从二进制内容识别7z SFX [英] Recognize a 7z SFX from binary contents

问题描述

如何从其二进制内容识别7z SFX（自解压EXE）文件，是否有任何偏移从起始或特定字节寻找或两者？。

how it's possible to recognize a 7z SFX ( self extracting EXE ) File from its Binary contents , is there any offset to start from or specific bytes to look for or Both ?.

很感谢

推荐答案

Google是您的朋友。搜索7zip标题后的第一个结果。文档说这是7zip签名：

Google is your friend. First result after searching "7zip header". The documentation says this is the 7zip signature:

BYTE kSignature[6] = {'7', 'z', 0xBC, 0xAF, 0x27, 0x1C};

您应该读取文件的前6个字节。如果该6字节序列与上面的 kSignature 相同，那么该文件应该是一个7z。

You should read the first 6 bytes of the file. If that 6 byte sequence is the same as the kSignature above, then the file should be a 7z.

strong> EDIT ：我一直在GNU / Linux上尝试使用7z（实际上是SFX ELF文件，而不是PE）。我发现，在最后一块数据，7z签名实际上是存在。 Hexdump产生一个到字节数0x00057960的转储，签名位于这里：

EDIT: I've been trying stuff using 7z on GNU/Linux(which actually crates SFX ELF files, not PE). And i've found that on one of the last chunks of data, the 7z signature is actually present. Hexdump generates a dump up to the byte number 0x00057960, the signature is located here:

0x000578f0:  37 7a bc af 27 1c

0x37和0x7a分别是7和z。因此，在这种情况下，签名的偏移量为EOF - 112个字节。

0x37 and 0x7a are '7' and 'z' respectively. Therefore, in this case, the offset of the signature is at EOF - 112 bytes.

我建议您下载十六进制编辑器，创建SFX文件并测试此偏移在创建SFX 7z的每个应用程序中是否相同。记住，我在GNU / Linux上测试过，因此它可能在Windows上不同。

I'd recommend you to download a hex editor, create a SFX file and test whether this offset is the same in every application that creates SFX 7z. Remember that i've tested this on GNU/Linux, therefore it might be different on Windows.

这篇关于从二进制内容识别7z SFX的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！