如何使用SigCheck的输出使用批处理进行条件陈述? [英] How to use output from SigCheck to make conditional statment using batch?

问题描述

我正在使用Sigcheck检查exe文件(MSACCESS.EXE)的MachineType

I am using Sigcheck to check the MachineType of an exe file (MSACCESS.EXE)

如果Sigcheck指出exe的MachineType是32位GOTO ...

如果Sigcheck指出exe的MachineType是64位GOTO ...

这怎么写?终端中Sigcheck.exe的输出为:

 c:\program files (x86)\microsoft office\office16\MSACCESS.EXE:

    Verified:       Signed
    Signing date:   9:51 AM 1/23/2019
    Publisher:      Microsoft Corporation
    Company:        Microsoft Corporation
    Description:    Microsoft Access
    Product:        Microsoft Office 2016
    Prod version:   16.0.4813.1000
    File version:   16.0.4813.1000
    MachineType:    32-bit

更新:

这是我收到的输出

更多详细信息:

使用Sigcheck.exe

Using Sigcheck.exe

我首先运行以下批处理脚本:

I first run the following my batch script:

@echo off
sigcheck.exe "C:\Program Files (x86)\Microsoft Office\Office16\MSACCESS.EXE"

接着你说的话:

Set TestPath=%1
for /F "delims=" %%l in ('sigcheck %TestPath%^|findstr MachineType') do set ArchLine=%%l

if not "%ArchLine%"=="%ArchLine:64=%" echo The file is 64bit
if not "%ArchLine%"=="%ArchLine:32=%" echo The file is 32bit

永远不会有两个32/64位响应，因为我只指向1个文件.

因此在这种情况下，它应该只说文件为32位"

So in this case it should only say "The file is 32bit"

更新2:

@echo off

sigcheck.exe "c:\program files (x86)\microsoft office\root\office16\MSACCESS.EXE"

Set TestPath=%1

:: See if sigcheck is in the path
where sigcheck.exe 2>NUL 1>NUL
if not "%ERRORLEVEL%"=="0" echo sigcheck.exe is not in your path && PAUSE

:: Make sure the file exists
if not exist "%TestPath%" echo %TestPath% does not exist && PAUSE

for /F "delims=" %%l in ('sigcheck %TestPath%^|findstr MachineType') do set ArchLine=%%l

if not "%ArchLine%"=="%ArchLine:n/a=%" echo Not an executable file && PAUSE
if not "%ArchLine%"=="%ArchLine:64=%" echo 64bit
if not "%ArchLine%"=="%ArchLine:32=%" echo 32bit

以下是我得到的完整答复:

Sigcheck v2.72 - File version and signature viewer Copyright (C)
2004-2019 Mark Russinovich Sysinternals - www.sysinternals.com


c:\program files (x86)\microsoft office\root\office16\MSACCESS.EXE:

    Verified:       Signed
    Signing date:   6:18 AM 3/6/2019
    Publisher:      Microsoft Corporation
    Company:        Microsoft Corporation
    Description:    Microsoft Access
    Product:        Microsoft Office
    Prod version:   16.0.11328.20158
    File version:   16.0.11328.20158
    MachineType:    32-bit  does not exist Press any key to continue . . .

推荐答案

这应该有效. 我已经删除了东西供您查找.

This should work. I have removed the stuff for you to figure out.

@echo off

:: Assign the first parameter passed to this batch file to the 
:: following variable.  This batch NEEDs something to look up.
Set PEBinaryPath=%~1

:: Make sure the caller passed at least one command line parameter.
if "%PEBinaryPath%"=="" (
    echo %~nx0 requires one parameter.  
    echo This parameter is the path to a PE binary to check for compiled architecture.
    echo Ie. %~nx0 "%windir%\Sytem32\notepad.exe"
    goto :EOF
)

:: See if sigcheck is in the path
where sigcheck.exe 2>NUL 1>NUL
if not "%ERRORLEVEL%"=="0" echo sigcheck.exe is not in your path&& goto :EOF

:: Make sure the file exists
if not exist "%PEBinaryPath%" echo %PEBinaryPath% does not exist&& goto :EOF

:: Take the output from sigcheck, parse it and put it into a variable called MachineTypeLine
for /F "delims=" %%l in ('sigcheck "%PEBinaryPath%"^|findstr MachineType') do set MachineTypeLine=%%l

:: See if the line contains "n/a", 64, or 32
if not "%MachineTypeLine%"=="%MachineTypeLine:n/a=%" echo Not a PE format binary file&& goto :EOF
if not "%MachineTypeLine%"=="%MachineTypeLine:64=%"  echo 64bit
if not "%MachineTypeLine%"=="%MachineTypeLine:32=%"  echo 32bit

结果:

  C:\>test.bat
  test.bat requires one parameter.
  This parameter is the path to a PE binary to check for compiled architecture.
  Ie. test.bat "C:\WINDOWS\Sytem32\notepad.exe"

  C:\>test.bat c:\windows\system.ini
  Not an executable file

  C:\>test.bat c:\bobs\yeruncle.exe
  c:\bobs\yeruncle.exe does not exist

  C:\>test.bat c:\windows\System32\notepad.exe
  64bit

  C:\>test.bat c:\windows\SysWOW64\notepad.exe
  32bit

它如何工作?

• 对于/F ，它运行命令并将发现的内容放入变量中.

  How does it work??

  • For /F runs a command and puts the things it finds into a variable.

    /F命令运行为 sigcheck ，但我将结果通过管道传送到 findstr 对我来说大部分解析.我们没有这样做，但是可以确定 很多 更容易，因为它只会给我包含" MachineType "

    The /F command run is sigcheck but I pipe the results to findstr to do most of the parsing for me. We don't HAVE to do it this way but it sure is a whole lot easier becuase it only gives me lines back that contain the word "MachineType"

    结果变量( ArchLine )看起来像(包括空格)

    The resulting variable (ArchLine) looks like (including the spaces)

        MachineType:    64-bit
    

    • 然后我使用字符串替换来告诉我要查找的内容是否在字符串中.这是一种破解，但可以.我将"64"替换为NOTHING并将其与原始字符串进行比较.如果字符串相同，则其中没有64个字符！

    祝你好运！

    这篇关于如何使用SigCheck的输出使用批处理进行条件陈述?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！