1) Disclaimer ============= do-hash.cmd was written by Joerg Helmert based on ideas of Shalla Secure Services (http://www.shalla.de). I just followed their call for a windows program ;-) Be warned. As always: no warranty. Script run several times on Vista and Windows XP. May run on Windows 2000 or Windows NT (not sure if cmd.exe includes enough functionality in this versions of windows) Will not run on WinMe/95 or earlier due to the limitations of command.com... Cheers, Joerg (October 2009) Contact: joerg.helmert(AT)gmx.de be warned! emails for this account read rather seldom! 2) Description ============== do-hash.cmd is a Windows Batch Script which can be used to calculate md5, sha256 and tiger hashsums of a given file or all files in a directory. Recursion through subdirectories is also possible. Additionally do-hash.cmd can read some file attributes to improve identifiability of a given file. The generated data is print to stdout in a format which is compatible to Shalla Secure Services Hash Database import format. ||||||| Since permissions on windows are not that easy printable, I have omited them. do-hash.cmd enables you to add one custom annotation to every line of output. This can be used to describe, on which system the hashsums were collected. Further annotations, collected automatically (version, headertype... see filever below), are printed after that custom annotation. 3) Depenendcies =============== 3a) Needed ---------- do-hash.cmd uses "hashdeep.exe" a hashprogram from the md5deep suite, which can calculate all needed hashsums in one run. Without hashdeep do-hash.cmd will not work. It would have to be rewritten to use different hash programs! The location of hashdeep.exe can be edited within do-hash.cdm or the script can search for it within the search path. 3b) Optional ------------ do-hash.cmd can make use of filever.exe, a tool from the "Wondows XP Support Tools". Filever.exe reads values from file properties like version, language filetype, headertype and others. The location of filever.exe can be edited within do-hash.cdm or the script can search for it within the search path. 3c) Operating Systems --------------------- do-hash.cmd was developed using vista and tested on Windows XP. Feel free to test on other OSes and share your experience. 3) Usage ======== Usage: do-hash.cmd [Options] Options: ======== -a "": sets annotation text. -r: recurse through subdirectories -d: print debug output, while executing -b: ommit pretty error and result messages Parameters: =========== : Filename or directory to calculate hash of -d is most usefull while further developing the script -b is usefull to omit pretty errormessages while running in batch. do-hash.cmd should always return a unique error numberm, which can be used to find the cause of the error. See source for errornumbers. No documentation at this time ;-) 4) Examples =========== 4a) Calling do-hash.cmd ----------------------- do-hash.cmd calculates hashes of a single file do-hash.cmd calculates hashes of all files in directory do-hash.cmd -r calculates hashes of all files in directory and all subdirectories do-hash.cmd -a "Hashes collected on Vista SP2" adds the given text to annotation in output. 4b) Output ---------- original output: one line per file! hashes abbreviated to save space! do-hash.cdm called without option -a, filever was found: 6...9|a...a|7...7|c:\windows\system32\admparse.dll|72704|-|APP| Windows File Properties: attributes=--a-- fileheader=W32i language=ENU version=8.0.6001.18702 shippingtype=shp filedate=03-08-2009 do-hash.cdm called with option -a, filever was found: 6...9|a...a|7...7|c:\windows\system32\admparse.dll|72704|-|APP| "Windows Vista 32bit SP2 with hotfixes as of 10/01/2009" Windows File Properties: attributes=--a-- fileheader=W32i language=ENU version=8.0.6001.18702 shippingtype=shp filedate=03-08-2009 do-hash.cdm called without option -a, filever NOT found: 6...9|a...a|7...7|c:\windows\system32\admparse.dll|72704|-|-| do-hash.cdm called with option -a, filever NOT found: 6...9|a...a|7...7|c:\windows\system32\admparse.dll|72704|-|-| "Windows Vista 32bit SP2 with hotfixes as of 10/01/2009" 5) Annex ======== 5a) hashdeep ------------ Source: http://md5deep.sourceforge.net/ Download and extract to a certain directory. C:\bin\ is used in do-hash.cmd, but this may be edited by you. Or set PATH accordingly and do-hash.cmd will find hashdeep.exe. 5b) filever ----------- Source: Microsoft. Several Versions available. Use newest. Best search for filever.exe (maybe on google...) After downloading open ".exe" file e.g. with 7zip. Extract just filever.exe. No need to install if you don't like. Copy filever.exe to a certain directory. C:\bin\ is used in do-hash.cmd, but this may be edited by you. Or set PATH accordingly and do-hash.cmd will find filever.exe. Called with "filever.exe " it prints out: Attributes Header Type Language Version Shipping_type Size Date Location Attributes: Windows file attributes. drash --> directory, readonly, archive, system, hidden Attributes not set are representated by a "-" --> file with only archive set: --a-- Header: File Header. Only printed für windows executables. Output depends on Windows and filever version (32bit vs 64bit) examples: W32i64, Wx64, W32, W32i, W16, DOS Type: File Type. Only printed for certain filetypes. examples: DLL, APP (application like .exe) Language: 3 letter language code. examples: ENU (english US), DEU (deutsch or german) Version: Version number, embedded into file, only printed for certain types example: 8.0.6001.18702 (Microsofts Version number for admparse.dll) Shipping_type: Type of delivery. example: shp (shipping version), dbg (debug version) Size: Filesize. do-hash.cmd uses filesize calculated by hashdeep instead. Date: File Date. I assume cration time, but I dind't evaluate... Location: Fullname of file (including path). do-hash.cmd uses fullname provided by hashdeep instead. (This name is used to call filever. Doesn't make sense to use filevers output in that case...)