检测存档类型
我有一个没有扩展名的存档,我如何检测文件格式?
文件开头(截图):
文件开头(文字):
ef cd ab 19 14 00 05 00 08 00 1b 8c 2f 34 63 e3
f1 35 68 00 00 00 8c 00 00 00 09 00 00 00 49 4e
44 45 58 2e 53 59 53 90 77 a2 38 fc 2f 53 09 a9
df 40 2d 0f d5 8f 89 2e 2f a1 eb e2 2e a1 9a 02
39 5d ad 4c b1 cc ca e4 e4 ab 83 a6 ef 1d ab 1f
66 b5 fd 2b f5 81 aa 9d b4 19 34 52 f3 24 58 15
45 4a 38 4a c0 84 19 22 6b ad ef 28 e3 89 36 e7
aa e2 aa 64 dd 19 4b 5d 8b 38 7a 15 14 77 a2 7e
f4 e0 be ba f9 bd a3 e5 4e 54 12 c6 47 d6 cc ef
cd ab 19 14 00 05 00 08 00 f4 80 51 4c a4 35 50
85 b4 00 00 00 d9 00 00 00 08 00 00 00 49 4e 46
4f 2e 53 59 53 52 b4 68 91 65 88 05 26 da 72 0a
5f ce a3 8e 2a cc 6d a2 8f 9e 36 d6 fa f8 84 7d
43 0d 95 1b 7c 15 ee 3f ba 43 13 41 7f de 47 f1
3c a6 4f 45 e5 cc 0d 32 1b 7c 62 c2 8d d6 f1 f7
d8 f2 88 14 62 a1 ac 6e 96 e5 85 db bd 82 40 e4
83 a9 88 a8 90 26 89 fd aa b1 85 71 10 30 2a 2d
c2 ce e1 3c 13 4b 3c 13 13 60 e1 76 87 df c4 9b
ef 4f 2a c2 bd 74 14 de 42 d8 f2 77 a1 60 31 fb
72 ec 88 1e 41 72 3c de 2a f0 ac de a3 31 fb ee
11 30 1b f7 fb d8 3b 74 26 b2 56 46 03 a2 b3 7e
87 00 1b 6b 84 c3 ea ae be f0 0c 9c 2f 11 44 74
75 c9 2d 92 c1 ac 24 6a 31 ef cd ab 19 14 00 05
00 08 00 8d a9 47 32 08 85 79 7f f0 00 00 00 22
01 00 00 0c 00 00 00 51 4d 57 57 49 4e 4a 47 2e
1 个答案:
答案 0 :(得分:1)
对于初学者,您提供的数据中似乎有一种模式
C:\>grep -obUaP "\xef\xcd\xab\x19\x14\x00\x05\x00\x08\x00" bindata
0:ïI«↓¶ ♣
143:ïI«↓¶ ♣
361:ïI«↓¶ ♣
C:\>xxd -g 1 -l 10 -s 0 bindata & xxd -g 1 -l 10 -s 143 bindata & xxd -g 1 -l 10 -s 361 bindata
0000000: ef cd ab 19 14 00 05 00 08 00 ..........
000008f: ef cd ab 19 14 00 05 00 08 00 ..........
0000169: ef cd ab 19 14 00 05 00 08 00 ..........
这是0x19abcdef因为某些魔术签名可能是你可以从这里跟进
也似乎存在恒定偏移的文件名
C:\>xxd -g 1 -l 16 -s 30 bindata & xxd -g 1 -l 16 -s 173 bindata & xxd -g 1 -l 16 -s 391 bindata
000001e: 49 4e 44 45 58 2e 53 59 53 90 77 a2 38 fc 2f 53 INDEX.SYS.w.8./S
00000ad: 49 4e 46 4f 2e 53 59 53 52 b4 68 91 65 88 05 26 INFO.SYSR.h.e..&
0000187: 51 4d 57 57 49 4e 4a 47 2e QMWWINJG.
