Novell Home

Implementing a File Search Utility on NetWare

Novell Cool Solutions: Feature
By K.S Venkatram

Digg This - Slashdot This

Posted: 31 May 2002
 

Summary
There always has been (and most likely, always will be) a need to inventory products, applications, and files stored on NetWare servers. Utilities designed to help with the inventory process by searching for files based on intelligent patterns have proven to be extremely valuable to server administrators. A utility in this class would be even more valuable if it could overcome the limitations inherent in searching cross-platform files.

Table of Contents
Introduction
Technical Considerations
Portable Executable Format
Running WINVER.NLM
Projected Use and Output Results
Marketability
References

Introduction
Considering that one of the useful roles of a NetWare server is that of providing file services, scenarios where today's NetWare Administrators would find Microsoft's products on their servers is not uncommon. Windows applications, or for that matter most software, does embed version information into the respective binary file. Microsoft's Resource Editor supports embedding vendor name, product name, product version, copyright, and file version in a Windows binary (.EXE, .DLL etc) file. Similarly, Linkers for NetWare Loadable Modules (NLM) support associating a file version and copyright information with the respective NLM file.

Having agreed that there will be some version information in binary files, expectations to retrieve this version information programmatically are mostly met by companies publishing documentation about their respective binary formats. Interpreting the binary format is quite an intrinsic task, more so for cross-platform files. This article does attempt to do away with reservations in interpreting the file format of Windows (.EXE, .DLL) files. Microsoft has termed the file format for Windows applications as the "Portable Executable (PE) format" and also supports proprietary Win32 SDK APIs that can be used in Windows applications to retrieve resource-version information.

This article demonstrates the above by describing the implementation of a Windows File Search utility (WINVER). For interested readers, the ZENworks (ZEN stands for Zero Effort Networking) for Servers 3 Inventory product showcases retrieval of version information from Windows .EXE files on NetWare servers to report enhanced software inventory. For more information visit http://www.novell.com/products/zenworks/servers.

Technical Considerations
Considering that Windows files on a NetWare server are cross-platform in nature to any NetWare application, also added to this fact is that Microsoft's proprietary SDK does not provide APIs to run explicitly on the NetWare Operating System. This rules out the use of Microsoft's SDK to read version information from a Windows file in a NetWare application, but NLM developers need not lose heart as the same is achievable using regular ANSII C-APIs for memory and file I/O.

The WINVER utility described in this article is implemented as an NLM in the C-language and leverages official Microsoft documentation on the Portable Executable (PE) file format.

Microsoft's Portable Executable format
The Portable Executable (PE) file format has been designed for use by all Win32 operating systems (Windows NT/2000, Win 9x and Win32s). It is termed portable as implementations of Windows NT on platforms such as Intel 386, MIPS, Alpha, so on use the same executable format.

Overall layout of a PE file is illustrated to provide a view of the various components:

PE file LayoutComments
????????????????Remaining sections, COFF information and rest of layout
.relocSection holding table of base relocations for the loader
.edataSection containing information about the exported functions and data
.idataSection containing information about imported functions and data
.rsrcResources section that we are interested in
.CRTInitialized data section
.bssUn-initialized static and global variables section
.dataInitialized data section
.textDefault section for code
 Section table starts from here and is an array of IMAGE_SECTION_HEADERS
Data directory <<IMAGE_OPTIONAL_HEADER>>Part of IMAGE_NT_HEADERS
IMAGE_FILE_HEADERPart of IMAGE_NT_HEADERS
PE signaturePart of IMAGE_NT_HEADERS
DOS headerStart or Offset 0

To share some details of the PE file format we briefly touch on an explanation of some components. This article does not provide an elaborate explanation, as there are available references that do more justice to this task. For interested readers looking up the references is recommended.

PE Header: The PE Header contains information such as location, size of code and data areas, inclusive of the resource data. The header additionally includes details as to what Operating system and CPU this file is intended to be used with. It is necessary to devise an approach to traverse this header. Importantly some of the data structures to be used in the implementation can be found in Microsoft's Win32 SDK header file (WINNT.H).

Section Table: Between the PE Header and the raw data for the executables image section lies the section table. The sections in the image are sorted by their starting address instead of name. Immediately following the PE Header is an array of IMAGE_SECTION_HEADERS. The number of elements in the array is identified by IMAGE_NT_HEADERS ->IMAGE_FILE_HEADER ->Number of sections. The following code snippet illustrates section table traversal.

