In this article, I am sharing with you a small Python script that lets you detect if a file is an executable file and what platform the executable is targeting.
The following formats for 32 bits and 64bits processors are supported:
- Mach-O files: both regular and universal formats
- Windows PE files
- Linux ELF files
The script
#---------------------------------------------------------------------
EXEFLAG_NONE = 0x0000
EXEFLAG_LINUX = 0x0001
EXEFLAG_WINDOWS = 0x0002
EXEFLAG_MACOS = 0x0004
EXEFLAG_MACOS_FAT = 0x0008
EXEFLAG_32BITS = 0x0010
EXEFLAG_64BITS = 0x0020
# Keep signatures sorted by size
_EXE_SIGNATURES = (
("\x4D\x5A", EXEFLAG_WINDOWS),
("\xCE\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_32BITS),
("\xCF\xFA\xED\xFE", EXEFLAG_MACOS | EXEFLAG_64BITS),
("\xBE\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_32BITS | EXEFLAG_MACOS_FAT),
("\xBF\xBA\xFE\xCA", EXEFLAG_MACOS | EXEFLAG_64BITS | EXEFLAG_MACOS_FAT),
("\x7F\x45\x4C\x46\x01", EXEFLAG_LINUX | EXEFLAG_32BITS),
("\x7F\x45\x4C\x46\x02", EXEFLAG_LINUX | EXEFLAG_64BITS)
)
def get_exeflags(filepath):
try:
with open(filepath, "rb") as f:
buf = ""
buf_len = 0
for sig, flags in _EXE_SIGNATURES:
sig_len = len(sig)
if buf_len < sig_len:
buf += f.read(sig_len - buf_len)
buf_len = sig_len
if buf == sig:
return flags
except:
pass
return EXEFLAG_NONE
Continue reading “Detect executable format using Python”
Like this:
Like Loading...