从二进制内容识别7z SFX [英] Recognize a 7z SFX from binary contents
问题描述
如何从其二进制内容识别7z SFX(自解压EXE)文件,是否有任何偏移从起始或特定字节寻找或两者?。
how it's possible to recognize a 7z SFX ( self extracting EXE ) File from its Binary contents , is there any offset to start from or specific bytes to look for or Both ?.
很感谢
推荐答案
Google是您的朋友。搜索7zip标题后的第一个结果。文档说这是7zip签名:
Google is your friend. First result after searching "7zip header". The documentation says this is the 7zip signature:
BYTE kSignature[6] = {'7', 'z', 0xBC, 0xAF, 0x27, 0x1C};
您应该读取文件的前6个字节。如果该6字节序列与上面的 kSignature
相同,那么该文件应该是一个7z。
You should read the first 6 bytes of the file. If that 6 byte sequence is the same as the kSignature
above, then the file should be a 7z.
strong> EDIT :我一直在GNU / Linux上尝试使用7z(实际上是SFX ELF文件,而不是PE)。我发现,在最后一块数据,7z签名实际上是存在。 Hexdump产生一个到字节数0x00057960的转储,签名位于这里:
EDIT: I've been trying stuff using 7z on GNU/Linux(which actually crates SFX ELF files, not PE). And i've found that on one of the last chunks of data, the 7z signature is actually present. Hexdump generates a dump up to the byte number 0x00057960, the signature is located here:
0x000578f0: 37 7a bc af 27 1c
0x37和0x7a分别是7和z。因此,在这种情况下,签名的偏移量为EOF - 112个字节。
0x37 and 0x7a are '7' and 'z' respectively. Therefore, in this case, the offset of the signature is at EOF - 112 bytes.
我建议您下载十六进制编辑器,创建SFX文件并测试此偏移在创建SFX 7z的每个应用程序中是否相同。记住,我在GNU / Linux上测试过,因此它可能在Windows上不同。
I'd recommend you to download a hex editor, create a SFX file and test whether this offset is the same in every application that creates SFX 7z. Remember that i've tested this on GNU/Linux, therefore it might be different on Windows.
这篇关于从二进制内容识别7z SFX的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!