#!/usr/bin/perl

# Author: PinkFreud / Mirkwood Networks <pf-bin *at* mirkwood.net>
#
# License: GPL

# Nifty things to search for:
# -x 1f8b0800    # gzip data (find compressed image in the linux kernel!)
# -x d0cf11e0a1b11ae1  # MS Word document (SirCam!)

# History:
# 0.0.0: Initial release (no version #)
# 0.0.1: Added quoting (\Q, \E) to the matching regexp
# 0.0.2: Changed open() call to 3 argument version to allow opening files with
#	 leading or trailing spaces
# 0.0.3: Added option to prefix output with filename

$version = 0.0.3;

while ($_ = shift) {
  /^-x$/  && do { $_=shift; $string=bin($_); $search{$_}=$string; next; };
  /^-s$/  && do { $_=shift; $string=$_; $search{$_}=$string; next; };
  /^-f$/  && do { $prefixfn = 1; next; };
  $file = $_;
}

exit 1 unless ($file && $string);
$prefix = "${file}: " if $prefixfn > 0;

# 3-argument version of open() allows for filenames with leading or trailing
# spaces
open (FILE, '<', $file) or die "Cannot read $file: $!\n";
binmode($file);    # Microsoft just HAS to be different...
while (read (FILE, $data2, 1024)) {
  $data = $data1 . $data2;

  for $ostring (keys(%search)) {
    $string = $search{$ostring};

    while ($data =~ /\Q$string\E/g) {
      $stringpos = pos($data) - length($string);
      if ($stringpos >= 0) {
        $pos = tell (FILE) - length ($data) + $stringpos;
        if ($pos ne $opos) {
          printf "${prefix}$ostring found at offset 0x%08x\n", $pos;
          $opos = $pos;
        }
      }
    }
  }
  $data1 = $data2;
}
close (FILE);


sub bin {
  # Turn all hex into chars
  my $string = $_[0];
  ($string) =~ s/([0-9a-f]{2})/chr(eval "0x$1")/eig;
  return $string;
}