我想遍历一个给定的目录,并查找该目录的任何常规文件中是否存在给定的文件签名.
以下是我的代码:
char* given_signature = "981d0000ec33fffffb06000000460e10";
int file_sign(char* path){
FILE* file = fopen(path, "rb");
if(!file){
printf("error with file opening");
return -1;
}
fseek(file, 0, SEEK_END);
long filelen = ftell(file);
fseek(file, 0, SEEK_SET);
char* buffer = malloc(filelen);
if(buffer)
fread(buffer, 1, filelen, file);
fclose(file);
for(int i = 0; i < filelen - 16; i++){
if(memcmp(buffer + i, given_signature, 16) == 0){
printf("Signature found in %s\n", path);
}
}
free(buffer);
return 0;
}
void traverse_dirs(char* base_path){
char path[_MAX_LINE_];
struct dirent* dp;
DIR* dir = opendir(base_path);
if(!dir)
return;
while((dp = readdir(dir)) != NULL){
if(strcmp(dp->d_name, ".") == 0 || strcmp(dp->d_name, "..") == 0)
continue;
strcpy(path, base_path);
strcat(path, "/");
strcat(path, dp->d_name);
if(dp->d_type == DT_REG){
file_sign(path);
}
traverse_dirs(path);
}
closedir(dir);
}
遍历是正确的,因为它适用于其他函数.所以问题出在file_sign()函数,但我找不到我做错了什么.
会不会是我执行的签名错误了?我可以这样做吗?
char* given_signature[] = {"98", "1d", "00", "00", "ec", "33", "ff", "ff", "fb", "06", "00", "00", "00", "46", "0e", "10"};
然后逐字节解析文件如果是的话,我该怎么做?
有什么 idea 吗?