pe-signature

Test if buffer is a PE signature. As specified by Microsoft PE and COFF Specification 9.3 ^[doc], section 3.2:

After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is PE\0\0 (the letters "P" and "E" followed by two null bytes).

usage

const psig = require('pe-signature')
 
const a = Buffer('PE\0\0')
const b = Buffer('PE\0\0xxx')
const c = Buffer('xxxPE\0\0')
 
console.log(psig.is(a))    // true
console.log(psig.is(b))    // false
console.log(psig.has(b))   // true
console.log(psig.is(c, 3)) // true

Use pe-signature-offset to get the position of the signature in a PE file:

const open = require('fs-maybe-open')
    , getOffset = require('pe-signature-offset')
    , fs = require('fs')
    , len = psig.length
 
function isPEFile (fdOrFile, done) {
  open(fdOrFile, 'r', function (err, fd, close) {
    if (err) return done(err)
 
    getOffset(fd, function (err, offset) {
      if (err) return close(done, err)
 
      fs.read(fd, Buffer(len), 0, len, offset, function (err, bytesRead, buf) {
        if (err) return close(done, err)
 
        close(done, null, psig.is(buf))
      })
    })
  })
}
 
isPEFile('chrome.exe', function (err, is) {
  if (err) throw err
  console.log(is) // true
})

install

With npm do:

npm install pe-signature

pe-signature

pe-signature

usage

related

install

license

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Last publish

Collaborators

pe-signature

pe-signature

usage

related

install

license

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Last publish

Collaborators

Weekly Downloads