Why is winrar extracting on c8/29/2023 ![]() Option B would be to parse the MZ header as described by Medinoc but then, instead of looking for a specific section in the PE header, calculate the total length of the NE or PE binary (Win16 self-extractors do exist, as created by tools like WinZIP 6.3 SR-1 and below) and skip it all. (To do it efficiently, use an algorithm like Aho-Corasick to search for all candidate strings in a single pass.)įor extra reliability, parse the MZ and NE or PE header to figure out how many bytes to skip to get past any potential matching strings within the EXE itself. (For Zip files, you can do that manually by using zip -A from Info-ZIP), so open the file and scan through, looking for valid RAR/Zip/etc. Option A would be to use the same approach archival tools use.Ī self-extracting archive is just a regular archive, concatenated onto an EXE file, with the offsets fixed up. ![]() The latter is good for calling in a human for a second opinion, for example.) ![]() The approach to take if you want to detect a self-extractor varies depending on whether you want to detect self-extractors within a known set of formats with 100% reliability or whether you want to detect unfamiliar self-extractors with less reliability.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |