pe-signature

1.0.0 • Public • Published

pe-signature

Test if buffer is a PE signature. As specified by Microsoft PE and COFF Specification 9.3 [doc], section 3.2:

After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is PE\0\0 (the letters "P" and "E" followed by two null bytes).

npm status node Travis build status AppVeyor build status Dependency status

usage

const psig = require('pe-signature')
 
const a = Buffer('PE\0\0')
const b = Buffer('PE\0\0xxx')
const c = Buffer('xxxPE\0\0')
 
console.log(psig.is(a))    // true
console.log(psig.is(b))    // false
console.log(psig.has(b))   // true
console.log(psig.is(c, 3)) // true

related

Use pe-signature-offset to get the position of the signature in a PE file:

const open = require('fs-maybe-open')
    , getOffset = require('pe-signature-offset')
    , fs = require('fs')
    , len = psig.length
 
function isPEFile (fdOrFile, done) {
  open(fdOrFile, 'r', function (err, fd, close) {
    if (err) return done(err)
 
    getOffset(fd, function (err, offset) {
      if (err) return close(done, err)
 
      fs.read(fd, Buffer(len), 0, len, offset, function (err, bytesRead, buf) {
        if (err) return close(done, err)
 
        close(done, null, psig.is(buf))
      })
    })
  })
}
 
isPEFile('chrome.exe', function (err, is) {
  if (err) throw err
  console.log(is) // true
})

install

With npm do:

npm install pe-signature

license

MIT © Vincent Weevers

Package Sidebar

Install

npm i pe-signature

Weekly Downloads

416

Version

1.0.0

License

MIT

Last publish

Collaborators

  • vweevers