By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,278 Members | 1,357 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,278 IT Pros & Developers. It's quick & easy.

[Win32] Regexing a pattern from a binary file?

P: n/a
Hi,

I'm a PHP newbie, and am stuck as to why I can't find a pattern in a
Win32 binary file.

I'm actually trying to extract the FileVersion information myself
since PHP under Unix doesn't seem to offer support for the PE file
format:

-------------
<?php
$file = "C:\\temp\\test.exe";
$fp = fopen($file, "rb");
$contents = fread($fp, filesize($file));
fclose($fp);

//Unicode?
//If (eregi('F.i.l.e.V.e.r.s.i.o.n', $contents)) {
//if (eregi('FileVersion', $contents)) {

if (eregi("This program cannot be run in DOS mode",
$contents)) {
print "OK!";
} else {
print "Outta luck...";
}
exit;

?>
-------------

Any idea?

Thank you for any tip
Fred.
Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a

"Fred the man" <fr**@acme.com> wrote in message
news:le********************************@4ax.com...
Hi,

I'm a PHP newbie, and am stuck as to why I can't find a pattern in a
Win32 binary file.

I'm actually trying to extract the FileVersion information myself
since PHP under Unix doesn't seem to offer support for the PE file
format:

-------------
<?php
$file = "C:\\temp\\test.exe";
$fp = fopen($file, "rb");
$contents = fread($fp, filesize($file));
fclose($fp);

//Unicode?
//If (eregi('F.i.l.e.V.e.r.s.i.o.n', $contents)) {
//if (eregi('FileVersion', $contents)) {

if (eregi("This program cannot be run in DOS mode",
$contents)) {
print "OK!";
} else {
print "Outta luck...";
}
exit;


Hmmm, maybe the Posix RegExp library isn't binary safe? Use the Perl 5 set
of functions instead:

$fv = 'F\0i\0l\0e\0V\0e\0r\0s\0i\0o\0n\0';
$tz = '\0\0\0\0';

if(preg_match("/$fv$tz(.*?)$tz/", $contents, $matches)) {
echo str_replace("\0", "", $matches[1]);
}
Jul 17 '05 #2

P: n/a
On Thu, 17 Jun 2004 19:44:31 -0400, "Chung Leong"
<ch***********@hotmail.com> wrote:
Hmmm, maybe the Posix RegExp library isn't binary safe? Use the Perl 5 set
of functions instead:


Thx Chung :-) Indeed, it seems erg() doesn't like non-printable
characters.

For those interested in searching a pattern that may contain ASCII
0's, here's the code:

-----------------
$file = "c:\\temp\\test.exe";
$fp = fopen($file, "rb");
$contents = fread($fp, filesize($file));
fclose($fp);

$fv = 'F\0i\0l\0e\0V\0e\0r\0s\0i\0o\0n\0\0\0\0\0';
$tz = "\0\0";
if(preg_match("/$fv(.*?)$tz/", $contents, $matches)) {
//Looking for eg. 1.000 with 0's in between
if (preg_match("/(\\d)\\0\.\\0(\\d+)\\0(\\d+)\\0
(\\d+)\\0/",$matches[1],$version)) {
print "Version1=$version[1]<p>";
print "Version2=$version[2]<p>";
print "Version3=$version[3]<p>";
print "Version4=$version[4]<p>";
} else {
print "Sorry";
} else {
print "BAD";
}
---------------------

If you wish to replace ASCII 0's with eg. #, here's the code:
---------------
//\x = by default, means \x0, ie. match any ASCII 0 :-)
$output=preg_replace('/\x00/','#',$matches[1]);
---------------

I haven't found how to replace a character with a TAB (\t, or \\t, or
\\\\t don't work.)

Thx again
Fred.
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.