PE Resources: Among commonly encountered sections the ".rsrc" section contains the resources we are interested in. Speaking of resources, the typical resources for Windows applications are menus, dialogs, icons, String tables and version resources. Each of these resources has its own individual format. Retrieving information about a resource requires navigating the resource directory hierarchy in a manner like navigating for files on a hard disk. Navigating the resource directory includes traversal of a master directory (root directory) containing subdirectories. The subdirectories contain subdirectories of their own within which is present resource data. In the PE file, both the root directory and subdirectories are of type IMAGE_RESOURCE_DIRECTORY. Following the IMAGE_RESOURCE_DIRECTORY structure is an array of IMAGE_RESOURCE_DIRECTORY_ENTRY structures. A directory entry can either refer to a subdirectory (another IMAGE_RESOURCE_DIRECTORY) or to an IMAGE_RESOURCE_DATA_ENTRY. The IMAGE_RESOURCE_DATA_ENTRY entity describes the resource data embedded in the file. Successful navigation of the resource directory tree is necessary to reach the embedded version resource information we are interested in.

Running WINVER.NLM
The WINVER.NLM utility can be downloaded from the URL "http://www.novell.com/coolsolutions/tools/1404.html".

It can be run on NetWare servers later than or equal to v5.0. The WINVER.NLM can be pictured as a simple utility that takes as input a Windows file name and returns the version information embedded in it. This article does not include the intricacies involved in actually searching specific NetWare volumes or paths for Windows file matching.

To get information about supported command-line switches in WINVER.NLM, switch over to the NetWare System Console and type WINVER /?. The resulting display enumerates a list of options. Here's an explanation of some of the command-line switches:

  • /f - is compulsory, identifies the name (with full NetWare path) of the Windows file to be read by WINVER.NLM.
  • /m - when used with [1] identifies the nature of pattern matching, options are equals or contains, default nature is "equals" when switch /m is not specified.
  • /c - when used with [1] identifies the name of the vendor or company being searched for.
  • /p - when used with [1] identifies the name of the product being searched for.
  • /v - when used with [1] identifies the version of the product being searched for.

Projected Use and Output Results:
[1] WINVER /f sys:\winapps\SAMPLE.EXE, on success would display results such as:

****************************************************************
Windows File Name: SAMPLE.EXE,	Path: sys:\winapps
Windows version found:
	Company name: SAMPLE Corporation
	Product name: SAMPLE Application
	Product version: 1.0
	Copyright: Copyright @ 
****************************************************************

[2] WINVER /f sys:\winapps\SAMPLE.EXE /m contains /c SAMPLE, on success would display results such as:

****************************************************************
Windows File Name: SAMPLE.EXE,	Path: sys:\winapps
Pattern used: SAMPLE 		Pattern match: contains
Windows version found:
	Company name: SAMPLE Corporation
	Product name: SAMPLE Application
	Product version: 1.0
	Copyright: Copyright @ 
****************************************************************

[3] WINVER /f sys:\winapps\SAMPLE.EXE /p SAMPLE Application, on success would display results such as:

****************************************************************
Windows File Name: SAMPLE.EXE,	Path: sys:\winapps
Pattern used: SAMPLE Corporation 	Pattern match: equals
Windows version found:
	Company name: SAMPLE Corporation
	Product name: SAMPLE Application
	Product version: 1.0
	Copyright: Copyright @ 
****************************************************************

[4] WINVER /f sys:\winapps\SAMPLE.EXE /v 1.0, on success would display results such as:

****************************************************************
Windows File Name: SAMPLE.EXE,	Path: sys:\winapps
Pattern used: 1.0 			Pattern match: equals
Windows version found:
	Company name: SAMPLE Corporation
	Product name: SAMPLE Application
	Product version: 1.0
	Copyright: Copyright @ 
****************************************************************

Marketability
The market that exists for this kind of cross-platform pattern-based search utility is broadly storage administration, licensing and content management solutions for Windows applications on NetWare. These areas are still evolving and need the necessary innovation to scale manageability expectations.

Readers familiar with Novell Licensing Services (NLS) will recall that when using NetWare Administrator (NWADMIN) to create a license certificate for a Windows application, one needed to manually key in the vendor name, product name and product version associated with the application. Technologies similar to the one demonstrated in this article would help automate or simplify actions such as the above.

Also at the time of writing this article, the potential of integrating such a utility into the browser-based NetWare Remote Manager deserves mention. This means that the output of this utility need not remain local to a server. It could also be redirected as packets across the network to a remote management tool.

Conclusion
In conclusion, it can be stated that embedding version information into a software application, publishing documentation and accompanying APIs are thereon steps that render software application files to be more locatable and trusted entities.

References
[1] Microsoft Systems Journal Publication (issue dated January 1998).
[2] Microsoft's developer sites for freely down-loadable applications with source code like the PEDUMP utility and the DLGDUMP utility.
[3] A commercial book titled "Windows 95 System Programming secrets" by Matt Pietrek (special attention to be given to the chapter describing the Portable Executable file format).


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell