Im currently wanting to open a file on my Hard Drive, and be able to scan it's contents to see if it has any bytes that match a specific pattern of bytes which i have stored in a byte array. Im curious as to how i can do this? will i need to use api functions, if so which ones should i read into? Also what would be an efficient way to do such a task? Can i accomplish this by opening a file in binary mode using the C++ fstream(i wanna scan in and compare the bytes to hex values for example)

i dont wanna see compare bytes like this 00000001(in binary) i wanna compare the equivalent in hex 0x0001....would i have to physically scan in the bytes and convert them to hex myself before i do a comparison? -thx!

Just open the file in binary mode and read it. Nothing magical or hard about it. You don't need APIs.

And in a computer, all values are numbers. And all bases (binary, decimal, hex) are equivalent. For example, if xval=66, all these statements test TRUE:

if (xval == 66)      // decimal 
    if (xval == 0x42)    // hex
    if (xval == 'B')     // character

There is no 'native' binary in C++. Hex is the closest we have

i c! thanks! also what would be the most efficient way of scanning thru a file on disk in your opinion if i were to scan it for a certain byte signature? also will c++ let you open a .exe or any file for that matter in binary mode? or must it have .bin format? if so how do i get around this??

Edited 5 Years Ago by lochnessmonster: n/a

will c++ let you open a .exe or any file for that matter in binary mode?

Yes.

what would be the most efficient way of scanning thru a file on disk

Don't do any conversion to hex or any other text format; just compare the raw bytes.

#include <fstream>
#include <iterator>
#include <algorithm>

typedef unsigned char byte ;

bool is_byte_seq_present_in_file( const char* file_path,
                        const byte* byte_array, std::size_t array_size )
{
    // 1. open the file in binary mode
    std::ifstream file( file_path, std::ios::binary ) ;

    // 2. create a pair of iterators to iterate over the sequence of bytes in the file
    std::istream_iterator<byte> begin(file), end ;

    // 3. use std::search() to search for the byte sequence in the file
    return std::search( begin, end, byte_array, byte_array+array_size ) != end ;
}

1 last question!

1.) Wouldn't it be pointless to scan in the beginning of a windows PE? it seems like at the top of a .exe there is junk...such as msdos header....and it seems like this could possibly miss allign the reading of bytes and make the comparison not give correct results? Shouldn't you start right at the codes entrypoint or no?

This article has been dead for over six months. Start a new discussion instead.