#!/usr/bin/perl

# Author: PinkFreud / Mirkwood Networks <pf-bin *at* mirkwood.net>
#
# License: GPL

# Nifty things to search for:
# -x 1f8b0800    # gzip data (find compressed image in the linux kernel!)
# -x d0cf11e0a1b11ae1  # MS Word document (SirCam!)

# History:
# 0.0.0: Initial release (no version #)
# 0.0.1: Added quoting (\Q, \E) to the matching regexp

$version = 0.0.1;

while ($_ = shift) {
  /^-x$/  && do { $_=shift; $string=bin($_); $search{$_}=$string; next; };
  /^-s$/  && do { $_=shift; $string=$_; $search{$_}=$string; next; };
  $file = $_;
}

exit 1 unless ($file && $string);

open (FILE, $file) or die "Cannot read $file: $!\n";
binmode($file);    # Microsoft just HAS to be different...
while (read (FILE, $data2, 1024)) {
  $data = $data1 . $data2;

  for $ostring (keys(%search)) {
    $string = $search{$ostring};

    while ($data =~ /\Q$string\E/g) {
      $stringpos = pos($data) - length($string);
      if ($stringpos >= 0) {
        $pos = tell (FILE) - length ($data) + $stringpos;
        if ($pos ne $opos) {
          printf "$ostring found at offset 0x%08x\n", $pos;
          $opos = $pos;
        }
      }
    }
  }
  $data1 = $data2;
}
close (FILE);


sub bin {
  # Turn all hex into chars
  my $string = $_[0];
  ($string) =~ s/([0-9a-f]{2})/chr(eval "0x$1")/eig;
  return $string;
}