jhoffa
November 7th, 2005, 06:50 PM
I was wondering if there was an easy way to hash within alternate streams.
I ran a quick test by forking a program ADSSTREAMTEST.exe with another program ADSTEST.exe, then tested for streams:
Location:C:\Documents and Settings\User1\Desktop\ADSSTREAMTEST.exe:ADSTEST.exe
StreamName:ADSTEST.exe
StreamID:BACKUP_ALTERNATE_DATA (4)
StreamAttributes:STREAM_NORMAL_ATTRIBUTE. (0)
DataSize:25600 Bytes
NameSize:36 Bytes
I hashed the file ADSSTREAMTEST.exe using SHA512. Removed the additional stream by copying the file onto FAT and back to NTFS again. The streams were removed but the hashsum remains the same, so I guess it's ignoring everything but the main datastream.
I reforked the file, tested for streams, and tried to rehash again this time hashing ADSSTREAMTEST.exe:ADSTEST.exe, but the hash failed to produce a sum. Did I do something wrong in my test? Is there an easy way to hash each stream individually?
edit: woops sorry, posted in the wrong section... still pretty new to this site. great site btw guys and keep up the good work!
I ran a quick test by forking a program ADSSTREAMTEST.exe with another program ADSTEST.exe, then tested for streams:
Location:C:\Documents and Settings\User1\Desktop\ADSSTREAMTEST.exe:ADSTEST.exe
StreamName:ADSTEST.exe
StreamID:BACKUP_ALTERNATE_DATA (4)
StreamAttributes:STREAM_NORMAL_ATTRIBUTE. (0)
DataSize:25600 Bytes
NameSize:36 Bytes
I hashed the file ADSSTREAMTEST.exe using SHA512. Removed the additional stream by copying the file onto FAT and back to NTFS again. The streams were removed but the hashsum remains the same, so I guess it's ignoring everything but the main datastream.
I reforked the file, tested for streams, and tried to rehash again this time hashing ADSSTREAMTEST.exe:ADSTEST.exe, but the hash failed to produce a sum. Did I do something wrong in my test? Is there an easy way to hash each stream individually?
edit: woops sorry, posted in the wrong section... still pretty new to this site. great site btw guys and keep up the good work!