cybersecurity · beginner · ~15 min · safe pentest lab

Is it an MFT record?

Recognise the MFT record signature.

Challenge

NTFS MFT records start with the ASCII signature "FILE". Implement int is_mft_record(const unsigned char *b) returning 1 if the first four bytes are 'F','I','L','E', else 0.

Starter code

int is_mft_record(const unsigned char *b) {
    /* TODO */
    return 0;
}

Solve this exercise in the browser editor — compile and run against the test harness, no setup required.