures As New List(Of Signature) 54 | If File.Exists(dbFilePath) Then 55 | Dim lines As String() = File.ReadAllLines(dbFilePath) 56 | For Each line As String In lines 57 | Dim parts As String() = line.Split("|"c) 58 | If parts.Length = 4 AndAlso Not line.StartsWith("#") Then 59 | Dim signature As New Signature(parts(0), parts(1), parts(2), parts(3)) 60 | signatures.Add(signature) 61 | End If 62 | Next 63 | End If 64 | 65 | Return signatures 66 | End Function 67 | 68 | Private Function IsFileBinary(filePath As String) As Long 69 | Dim bufferSize As Long = 1024 70 | Dim buffer(bufferSize - 1) As Byte 71 | 72 | Using fileStream As FileStream = New FileStream(filePath, FileMode.Open, FileAccess.Read) 73 | Dim bytesRead As Long = fileStream.Read(buffer, 0, bufferSize) 74 | 75 | For i As Long = 0 To bytesRead - 1 76 | If buffer(i) < 32 AndAlso buffer(i) <> 9 AndAlso buffer(i) <> 10 AndAlso buffer(i) <> 13 Then 77 | Return True 78 | End If 79 | Next 80 | End Using 81 | 82 | Return False 83 | End Function 84 | 85 | Private Function CompareBytesStartFromMask(stringMask As String, bytesSample As String) As Boolean 86 | Dim regex As New Regex("'(.*?)'"), 87 | matches As MatchCollection = regex.Matches(stringMask) 88 | 89 | For Each match As Match In matches 90 | Dim dynamicBytes As String = match.Groups(1).Value, 91 | dynamicBytesHex As String = BitConverter.ToString(Encoding.ASCII.GetBytes(dynamicBytes)).Replace("-", "") 92 | 93 | stringMask = stringMask.Replace("'" & dynamicBytes & "'", dynamicBytesHex) 94 | Next 95 | 96 | stringMask = stringMask.ToLower() 97 | 98 | Dim maskPattern As String = Regex.Replace(stringMask, "\?\?", ".."), 99 | regexPattern As New Regex("^" & maskPattern) 100 | 101 | Return regexPattern.IsMatch(bytesSample) 102 | End Function 103 | 104 | Public Function CalculateEntropy(filePath As String) As Double 105 | Dim byteFrequency As New Dictionary(Of Byte, Long)() 106 | Using fs As New FileStream(filePath, FileMode.Open, FileAccess.Read) 107 | Dim bufferSize As Integer = 4096, 108 | buffer(bufferSize - 1) As Byte, 109 | bytesRead As Integer 110 | Do 111 | bytesRead = fs.Read(buffer, 0, bufferSize) 112 | 113 | For i As Integer = 0 To bytesRead - 1 114 | Dim b As Byte = buffer(i) 115 | 116 | If byteFrequency.ContainsKey(b) Then 117 | byteFrequency(b) += 1 118 | Else 119 | byteFrequency(b) = 1 120 | End If 121 | Next 122 | 123 | Loop While bytesRead > 0 124 | End Using 125 | 126 | Dim totalBytes As Long = New FileInfo(filePath).Length 127 | Dim entropy As Double = 0.0 128 | 129 | For Each count As Long In byteFrequency.Values 130 | Dim probability As Double = count / totalBytes 131 | entropy -= probability * Math.Log(probability, 2) 132 | Next 133 | 134 | Return entropy 135 | End Function 136 | 137 | Function GetFileHash(filePath As String, hashAlgorithm As HashAlgorithm) As String 138 | Try 139 | Using fileStream As FileStream = File.OpenRead(filePath) 140 | Dim hashBytes() As Byte = hashAlgorithm.ComputeHash(fileStream) 141 | Return BitConverter.ToString(hashBytes).Replace("-", "").ToLower() 142 | End Using 143 | Catch ex As Exception 144 | Console.WriteLine($"Ошибка при вычислении хеша: {ex.Message}") 145 | Return String.Empty 146 | End Try 147 | End Function 148 | 149 | Function GetFileSize(filePath) As Long 150 | Return New FileInfo(filePath).Length 151 | End Function 152 | End Class 153 | 154 | Class Signature 155 | Public Property FileTypeName As String 156 | Public Property FormatType As String 157 | Public Property FileTypeDescription As String 158 | Public Property HexSignature As String 159 | 160 | Public Sub New(FormatType As String, signatureType As String, fileTypeDescription As String, hexSignature As String) 161 | Me.FileTypeName = FormatType 162 | Me.FormatType = signatureType 163 | Me.FileTypeDescription = fileTypeDescription 164 | Me.HexSignature = hexSignature 165 | End Sub 166 | End Class 167 | 168 | End Namespace -------------------------------------------------------------------------------- /src/Zeus_File_Identifier.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.7.34031.279 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{F184B08F-C81C-45F6-A57F-5ABD9991F28F}") = "Zeus_File_Identifier", "Zeus_File_Identifier.vbproj", "{0732049E-7FC4-4B46-B946-0A8B4A1A81C3}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Debug|x64 = Debug|x64 12 | Release|Any CPU = Release|Any CPU 13 | Release|x64 = Release|x64 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 17 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|Any CPU.Build.0 = Debug|Any CPU 18 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|x64.ActiveCfg = Debug|x64 19 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Debug|x64.Build.0 = Debug|x64 20 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|Any CPU.ActiveCfg = Release|Any CPU 21 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|Any CPU.Build.0 = Release|Any CPU 22 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|x64.ActiveCfg = Release|x64 23 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3}.Release|x64.Build.0 = Release|x64 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {D4DAA110-F157-41FB-AB6F-2343CFBD3B5B} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /src/Zeus_File_Identifier.vbproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | Debug 6 | AnyCPU 7 | {0732049E-7FC4-4B46-B946-0A8B4A1A81C3} 8 | Exe 9 | Zeus_File_Identifier.Main 10 | Zeus_File_Identifier 11 | Zeus_File_Identifier 12 | 512 13 | Console 14 | v4.7.2 15 | true 16 | true 17 | 18 | 19 | AnyCPU 20 | true 21 | full 22 | true 23 | true 24 | bin\Debug\ 25 | Zeus_File_Identifier.xml 26 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 27 | 28 | 29 | x64 30 | pdbonly 31 | false 32 | true 33 | true 34 | bin\Release\ 35 | Zeus_File_Identifier.xml 36 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 37 | false 38 | 39 | 40 | On 41 | 42 | 43 | Binary 44 | 45 | 46 | Off 47 | 48 | 49 | On 50 | 51 | 52 | true 53 | true 54 | true 55 | bin\x64\Debug\ 56 | Zeus_File_Identifier.xml 57 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 58 | full 59 | x64 60 | true 61 | 62 | 63 | true 64 | bin\Release\ 65 | Zeus_File_Identifier.xml 66 | true 67 | 42016,41999,42017,42018,42019,42032,42036,42020,42021,42022 68 | pdbonly 69 | x64 70 | true 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | True 98 | Application.myapp 99 | 100 | 101 | True 102 | True 103 | Resources.resx 104 | 105 | 106 | True 107 | Settings.settings 108 | True 109 | 110 | 111 | 112 | 113 | 114 | VbMyResourcesResXFileCodeGenerator 115 | Resources.Designer.vb 116 | My.Resources 117 | Designer 118 | 119 | 120 | 121 | 122 | MyApplicationCodeGenerator 123 | Application.Designer.vb 124 | 125 | 126 | SettingsSingleFileGenerator 127 | My 128 | Settings.Designer.vb 129 | 130 | 131 | 132 | 133 | -------------------------------------------------------------------------------- /src/Zeus_File_Identifier.vbproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Zeus_File_Identifier.exe --file Zeus_File_Identifier.exe 5 | 6 | 7 | Zeus_File_Identifier.exe --file Zeus_File_Identifier.exe 8 | 9 | --------------------------------------------------------------------------------