This is the third part of this series and this part is dedicated to the two functions that handle file signatures. They are almost identical but I decided not to modularize them futher, as they are called for different purposes. But you could argue the code duplication and break it down even further.
I want to start by saying that these functions are by no means “The Definitive File Signature” functions. I’ve also decided to limit the file signature check to one signature.
Just to show the method rather than trying to solve every scenario I could think of.
It’s also worth mentioning that the “world” of file signatures are not that consistent.
Or maybe I should really say that there are sometimes many variants of the same type of files.
A prime example are plain text files.
If you save a .txt file from notepad in the default ANSI format you will get one signature.
If you save the file in the UTF-8 format you will get another signature.
So be aware that unless a file type always get the same signature the results may not be what you expect.
I would recommend looking at the following sites if you want to the review the file types you’re looking for.
Test-FileSignature is the helper function that will return true or false if the signature matches the supplied file path. Again we are using QuickIO.Net to get the file signature because we can’t rely on Get-Content, due to the 260 character limitation.
The function need the path to the file and the signature to check against.
The signature need to be in hexadecimal if you are using this function by itself.
The reason is that all the sites that list file signatures are presenting them in hex.
This function was really added so that it would be possible to use an existing file as a file signature example. Rather than having to look the extension up on one of the sites above.
The main difference from an option perspective is that you can chose a signature length.
As default it will check the first 4 bytes of a file but if the files you’re looking for have a longer or shorter signature, then you can change the amount of bytes to collect from the file.
Get-FileSignature -FilePath C:\tmp\textfile.txt -SignatureLength 3
In the above example we will collect the signature using the first 3 bytes rather than the default.
This is actually a little tip and example of the signature variants of text files.
If you’re searching for UTF8 encoded textfiles they all seem to share the first 3 bytes.
I’ll stop here with the explanations and leave it up to you to try out.
Due to a bit of confusion in the first post about downloading QuickIO.Net, here are the methods I’ve used to download the library:
- From within Visual Studio using the Nuget-package manager.
- By downloading the Nuget command line tool and use that to download the library.
Installation instructions are probably the wrong term as it’s a powershell module and manifest.
While using the module I’ve used the standard powershell path and the QuickIO library in a subfolder:
Module/Manifest: C:\Program Files\WindowsPowershell\Modules\GetFilteredFileList QuickIO DLL: C:\Program Files\WindowsPowershell\Modules\GetFilteredFileList\QuickIO
If e.g. you put the DLL somewhere else then use the QuickIOPath parameter.
The code/functions in this post and site is supplied AS IS, without any warranties or support. I assume no responsibility or liability for the use of the code/functions.