假设它是某种PKZIP xxd转储器似乎证实了?布局
echo off
set /a qwsize = 8
set /a dwsize = 4
set /a wsize = 2
set /a bsize = 1
set /a signature = %1
set /a version = %signature% + %dwsize%
set /a flags = %version% + %wsize%
set /a Compression = %flags% + %wsize%
set /a ModTime = %compression% + %wsize%
set /a ModDate = %ModTime% + %wsize%
Set /a Crc32 = %ModDate% + %wsize%
set /a CompressedSize = %Crc32% + %dwsize%
set /a UncompressedSize = %CompressedSize% + %dwsize%
set /a FileNameLength = %UncompressedSize% + %dwsize%
set /a ExtraFieldLength = %FileNameLength% + %wsize%
set /a filename = %ExtraFieldLength% + %wsize%
printf "%%20s" "signature " & xxd -g 4 -s %signature% -l %dwsize% bindata &^
printf "%%20s" "version " & xxd -g 2 -s %version% -l %wsize% bindata &^
printf "%%20s" "flags " & xxd -g 2 -s %flags% -l %wsize% bindata &^
printf "%%20s" "Compression " & xxd -g 2 -s %Compression% -l %wsize% bindata &^
printf "%%20s" "ModTime " & xxd -g 2 -s %ModTime% -l %wsize% bindata &^
printf "%%20s" "ModDate " & xxd -g 2 -s %ModDate% -l %wsize% bindata &^
printf "%%20s" "Crc32 " & xxd -g 4 -s %Crc32% -l %dwsize% bindata &^
printf "%%20s" "Compressed_Size " & xxd -g 4 -s %CompressedSize% -l %dwsize% bindata &^
printf "%%20s" "UncompressedSize " & xxd -g 4 -s %UncompressedSize% -l %dwsize% bindata &^
printf "%%20s" "File Name length " & xxd -g 2 -s %FileNameLength% -l %wsize% bindata &^
printf "%%20s" "Extra Field len " & xxd -g 2 -s %ExtraFieldLength% -l %wsize% bindata &^
printf "%%20s" "filename " & xxd -g 1 -s %filename% -l %qwsize% bindata
C:> dumpinxxd.bat 0
C:\>echo off
signature 0000000: efcdab19 ....
version 0000004: 1400 ..
flags 0000006: 0500 ..
Compression 0000008: 0800 ..
ModTime 000000a: 1b8c ..
ModDate 000000c: 2f34 /4
Crc32 000000e: 63e3f135 c..5
Compressed_Size 0000012: 68000000 h...
UncompressedSize 0000016: 8c000000 ....
File Name length 000001a: 0900 ..
Extra Field len 000001c: 0000 ..
filename 000001e: 49 4e 44 45 58 2e 53 59 INDEX.SY
C:> dumpinxxd.bat 143
C:\>echo off
signature 000008f: efcdab19 ....
version 0000093: 1400 ..
flags 0000095: 0500 ..
Compression 0000097: 0800 ..
ModTime 0000099: f480 ..
ModDate 000009b: 514c QL
Crc32 000009d: a4355085 .5P.
Compressed_Size 00000a1: b4000000 ....
UncompressedSize 00000a5: d9000000 ....
File Name length 00000a9: 0800 ..
Extra Field len 00000ab: 0000 ..
filename 00000ad: 49 4e 46 4f 2e 53 59 53 INFO.SYS
C:> dumpinxxd.bat 361
C:\>echo off
signature 0000169: efcdab19 ....
version 000016d: 1400 ..
flags 000016f: 0500 ..
Compression 0000171: 0800 ..
ModTime 0000173: 8da9 ..
ModDate 0000175: 4732 G2
Crc32 0000177: 0885797f ..y.
Compressed_Size 000017b: f0000000 ....
UncompressedSize 000017f: 22010000 "...
File Name length 0000183: 0c00 ..
Extra Field len 0000185: 0000 ..
filename 0000187: 51 4d 57 57 49 4e 4a 47 QMWWINJG
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?