how it’s possible to recognize a 7z SFX ( self extracting EXE ) File from its Binary contents , is there any offset to start from or specific bytes to look for or Both ?.
many thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
how it’s possible to recognize a 7z SFX ( self extracting EXE ) File from its Binary contents , is there any offset to start from or specific bytes to look for or Both ?.
many thanks
Google is your friend. First result after searching “7zip header”. The documentation says this is the 7zip signature:
You should read the first 6 bytes of the file. If that 6 byte sequence is the same as the
kSignatureabove, then the file should be a 7z.EDIT: I’ve been trying stuff using 7z on GNU/Linux(which actually crates SFX ELF files, not PE). And i’ve found that on one of the last chunks of data, the 7z signature is actually present. Hexdump generates a dump up to the byte number 0x00057960, the signature is located here:
0x37 and 0x7a are ‘7’ and ‘z’ respectively. Therefore, in this case, the offset of the signature is at EOF – 112 bytes.
I’d recommend you to download a hex editor, create a SFX file and test whether this offset is the same in every application that creates SFX 7z. Remember that i’ve tested this on GNU/Linux, therefore it might be different on Windows.