1.0.0 • Published 7 years ago
pe-signature v1.0.0
pe-signature
Test if buffer is a PE signature. As specified by Microsoft PE and COFF Specification 9.3 doc, section 3.2:
After the MS-DOS stub, at the file offset specified at offset
0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature isPE\0\0(the letters "P" and "E" followed by two null bytes).
usage
const psig = require('pe-signature')
const a = Buffer('PE\0\0')
const b = Buffer('PE\0\0xxx')
const c = Buffer('xxxPE\0\0')
console.log(psig.is(a)) // true
console.log(psig.is(b)) // false
console.log(psig.has(b)) // true
console.log(psig.is(c, 3)) // truerelated
Use pe-signature-offset to get the position of the signature in a PE file:
const open = require('fs-maybe-open')
, getOffset = require('pe-signature-offset')
, fs = require('fs')
, len = psig.length
function isPEFile (fdOrFile, done) {
open(fdOrFile, 'r', function (err, fd, close) {
if (err) return done(err)
getOffset(fd, function (err, offset) {
if (err) return close(done, err)
fs.read(fd, Buffer(len), 0, len, offset, function (err, bytesRead, buf) {
if (err) return close(done, err)
close(done, null, psig.is(buf))
})
})
})
}
isPEFile('chrome.exe', function (err, is) {
if (err) throw err
console.log(is) // true
})install
With npm do:
npm install pe-signaturelicense
MIT © Vincent Weevers
1.0.0
7 years ago